Skip to content

Tanium Enforce

Unified policy configuration management at scale.

Tanium Enforce allows organizations to simplify, centralize and unify policy management of end-user devices. This helps eliminate and mitigate vulnerabilities and business risk.

Configuring devices should be simple and effective

With unparalleled speed, scale and breadth, Tanium Enforce can manage Windows policy settings including more than 5,000 device security and configuration settings.

Improve IT efficiency

Simple, automated and centralized policy management at scale, across your devices.

Mitigate risk and decrease the attack surface

Quickly and continuously monitor configurations across endpoints to maintain a strong security posture.

Reduce IT cost and complexity

Eliminate configuration policy management point solutions and consolidate on a single platform.

Windows policy management

Centrally manage Windows policies for client and server operating systems throughout your organization, at scale. Employ modern management capabilities with Windows 10 MDM functionality and Windows Administrative Policies.


Device and removable storage control

For endpoint security, establishing access restrictions for devices and removable storage is a key step. Tanium Enforce can control which devices have read or write access while also restricting which devices can connect to an endpoint.

Firewall management

Effective endpoint firewall management requires dynamic, micro-segmentation of an organization’s endpoints. Help ensure only approved processes and applications communicate on trusted ports, preventing a single compromised machine from spreading malware throughout a computing environment.


Antivirus management

Windows 10 introduced many built-in protections, including a full-featured antivirus (AV) tool – Windows Defender. But organizations struggle to manage Defender at scale and instead augment with third-party AV tools, creating complexity. With Tanium Enforce, leverage native AV capabilities by completely managing and configuring Defender across the organization.

Drive encryption

Encrypting data at rest is essential if endpoints were lost, stolen or inappropriately decommissioned. Tanium Enforce can manage native OS drive encryption offered by Apple FileVault and Microsoft BitLocker by completely configuring and enforcing endpoint encryption policies. Obtain real-time reporting on encryption status, key escrow and self-service recovery.


Tanium value metrics

Through comprehensive and real-time analytical insights about their devices, Tanium helps organizations measurably improve IT hygiene, employee productivity and operational efficiencies while reducing risk, complexity and costs.

Enforce coverage (% of total endpoints)

How many endpoints are managed? Percent of total endpoints managed closes coverage gaps, helping to ensure policies are enforced.

Verified enforcement per policy (% of total endpoints)

Are your endpoint policies being enforced? Percent of verified enforcement per policy helps to ensure compliance standards are continuously met.

Security controls enabled

What’s the status of disk encryption, antivirus, and host firewalls? Continuously monitoring for activation of these technologies improves security, reduces disruption and mitigates risk.

The Power of Certainty™

Experience complete visibility over all your endpoints and perform large-scale actions within minutes from the cloud, right now.