Free AWS Course for AWS Certified Cloud Practitioner (CLF-C01) Start Now!!
FREE Online Courses: Click, Learn, Succeed, Start Now!
Thus, in today’s article, we will teach our audience about Azure’s Endpoint Configuration. So, let us begin.
What is Azure Endpoint Configuration?
Microsoft Endpoint Configuration Manager assists IT in managing PCs and servers by keeping software up to date, establishing configuration and security policies, and monitoring system status while providing employees with access to corporate applications on the devices of their choice.
Configuration Manager’s new features, such as support for Windows 10 in-place upgrades, co-management with Microsoft Intune, a Windows 10 and Office 365 ProPlus Servicing Dashboard, integration with Windows Update for Business, and more, make deploying and managing Windows easier than ever.
Currently, the running edition is Microsoft Endpoint Configuration Manager (Current Branch – version 2103) | 32-bit and 64-bit
Below is the list of supported languages:
- Chinese (Simplified)
- Chinese Traditional (Taiwan)
- Czech, Dutch, English
- French
- German
- Hungarian
- Italian
- Japanese
- Korean
- Polish
- Portuguese (Brazil)
- Portuguese (Portugal)
- Russian
- Spanish
- Swedish
- Turkish
Requirements
Tanium Client Management comes with Endpoint Configuration installed. Before installing Client Management and using Endpoint Configuration, go over the prerequisites.
1. Dependencies on the core platform
Ascertain that your environment satisfies the following criteria:
7.3.314.4250 or later Tanium Core Platform servers
2. TaniumTM Client:
Any version of Tanium Client that is supported. See Tanium Client Management User Guide: Tanium Client Versions for a list of supported Tanium Client versions for each OS. Requirements for the client and the host system
Certain product features may not be available if you use a client version that is not listed, and stability issues may arise that can only be remedied by upgrading to one of the listed client versions.
Technology is evolving rapidly!
Stay updated with DataFlair on WhatsApp!!
Some Tanium products, such as Tanium Endpoint Configuration, may require a higher client version to manage the deployment of configuration updates.
3. Dependencies of computer groups
Only the All Computers computer group is required for Endpoint Configuration.
If limited targeting is disabled while importing Client Management. Set the Endpoint Configuration action group to All Computers by default.
Set the Endpoint Configuration action group to target the All Computers computer group before employing any modules if you use limited targeting to target the No Computers filter group.
Contact Tanium Support if you have endpoints with operating systems that aren’t supported by Endpoint Configuration.
(Only with Tanium Core Platform 7.4.5 or later) Before importing Client Management, you may set the Endpoint Configuration action group to target the No Computers filter group by enabling limited targeting.
Endpoint Configuration will not automatically deploy tools to endpoints if this option is enabled. Tanium Console User Guide: Managing Action Groups explains how to set up an action group. See Tanium Console
User Guide: Dependencies, Default Settings, and Tools Deployment for information on how to enable or disable limited targeting.
Before utilizing any modules, make sure you set the Endpoint Configuration action group to target the proper endpoints (usually All Computers) if you use limited targeting to target the No Computers filter group.
Configure the Endpoint Configuration action group for more information. Endpoints that are not targeted by the Endpoint Configuration action group cannot receive configurations or tools from modules.
To govern the deployment of settings or tools, use the proper targeting groups within modules.
4. Dependencies in the Solution
For specific Endpoint Configuration features to work, other Tanium solutions are necessary. The installation method you choose influences whether the Tanium Server imports dependencies automatically or if you must manually import them.
Ensure that each module that uses Endpoint Configuration is updated to a version that was released after Endpoint Configuration support was added.
Do not utilize the Initial Content – Python solution to deploy Python to endpoints that support Endpoint Configuration after Endpoint Configuration has been deployed (see Endpoints).
Tanium suggested that the installation be done.
When you import Endpoint Configuration and choose Tanium Recommended Installation, the Tanium Server imports all of your licenced solutions at the same time.
The Tanium Console User Guide can be found here: All modules and services should be imported.
