Installing Enforce

Tanium as a Service automatically handles module installations and upgrades.

Use the Tanium Solutions page to install Enforce and choose either automatic or manual configuration:

  • Automatic configuration with default settings: (supported on Tanium Core Platform 7.4.2 or later only) Enforce is installed with any required dependencies and other selected products. After installation, the Tanium Server automatically configures the recommended default settings. This option is the best practice for most deployments. For more information about the automatic configuration for Enforce, see Import and configure Enforce with default settings.
  • Manual configuration with custom settings: After installing Enforce, you must manually configure required settings. Select this option only if Enforce requires settings that differ from the recommended default settings. For more information, see Import and configure Enforce with custom settings.

Before you begin

Import and configure Enforce with default settings

To import Enforce and configure default settings, be sure to select the Apply Tanium recommended configurations check box while performing the steps under Tanium Console User Guide: Manage Tanium modules. After the import, verify that the correct version is installed: see Verify Enforce version.

When you import Enforce with automatic configuration, the following default settings are configured:

  • The Enforce service account is set to the account that you used to import the module.
  • The Enforce action group is set to the computer group All Computers.
  • The Enforce tools group is set to All Computers.

Import and configure Enforce with custom settings

To import Enforce without automatically configuring default settings, be sure to clear the Apply Tanium recommended configurations check box while performing the steps under Tanium Console User Guide: Manage Tanium modules. After the import, verify that the correct version is installed: see Verify Enforce version.

(Re-imports only) Do not use Enforce until the re-import process finishes. Otherwise, you might lose work still in progress.

  1. Sign in to the Tanium Console using an account with Administrator privileges.
  2. From the Main menu, click Administration > Configuration > Solutions.
  3. Click Import X.X (where X.X is the current module version number) under Enforce. Enforce is a Tanium licensed solution. If it does not appear on the Tanium Modules page, contact your Technical Account Manager (TAM).
  4. If you are prompted, click Proceed with Import. Enter your credentials.

After the installation and configuration process completes, you see the message Import completed successfully, and Enforce appears in the Main menu.

Set service account

An Enforce service account user must be created and then configured within Enforce to configure policies and enforcements. This user must have the following role and access configured:

  • Administrator or Policy Administrator role

From the Enforce Settings page, in the General section, enter the Tanium credentials and click Save.

For more information about Enforce privileges, see User role requirements.

Change Endpoint Status Report Settings

Click Settings from the Enforce menu and go to General to change the following settings that govern how you can use Enforce to interact with endpoints:

Question Completion Percentage

This setting specifies what percentage of endpoints must respond to the question before the question is considered complete. If questions take a long time to complete in your Tanium environment, you might want to lower the percentage in this setting. By default, Question Completion Percentage is set to 85%.

Reissue Action Interval

This setting specifies how often Protect enforcement actions are reissued. By default, enforcement actions are reissued every hour. The minimum allowed value for this field is 10 minutes.

Distribute Over Time

This setting controls whether endpoints apply enforcements the moment they receive the action (Immediate) or at unique moments within the saved action interval (Diffused). Diffusing enforcements over time can help prevent a surge in network traffic in exchange for a slower time to compliance. The default setting for Distribute Over Time is 0 where all enforcements are deployed at once.

Manage dependencies for Tanium solutions

When you start the Enforce workbench for the first time, the Tanium console ensures that all of the required dependencies for Enforce are installed at the required version. You must install all required Tanium dependencies before the Enforce workbench can load. A banner appears if one or more Tanium dependencies are not installed in the environment. The Tanium Console lists the required Tanium dependencies and the required versions.

  1. From the Main menu, go to Administration > Configuration > Solutions.
  2. Select the required solutions, click Import Selected, and then click Begin Import. When the import is complete, you are returned to the Tanium Solutions page.
  3. From the Main menu, go to Modules > Enforce to open the EnforceOverview page after you import all of the required Tanium dependencies.

Upgrade Enforce

For the steps to upgrade Enforce, see Tanium Console User Guide: Manage Tanium modules. After the upgrade, verify that the correct version is installed: see Verify Enforce version.

Verify Enforce version

After you import or upgrade Enforce, verify that the correct version is installed:

  1. Refresh your browser.
  2. From the Main menu, click Show Enforce to open the Home page.
  3. To display version information, click Info Info.

What to do next

See Getting started for more information about using Enforce.