Enterprise-class Configuration Management: Introducing Tanium Enforce

8.5.2020 | Tim Mintner

When policy management tools like Active Directory Group Policy were created over 20 years ago, the primary endpoint computing device was something that employees came into an office to use and was expected to always be on the network.

Back then, organizations were standing up Active Directory (AD) for the first time and had high hopes that they could continue managing a single domain or a single AD forest. But times have changed.

Today, employees are working from home, a large number of machines are not joined to an AD domain, infrastructure-as-a-service (IaaS) has redirected servers to the cloud and organizations deploy multiple AD domains and forests driven from organic and inorganic growth.

The endpoint landscape is evolving faster than most underlying tools can keep pace with. Organizations are either not managing policy on endpoints at all or are deploying multiple point tools to get the job done.

Unified policy configuration management

There is a new solution for organizations that want to simplify and centralize policy management of end user computing devices to help eliminate and mitigate vulnerabilities and business risk – Tanium Enforce.

Tanium Enforce was developed to address the complexity of the endpoint landscape, further extending the Tanium platform and architecture to manage devices regardless of where they exist through a single interface.

Improve IT efficiency

Tanium Enforce allows organizations to improve IT efficiency through simple, automated and centralized policy management at scale, across the environment.

This means that a single tool can manage policy across on-premises, cloud-based, domain-joined, non-domain-joined and work-from-home endpoints. Even organizations with the most complicated AD environment can quickly manage their policy settings in one place, saving time and driving IT efficiency.

Reduce complexity and cost

In addition to setting policies, Enforce can centrally report and verify if the policies have been applied. Many policy management solutions will push a policy and then hope it is implemented correctly due to the lack of centralized reporting. Enforce is a combination of mobile device management (MDM) technologies along with the Tanium Client to not only configure policy settings but provide centralized reporting on their effectiveness.

Tanium Enforce builds upon Tanium’s Unified Endpoint Management and Security (UEM and UES) platform that allows organizations to make confident decisions, operate efficiently and reduce risk by identifying, measuring, prioritizing and executing actions on manageable endpoints in your environment, regardless of location – remote, on-premises or in the cloud.

Mitigate even more risk

Enforce will be replacing Tanium Protect in our product lineup while continuing to build upon its existing feature set. Tanium Protect was originally built to configure a limited number of policies for security features such as Applocker, Bitlocker and Windows Defender. With the launch of Enforce, we have extended our ability to configure even more, including administrative and system policies – over 5,000 security and configuration settings – all within the same Tanium console.

To learn more about Tanium Enforce, please visit https://www.tanium.com/products/tanium-enforce/


Interested in seeing Tanium in action? Schedule a one-to-one demo or talk to our Tanium experts at our upcoming events.