5. Import custom solutions
If you merely want to import Endpoint Configuration, you’ll have to explicitly import dependencies. Import, re-import, or update individual solutions in the Tanium Console User Guide.
6. Dependencies on specific features
At the given minimum versions, Endpoint Configuration has the following feature-specific dependencies:
Endpoint Configuration audit logs as a connection source require Tanium Connect 5.9 or later.
Note: Some Endpoint Configuration dependencies have their own dependents, which may be found by clicking the links in the Endpoint
Configuration requirements and Feature-specific dependencies lists.
It’s worth noting that the links open the user guides for the most recent version of each solution, not necessarily the minimum version required by Endpoint Configuration.
7. Module Server Tanium
On the Module Server host machine, Endpoint Configuration is installed and executed as a service. The Module Server’s impact is low and is dependent on usage.
Azure Endpoints
1. Supported operating systems
The following is the list of endpoint operating systems supported with Endpoint Configuration.
| Operating System | Version | Notes |
| Windows | Minimum of Windows 7 SP1 or Windows Server 2008 R2 SP1 is required. | |
| macOS | Similar to Tanium Client support. Refer Tanium Client Management User Guide: Client version and host system requirements. | |
| Linux | Similar to Tanium Client support. Refer Tanium Client Management User Guide: Client version and host system requirements. | |
| AIX | Minimum AIX 7.1.4 is required. | The IBM XL C++ runtime libraries file is set to (xlC.rte), version 16.1.0.0 or further, and the IBM LLVM runtime libraries file (libc++.rte)should also be installed. For installation instructions, Refer Tanium Client Management User Guide: Deploy the Tanium Client to AIX endpoints using a package file. |
| Solaris | Similar to Tanium Client support. Refer Tanium Client Management User Guide: Client version and host system requirements. |
2. Host and network security requirements
Ports
The following ports are essential for Endpoint Configuration communication.
| Source | Destination | Port | Protocol | Purpose |
| Module Server | Module Server (loopback) | 17499 | TCP | It is used for internal communication which is required for Endpoint Configuration
The following port is used with the loopback interface which does not require a firewall rule. |
3. Security Extension
Tanium suggests that a security administrator define exclusions to allow Tanium processes to operate without hindrance if security software is used in the environment to monitor and stop unfamiliar host system processes.
The way these exclusions are set up differs by antivirus programme. See Tanium Core Platform Deployment.
Reference Guide: Host system security exclusions for a list of all security exclusions to define across Tanium.
| Endpoint Configuration security exclusions | |||
| Target Device | Notes | Exclusion Type | Exclusion |
| Module Server | Process | <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe | |
4. User role Requirements
| Permission | Endpoint Configuration Administrator | Endpoint Configuration Approver | Endpoint Configuration Read Only User | Endpoint Configuration Service Account | Endpoint Configuration Service Account Read All Sensors |
| Endpoint Configuration
Access and manage configuration changes from the Endpoint Configuration workbench. |
SHOWWRITE | APPROVEDISMISS | SHOWREAD | READWRITE | No |
| Endpoint Configuration Administrator
Endpoint Configuration, provides write privileges for actions and read privileges for sensors and packages. |
ADMINISTER | No | No | No | No |
| Endpoint Configuration API
Use the API to perform Endpoint Configuration tasks. |
EXECUTE | No | No | EXECUTE | No |
| Endpoint Configuration Module
Register for the Endpoint Configuration module or use it now. |
USE | No | No | REGISTERUSE | No |
| Endpoint Configuration Read Only
Endpoint Configuration grants read permissions to sensors, packages, and actions. |
No | No | USER | No | No |
| Endpoint Configuration Service Account
Access the Endpoint Configuration service account’s settings and provide the service account the necessary permissions. |
READWRITE | No | No | EXECUTE | No |
| Endpoint Configuration Settings
Endpoint Configuration settings can be accessed. |
READWRITE | No | SHOWREAD | No | No |
| Endpoint Configuration Support Bundle
Get the Endpoint Configuration support package. |
READ | No | No | No | No |
| Endpoint Configuration Bypass2
