Succeeding with Enforce

Follow these best practices to achieve maximum value and success with Tanium Enforce. These steps align with the key benchmark metrics: Provide visibility into the number of systems managed by Enforce, provide visibility of policy health across enterprise, and provide visibility of host firewall status across enterprise.

Step 1: Gain organizational effectiveness

Develop a dedicated Change management process.

Define distinct roles and responsibilities in a RACI chart.

Track Enforce maturity.

Validate cross-functional Organizational alignment.

Step 2: Plan Policies

Define criteria for basic testing groups. This could be part of the computer groups you set previously.

Define success criteria and time-lines for testing, as well as procedures for how to continue testing if failures occur.

Define a production rollout. How you will target endpoints? Will it be a phased rollout or a rollout to all production at once?

Step 3: Create policies: General

Configure general policy types.

Create a new policy.

Select policy items required by a specific policy, whether it be a corporate policy, USGCB, DISA STIG, SOX, HIPA, etc.

Add and configure policy items.

Enforce the policy on computer group or user group targets.

Verify the policy enforcement status reports as Enforced.

Step 4: Create policies: Anti-malware

Configure anti-malware policies. (Defender)

Create a new anti-malware policy type.

Ensure the Deploy definition updates using Tanium box is checked. This will enable the automatic definition feature.

Define settings based on policy requirements (i2).

Be sure to select the Create exclusions for Tanium processes check box in the Exclusions section.

Enforce the policy on computer group or user targets.

Verify policy enforcement status reports as Enforced.

View Trends reports.

Step 5: Create policies: Host firewall

Create a new Windows firewall policy.

Configure the policy and define rules per operational and/or policy requirements.

Enforce the policy on computer group or user targets.

Verify policy enforcement status reports as Enforced.

View Trends reports.

Step 6: Create policies: Machine administrative templates

Create a new Machine administrative template policy.

Configure the policy and define rules per operational and/or policy requirements.

Enforce the policy on computer group or user targets.

Verify policy enforcement status reports as Enforced.

View Trends reports.

Step 7: Check Enforce health

Check Defender definition status. Is Enforce downloading definition files as it should?

Step 8: Monitor Enforce metrics

From the Trends menu, click Boards and then click Enforce to view the Enforce Coverage Status, Host Firewall Enabled, Enforce Tools Installation, Installed Tools Versions, and Policy Enforcements panels.

Monitor and troubleshoot Enforce coverage status (% of total).

Monitor and troubleshoot policy enforcement status (% of total)

Monitor and troubleshoot host firewall status on endpoints.