Succeeding with Enforce

Follow these best practices to achieve maximum value and success with Tanium Enforce. These steps align with the key benchmark metrics: Provide visibility into the number of systems managed by Enforce, provide visibility of policy health across enterprise, provide visibility of hard drive encryption status across enterprise, provide visibility of antivirus status across enterprise, and provide visibility of host firewall status across enterprise.

Step 1: Gain organizational effectiveness

Complete the key organizational governance steps to maximize Enforce value. For more information about each task, see Gaining organizational effectiveness.

Develop a dedicated change management process.

Define distinct roles and responsibilities in a RACI chart.

Track Enforce maturity.

Validate cross-functional organizational alignment.

Step 2: Install modules and set up Enforce

Create computer groups that will be used to target Enforce policies.

Configure the Enforce service account.

Configure the End-User Notifications shared service.

Configure the Direct-Connect shared service.

Set the action groups for shared services.

Set the action group for Enforce.

Ensure Enforce tools have been deployed.

Step 3: Step 2: Plan Policies

Define criteria for basic testing groups. This could be part of the computer groups you set previously.

Define success criteria and time-lines for testing, as well as procedures for how to continue testing if failures occur.

Define a production rollout. How you will target endpoints? Will it be a phased rollout or a rollout to all production at once?

Step 4: Step 3: Create policies: General

Configure general policy types. (Any policy not related to antivirus, disk encryption, or host firewall)

Create a new policy.

Select policy items required by a specific policy, whether it be a corporate policy, USGCB, DISA STIG, SOX, HIPA, etc.

Add and configure policy items.

Enforce the policy on computer group or user group targets.

Verify the policy enforcement status reports as Enforced.

Step 5: Step 4: Create policies: Anti-malware

Configure anti-malware policies. (Defender)

Create a new anti-malware policy type.

Ensure the Deploy definition updates using Tanium box is checked. This will enable the automatic definition feature.

Define settings based on policy requirements.

Be sure to select the Create exclusions for Tanium processes check box in the Exclusions section.

Enforce the policy on computer group or user targets.

Verify policy enforcement status reports as Enforced.

View Trends reports.

Step 6: Step 5: Create policies: Device control

Configure device control policies

Create a new device control policy type (removable storage and all devices).

Import existing device classes from your environment using the sensor import function.

Add desired device hardware IDs to be allowed.

Enforce the policy on computer group or user targets.

Verify policy enforcement status reports as Enforced.

View Trends reports.

Step 7: Step 6: Create policies: Disk encryption

Configure disk encryption policies. (BitLocker)

Ensure shared service requirements are installed and configured. (Direct Connect and End-User Notifications)

Back up the Key Encryption Key (KEK).

Create the encryption policy and define settings based on policy requirements. If migrating from another BitLocker management solution, see Making the Switch to Tanium Enforce: Better BitLocker Configuration and Recovery Key Management for details.

Enforce the policy on computer group or user targets.

Verify policy enforcement status reports as Enforced. This number should grow over time as endpoints come online and hard drives are encrypted, which takes a variable amount of time to complete based on the size of the hard drive and the encryption algorithm used.

View Trends reports.

Step 8: Step 7: Create policies: Host firewall

Create a new Windows firewall policy.

Configure the policy and define rules per operational and/or policy requirements.

Enforce the policy on computer group or user targets.

Verify policy enforcement status reports as Enforced.

View Trends reports.

Step 9: Step 8: Create policies: Machine administrative templates

Create a new Machine administrative template policy.

Configure the policy and define rules per operational and/or policy requirements.

Enforce the policy on computer group or user targets.

Verify policy enforcement status reports as Enforced.

View Trends reports.

Step 10: Step 9: Check Enforce health

Check Defender definition status. Is Enforce downloading definition files as it should?

Ensure endpoint encryption prerequisites are installed.

Check for any warning banners at the top of the workbench.

Step 11: Step 10: Monitor Enforce metrics

From the Trends menu, click Boards and then click Enforce to view the Enforce Coverage Status, Host Firewall Enabled, Enforce Tools Installation, Installed Tools Versions, and Policy Enforcements panels.

Monitor and troubleshoot Enforce coverage status (% of total).

Monitor and troubleshoot policy enforcement status (% of total)

Monitor and troubleshoot host firewall status on endpoints.

Monitor and troubleshoot disk encryption status on endpoints.

Monitor and troubleshoot antivirus status on endpoints.