This permission can be applied to module service accounts, and it bypasses approval for solution-generated configuration items, such as tools or intel deployment, based on the content set. This permission can be applied to a user account, and it bypasses approval for user-generated configuration items based on the content set. |
No | No | No | No | No |
| Provided Endpoint Configuration Administration and platform content permissions | ||||||
| Permission | Role Type | Endpoint Configuration Administrator | Endpoint Configuration Approver | Endpoint Configuration Read Only User | Endpoint Configuration Service Account | Endpoint Configuration Service Account Read All Sensors |
| Action Group | Administration | No |
No |
No | READ |
No |
| Allowed URLs | Administration | No | No |
No |
READWRITE |
No |
| Computer Group | Administration | No | No | No | READ |
No |
| Persona | Administration | No | No | No | READ | No |
| User | Administration | No | No | No | READ | No |
| Action | Platform Content | No | No | READ | READWRITE | No |
| Bypass Action Approval | Platform Content | No | No | No | SPECIAL | No |
| Own Action | Platform Content | No | No | READ | READ | No |
| Package | Platform Content | No | No | READ | READWRITE | No |
| Plugin | Platform Content | No | No | READ | READEXECUTE | No |
| Sensor | Platform Content | No | No | READ | READ | No |
Managing Approvals
- Configuration approvals should be enabled.
- You must enable configuration approvals before you can use Endpoint Configuration to manage approvals.
- To access the Endpoint Configuration Overview page, go to Administration > Shared Services > Endpoint Configuration from the Home page.
- Go to Settings and then to the Global tab.
- Click Save after selecting Enable configuration approvals.
- Individual Tanium solutions are used to make solution-specific configuration modifications if configuration approvals are not enabled.
Approve or reject configuration changes
When configuration approvals are enabled, an approval appears in the Approvals page of Endpoint Configuration for a configuration approver to approve or reject when a configuration change is created or modified in a supported Tanium system.
The configuration update is pushed to the targeted endpoints if it is accepted.
- Click Overview from the Endpoint Configuration menu.
- Examine configurations with a status of Proposed that are awaiting approval or rejection. Choose from a variety of configurations. View the configuration change description to learn about the domain (Tanium solution) with which the approvals are associated, as well as the domain’s functional area and a description of the configuration change.
- Optional: To inspect the content of the configuration, click Download data defining the domain endpoint configurations.
- Approve or reject the request by clicking the appropriate button. Approve or reject the pending approvals by checking the box.
- Click Dismiss to remove an approval from the Approvals page if it is in the Approved or Rejected stage.
Managing Azure Configurations
Configurations are defined by each Tanium solution. When a user adds or modifies a configuration and you enable configuration approval, a banner shows in the solution to tell you that the modification is pending approval in Endpoint Configuration.
When a Threat Response profile is updated, for example, a banner displays to notify you that a configuration change has been made and that it needs to be approved in Endpoint Configuration before it can be distributed to endpoints.
When you create or modify a configuration, it shows in the Proposed state in Endpoint Configuration. The configuration is delivered to the targeted endpoints once a configuration approver authorizes the pending configuration.
Azure View configurations
Click Configurations from the Endpoint Configuration menu to see the configurations.
The Configurations page lists all of the installed solutions’ configurations. If there are changes that have not yet been approved, the Pending Changes column displays Pending Changes for that configuration. See Managing Approvals for further information about approvals.
Azure Removing configurations for uninstalled solutions
Even if the linked solution is no longer deployed, some configurations persist. If a configuration’s related solution is no longer installed, the Installed Module column for that configuration displays No.
When the accompanying solution is not installed, manually uninstall a configuration that you no longer need.
Click Configurations from the Endpoint Configuration menu. Then click delete after selecting a configuration.
Azure Managing endpoint Tools
1. View deployed endpoint tools
- From the Endpoint Configuration menu, select Tools.
- To see the status of a tool across all endpoints, expand it.
