Configuring Enforce

The following settings are configured by default:

  • The Enforce action group is set to the All Computers computer group.
  • Enforce tools are deployed to endpoints.

Configure service account

The service account is a user that runs several background processes for Enforce. This user requires the following roles and access:

  • Tanium Administrator role

  • If you installed Tanium Client Management, Endpoint Configuration is installed, and by default, configuration changes initiated by the module service account (such as tool deployment) require approval. You can bypass approval for module-generated configuration changes by applying the Endpoint Configuration Bypass Approval permission to this role and adding the relevant content sets. For more information, see Tanium Endpoint Configuration User Guide: User role requirements.

For more information about Enforce permissions, see User role requirements.

  1. From the Main menu, go to Modules > Enforce to open the Enforce Overview page.
  2. Click Settings and then click General.
  3. Update the service account settings and click Save.

Configure Enforce action group

By default, the Enforce action group is set to the All Computers. You can update the action group if needed.

  1. From the Main menu, go to  Administration > Actions > Action Groups.
  2. Click Tanium Enforce to update the action group and then click Save.