Using best practices with policies

Anti-malware policies

In order for Anti-malware policies to be enforced correctly, you must enable Managed Definitions to deploy Microsoft anti-malware definitions through Tanium. If your endpoints have Windows 7 or older, enable SCEP. (Settings > Anti-Malware)

Firewall rules

With Enforce, do not manage Windows Firewall with Group Policy Management Editor. In order for firewall policies created under Enforce to take effect, the Group Policy Firewall setting must be set to Not configured.