Performing as-needed maintenance

The following sections describe tasks you must perform at intervals that vary based on conditions in your Tanium environment or based on the policies of your organization.

Rotate certificates for Tanium Console, Module Server, and API access

Transport Layer Security (TLS) certificates secure connections to the Tanium Server, Module Server, and Tanium solution services for Tanium user and solution operations. For example, the SOAPServer.crt certificate secures user access to the Tanium Server for Tanium Console or API activities. If your organization has a certificate rotation policy, replace the TLS certificates at the intervals that the policy specifies. See Tanium Console User Guide: Managing SSL/TLS certificates.

Update or re-install Tanium Clients

Perform the following tasks as needed if you use Mac Device Enrollment.

Specify different Tanium Client version to install

You can specify to install the latest Tanium Client version, if the client has been updated after the initial tenant creation. You can specify a different Tanium Client version to install than was specified during the initial tenant creation. After you specify the latesta different client version, you must complete the request file sharing process again.

  1. (Optional) Update the client configuration in Tanium Client Management that supports macOS. For information, see Create a client configuration.

    If you want to install the latest client version and the initial client configuration specified the Latest version, skip this step. If you want to install a specific version, update the version in the client configuration.

  2. From the Main menu, go to Administration > Shared Services > Mac Device Enrollment.
  3. From the Mac Device Enrollment menu, click Configuration.
  4. For MDM Tenant, click Configure > Edit Details.
  5. From the Client Configuration dropdown list, select the updated Tanium Client Management client configuration.
  6. Click Update Client VersionDownload File and provide the downloaded request file along with a request to update your Tanium Client installer image to Tanium Support.

    Your support representative uploads the request file to the Tanium MDM Cloud to update the Tanium Client installer image.

Install Tanium Client on devices after enrollment

The Tanium Client is installed on devices as part of both the automated device and user-assisted enrollment. If necessary, you can re-install or upgrade the Tanium Client on a device without re-enrolling the device.

For example, you might re-install the client to troubleshoot issues or you might upgrade to the latest client version as a best practice. For guidance about client upgrade frequency, see Tanium Client Management User Guide: Review and upgrade Tanium Client versions.

You can install the Tanium Client version specified for your tenant in the Tanium MDM Cloud. To change this version, see Specify different Tanium Client version to install.

  1. From the Mac Device Enrollment menu, click Data Explorer.
  2. Select one or more devices and click Install Tanium Client.

    Confirm the client version that Tanium will install.

Review and update Patch block lists

Review Patch block lists and, if necessary, update them:

  1. Go to Modules > Patch > Block Lists and review the block lists.
  2. Expand Expand each block list that has one or more Targets (computer groups) and verify that the list is Enforced. If a list is Unenforced on endpoints or some endpoints have an Old Version, click the percentage (number) of affected endpoints to analyze the data in Interact.
  3. Edit, create, or delete block lists if necessary to resolve issues. See Tanium Patch User Guide: Managing patches.