This website is typically Internet-facing in a DMZ so that users who forget their PIN or password can access it from another device.
The recovery portal is an optional self-service website that users can access if they forget their PIN or password.
RECOVERY KEY FOR MAC INSTALL
Install and configure the recovery portal In this scenario, the Direct Connect service is listed as the enforcement failure reason. If this service is not installed and pushed out to endpoints, the policy fails to enforce. For more information, see Tanium Direct Connect User Guide: Installing Direct Connect. This service must be installed and initialized on endpoints before you enforce encryption management policies. Install and configure Direct ConnectĮncryption management policies use Direct Connect to transfer encryption keys securely from the client to the recovery key database during the encryption process. In this scenario, the End-User Notifications service is listed as the enforcement failure reason.
For more information, see Tanium End-User Notifications User Guide: Installing End-User Notifications. Install the End-User Notifications service and initialize endpointsĮncryption management policies use the End-User Notifications service to display notifications throughout the encryption process. The user can then retrieve the recovery key by providing the recovery key ID to the recovery portal, which you set up as part of the FileVault configuration.Ĭonfigure the database to allow only connections from the Tanium Module Server. The recovery key ID displays on the FileVault recovery page. Recovery keys are used to unlock the drive if a user forgets the PIN or password. Select an endpoint and click Show Recovery Key to view the Recovery Key ID and Recovery Key for that endpoint. This page lists all endpoints that are encrypted through an Enforce encryption management policy. See User role requirements for roles that can view the recovery keys for users on the Endpoint Encryption page in the Enforce workbench. For more information, see Configure Endpoint Encryption settings. Specify the information required to securely connect the database to the Tanium Module Server in the Overview > Settings > Endpoint Encryption tab in the Enforce workbench. Create a self hosted database to store the recovery keysĮnforce provides fields to help you create a secure connection to a Postgres or Microsoft SQL Server database to store the recovery keys.
If you host the database on your own server, refer to the next section for further information. Hosting the database on the TMS requires no additional configuration. That database can be hosted on the Tanium Module Server (TMS) or you can host it on your own server (Self hosted). Choose where to host the databaseīefore you create and enforce encryption management policies, you must create a database to store the recovery keys. See Tanium Cloud documentation for requirement information.
0 kommentar(er)
