Enforcing policies

You can enforce a policy from three different places in Enforce:

  • The Enforcements tab of the Policy Configurations page
  • The Policies tab of the Policy Configurations page
  • When you click on a policy to view it

Create enforcements

Create an enforcement from the Enforcements tab of the Policy Configurations page

  1. From the Enforce menu, click Policy Configurations, click the Enforcements tab if needed, and then click Create Enforcement.
  2. Enter a name for the enforcement and select a policy.
  3. See Complete the enforcement creation to continue creating the enforcement.

Create an enforcement from the Policies tab of the Policy Configurations page

  1. From the Enforce menu, click Policy Configurations and then click the Policies tab if needed.
  2. Select a policy and then click Action > Enforce.
  3. Enter a name for the enforcement.

    The policy that you selected is automatically populated in the Policy field.

  4. See Complete the enforcement creation to continue creating the enforcement.

Create an enforcement from an individual policy

  1. From the Enforce menu, click Policy Configurations and then click the Policies tab if needed.
  2. Click on the policy to be enforced and then click Enforce .
  3. Enter a name for the enforcement.

    The policy that you selected is automatically populated in the Policy field.

  4. See Complete the enforcement creation to continue creating the enforcement.

Complete the enforcement creation

  1. In the Target section, click Select Computer Groups and choose a group that was defined in the Administration section of the Tanium Console. See Tanium Platform User Guide: Managing Computer Groups. To search for a group, type the first few letters of the group into the search field.

    You might not have access to all computer groups that appear in the target list. Click All and Available in the target window to see every computer group or only the ones that you have permissions to view. Additionally, rules might limit your access to computers within the groups you select. For more information, see Role-based access control and configuration visibility.

  2. (Optional) Additionally choose a limiting group:
    • Specify Individual Endpoints: Enter or paste a comma-separated list of computer names into the Computer Names field. This list must be no longer than 50 computers.
    • Ask a Question: Enter a filter question.
    • Define a Rule: Add rows and groupings to build a filter.
  3. In the Preview section, review the computers that you want to target.
  4. (Optional) In the Schedule section, select Start Time and End Time options for the enforcement.
    • Select Run now or Custom to schedule a start time.
    • Select Never or Custom to schedule an end time if you want the policy enforcement to expire after a certain time frame. For example, allow writing to removable drives for only a finite period of time.
  5. (Optional) For remediation policies, you can also select and set the following options:
    • Repeat: Specifiy how often enforcement actions are reissued. By default, enforcement actions are reissued every hour. The minimum allowed value for this field is 10 minutes. The default is 1 hour.
    • Distribute Over Time: Control whether endpoints apply enforcements the moment they receive the action (immediate) or at unique moments within the saved action interval (diffused). Diffusing enforcements over time can help prevent a surge in network traffic in exchange for a slower time to compliance.
  6. Click Create to create the enforcement.

To un-enforce or remove a policy from an endpoint, delete the enforcement. For more information, see Remove an enforcement.

To view the status of an enforcement on the Enforcements tab of the Policy Configurations page, click the arrow next to an enforcement to expand the status information. You can also view the status information in the Summary section of the enforcement details page. For more information about each enforcement state, see Enforcement.

View enforcements

From the Enforce menu, click Policy Configurations and click the Enforcements tab if needed.

Filter results

From the enforcement Endpoints section, you can filter results by items such as computer name, operating system, operators (contains or does not contain), and plain text. You can also add additional rows and groupings to the filter.

For more information about filtering and merging question results, see the Tanium Interact User Guide: Managing question results.

Remove an enforcement

From the list of enforcements, select one or more enforcements and click Delete . You can also click on an individual enforcement and then click Delete .