- (Optional) Pick View question results in Interact to see all endpoints that have the tool installed, or click a status category to display question results that contain all endpoints in that category for the tool.
2. Removing endpoint tools
- Even if the linked solution no longer targets that endpoint or is no longer installed, some tools stay installed on that endpoint. Endpoints with an endpoint tool installed under these circumstances are in the tool’s Safe to Remove category.
- Deploy the appropriate action to those endpoints to remove an endpoint tool that is no longer required.
- Expand a tool that has endpoints in the Safe to Remove category from the Tools page.
- Now, Choose the category option “Safe to Remove” from the drop-down menu.
- Select the tool’s row in the inquiry results and click Drill Down.
- To target a suitable group of endpoints, click Create a Question and ask one of the following questions.
- Endpoints on Windows: Get a list of all machines that have Is Windows equals true.
- Endpoints that aren’t Windows: Get a list of all machines that have Is Windows equals false set to false.
- Click Deploy Action after selecting a row from the drill-down question results.
- Enter Endpoint Configuration – Uninstall in the Deploy Action box on the Deploy Action page. Choose Endpoint Configuration – Uninstall Tool [Windows] or Endpoint Configuration – Uninstall Tool [Non-Windows] depending on which endpoints you’re targeting.
- Select the name of the tool you’re uninstalling for Tool Name.
- (Optional) The tools can’t be reinstalled by default after they’ve been uninstalled. Clear the option for Block reinstallation to allow tools to be reinstalled automatically.
- (Optional) Select Soft uninstall to remove only the tool while keeping databases and logs that may be useful for endpoint troubleshooting.
- Clear the checkbox to remove all databases and logs for the tool from the endpoints.
- (Optional) Select Remove unreferenced dependencies to remove any tools that were dependencies of the tools you’re installing but aren’t required for other solutions.
- To continue, click Show preview.
- A results grid appears at the bottom of the page, displaying the action’s targeted endpoints. Click Deploy Action when you’re happy with the results.
Exporting an audit log in Azure
To export an Endpoint Configuration audit log to Connect destinations like Email, File, HTTP, Socket Receiver, Splunk, or SQL Server, create a connection in Tanium Connect. Below mentioned information is included in the audit log:
- Configuration item additions, removals, and updates
- Actions of approval, rejection, and dismissal
- Actions that are visible
Creating a connection in Azure
Click Connections from the Connect menu, then Create Connection.
In the General Information box, give your relationship a name and a description.
Set the following in the Advanced section:
- The logging level is set to Information by default. Set the log level to Warning, Error, or Fatal to reduce the amount of logging.
- Minimum Pass Percentage: The minimum percentage of predicted rows that must be processed in order for the connection to be successful.
- Set the source and destination as follows in the Configuration section:
- Select Tanium Endpoint Configuration as the source.
- Enter the number of days of history in the exported audit log for History Retrieval (Days).
- Set the destination of the connection
- From the Destination list, choose a connection destination. Fill in the setup details for the location you’ve chosen. See the Tanium Connect
- User Guide: Connection Destinations for more information on configuring destinations.
- Format the data according to your preferences. See the Tanium Connect User Guide’s section on the destination type you selected for information on customizing the format.
- (Optional) Configure a Filter in the Configure Output section.
- Customize columns for the exported data (optional). Select the available Source items in the Columns area and specify the Value Type and
- Customization, as described in Tanium Connect User Guide: Format data for emails.
- Select Enable Timetable and set a schedule for the connection (optional). See Tanium Connect User Guide: Schedule Connections for more information on how to run connections on a schedule. If you don’t enable the schedule, the connection will only run when you manually initiate it.
- Save or Save and Run are the options.
Test a connection and review data
- Click Connections from the Connect menu.
- For the Direct Connect audit trail, click the connection you created.
- Click the “Run Now” button. Make sure you want to use the connection.
- Take a look at the run’s summary.
- View the audit log for the connection in the destination you specified.
Azure Troubleshooting Endpoint Configuration
Collecting logs in Azure
The data is stored in a ZIP file that you can open in your browser and download.
- Click Help, then the Troubleshooting tab, from the Endpoint Configuration home page.
- Click on the Download Support Package
- To the local download directory, a tanium-endpoint-configuration-support-[timestamp].zip file is downloaded.
- Contact Tanium Support or attach the ZIP file to your Tanium Support case form.
Blocking or unblocking tools from installing on an endpoint
The information is contained in a ZIP file that you can access and download using your browser.
- From the Endpoint Configuration home page, select Help, then the Troubleshooting tab.
- Select Download Support Package from the drop-down menu.
- A tanium-endpoint-configuration-support-[timestamp].zip file is downloaded to the local download directory.
- Please contact Tanium Support or upload the ZIP file to your Tanium Support case.
- Remove a stumbling hurdle to a tool’s installation.
- Choose which endpoints you wish to unblock tool installation on.
- Select Deploy Action from the drop-down menu.
- (Windows) Choose the package Endpoint Configuration – Unblock Tool [Windows].
- (Non-Windows) Choose the package Endpoint Configuration – Unblock Tool [Non-Windows].
- Choose a tool from the dropdown menu, or type in the name of a manual tool.
Uninstalling one or more tools installed by Endpoint Configuration
Distribute the Endpoint Configuration – Uninstall Tool package to uninstall one or more tools installed by Endpoint Configuration on an endpoint.
- Choose which endpoints you wish to uninstall a tool from.
- Select Deploy Action from the drop-down menu.
- (Windows) Select the [Windows] Endpoint Configuration – Uninstall Tool package.
- (Non-Windows) Select the [Non-Windows] package Endpoint Configuration – Uninstall Tool.
- To prevent the tool from being reinstalled, select Block reinstallation. If this option is left unchecked, the tool will be installed on the endpoint the next time the Endpoint Configuration tools are installed.
- To do a soft uninstall, select Soft uninstall. This will leave certain content in place, such as logs and data. To do a hard uninstall, clear the selection, which will remove everything monitored by the tool.
- To remove any other unreferenced tools that were a dependency of the tool being deleted, select Remove unreferenced dependencies.
Reinstalling one or more tools installed by Endpoint Configuration
Distribute the Endpoint Configuration – Reinstall Tool package to reinstall one or more tools on an Endpoint Configuration-installed endpoint. The specified tooling’s most recent version is installed.
- Choose which endpoints you want to reinstall a tool on.
- Select Deploy Action from the drop-down menu.
- (Windows) Choose the [Windows] Endpoint Configuration – Reinstall Tool package.
- (Non-Windows) Select the [Non-Windows] package Endpoint Configuration – Reinstall Tool.
- Select a tool from the dropdown menu, or type in the name of a manual tool.
- To reinstall any dependencies of the tool being installed, select Reinstall Dependencies.
- If reinstallation was previously blocked, select Unblock Tool to unblock it.
Azure Endpoint Configuration Demo
Step 1: In your Azure Management Portal, navigate to Virtual Machine.
Step 2: Select ‘Endpoint’ and then select ‘Add.’
Step 3: Click the ‘Add a Stand-Alone Endpoint’ button.
Step 4: If you check the box next to ‘Create a Load Balanced Set,’ you will be able to distribute the load across virtual machines. Let’s leave it unchecked for now because it can be changed later if necessary.
Step 5: ‘Enable Direct Server Return’ is checked when the SQL server’s ‘Always On’ feature is required, so uncheck it.
Step 7: Press the Next arrow.
Accessing Control of Azure Endpoint
We have the ability to grant or deny a service access to a specific host or network. If no hosts or networks are specified, the endpoint can be accessed from any host or network.
Step 1: Click the ‘Manage ACL’ button.
Step 2: Fill out the access description.
Step 3: Type in the Subnet Mask.
Step 4: Click Next, and you’re done.
Conclusion
Thus, we have reached the end of our today’s Azure journey. We hope you liked this article of Azure Endpoint Configuration.