Deploy overview

Deploy is a software management module that you can use to rapidly install, update, and remove software across large organizations with minimal infrastructure requirements. You can create deployments to run during a maintenance window that is convenient for your IT operations.

You can deploy applications or a group of applications to a flexible set of targets, including computer groups, user groups, departments, locations, individual computers, and individual users. You can also update existing software installation to the latest available versions, and create custom packages to install, update, and remove applications.

Software packages

A Tanium Deploy software package is a combination of source files, metadata, detection logic, and actions that are used to detect, install, update, and remove software from Tanium managed devices.

Each software package contains the following elements:

Package Files

The files needed to install, update, remove, or configure an application. This typically includes installation files, but can also be any files that are used by the software package.

Package Details

The product vendor, name, version, and platform of the software package. A Self Service display name, description, or package icon can optionally be added.

System Requirements

The requirements to install or update the software package on a managed endpoint: minimum RAM and disk space, system architecture, or specific operating systems that are supported.

Deploy Operations

The changes that the software package can make when it is deployed to endpoints: installing, updating, or removing the package. Software packages can have any combination of these operations defined, or they can have no operations and be used only for reporting and auditing purposes.

Installation Requirements

The conditions that must be met to install the software package, such as prerequisite applications.

Update Detection

The conditions that must be met to update the software package. Typically, this is the presence of a previous version of the product.

Install Verification

The conditions that must be met to identify that the software package is installed.

For more information, see Create a software package.

Software bundles

A Tanium Deploy software bundle is a list of Deploy software packages that can be deployed and executed in an ordered sequence. Software bundles are used to deploy a list of packages that are used by specific departments or user types.

For more information, see Create a software bundle.

Predefined Package Gallery

The Tanium Deploy Predefined Package Gallery is a collection of software packages that you can use to distribute software package templates. These templates include all of the required information for you to import and deploy third-party software.

For more information, see Import a software package from the Predefined Package Gallery.

Predefined packages for Windows

Application Version

7-Zip (32/64-bit)

Latest version
Adobe Acrobat DC (Update only) Latest version
Adobe Acrobat Reader DC (32/64-bit) Latest version
Adobe Acrobat Reader DC (MUI) (32/64-bit) Latest version
Adobe Digital Editions Latest version
Adobe Flash Player (Remove Only) All versions
Adobe Shockwave EOL (Remove only) All versions
Apache Tomcat 8.5, 9.0, 10.0
Apple iTunes (64-bit) Latest version
Arduino IDE (64-bit) Latest version
Audacity (32/64-bit)1 Latest version
Box Drive (32/64-bit) Latest version

CCleaner (32/64-bit)

Latest version
Cisco Jabber (32/64-bit) Latest version
CutePDF Writer Latest version
DB Browser for SQLite (32/64-bit) Latest version
Devolutions Remote Desktop Manager Free Latest version

Dropbox (32/64-bit)

Latest version
Eclipse Adoptium Temurin JDK/JRE with Hotspot (32/64-bit)1 8, 11, 16, 17

FileZilla (32/64-bit)

Latest version

GIMP1

Latest version

Google Android Studio1

Latest version

Google Chrome Enterprise (32/64-bit)

Latest version

Google Drive File Stream

Latest version
HandBrake1 Latest version
Helios TextPad Latest version
JAM Software TreeSize Free Latest version
Jetbrains DataGrip (64-bit) Latest version
KeePass1 1.x (latest), 2.x (latest)

Microsoft Edge (32/64-bit)

Latest version

Microsoft Feature Update to Windows 10, version 21H2 (32/64-bit)

KB5003791

Microsoft InPlace Upgrade to Windows 10 (32/64-bit)

1809, 1909, 20H2, 21H1, 21H2

Microsoft InPlace Upgrade to Windows 11

Build 22000
Microsoft Local Administrator Password Solution (32/64-bit) Latest version

Microsoft Office Click-to-Run (32/64-bit):

  • Current Channel
  • Monthly Enterprise Channel
  • Office 2021 Perpetual Enterprise
  • Office 2019 Perpetual Enterprise
  • Semi-Annual Enterprise Channel
  • Semi-Annual Enterprise Channel (Preview)
Latest versions

Microsoft Office Click-to-Run (32/64-bit)

Latest version

Microsoft Power BI Desktop (32/64-bit)

Latest version

Microsoft PowerShell (32/64-bit)1

Latest version

Microsoft Skype Desktop Client (32-bit)

Latest version
Microsoft SQL Server Management Studio (64-bit) Latest version

Microsoft Update for Flash Removal

KB4577586

Microsoft Visual Studio Code (32/64-bit)

Latest version

Mozilla Firefox (32/64-bit)

Latest version

Mozilla Firefox ESR (32/64-bit)

Latest version

Mozilla Thunderbird (64-bit)

Latest version

NodeJS Current (32/64-bit)

Latest version

NodeJS LTS (32/64-bit)

Latest version

Notepad++ (32/64-bit)1

Latest version

Oracle Java 8 Runtime (32/64-bit)

Latest version
Postman Latest version

PuTTY (32/64-bit)

Latest version

Royal Apps GmbH Royal TS (64-bit)

Latest version

Slack (32/64-bit)

Latest version

Splunk Universal Forwarder (32/64-bit)

Latest version
Tableau Reader (64-bit) Latest version
TechSmith Camtasia Latest version
TechSmith Snagit Latest version

TortoiseGit (32/64-bit)

Latest version
TortoiseSVN (32/64-bit) Latest version

VideoLAN VLC Media Player (32/64-bit)

Latest version
VMware Horizon Latest version
VMware Tools (32/64-bit) Latest version

VMware Workstation Player (Update and Remove only)

Latest version

WinMerge (32/64-bit)1

Latest version
WinSCP (32/64-bit)1 Latest version

Wireshark (32/64-bit)

Latest version
Yubico Authenticator (32/64-bit) Latest version

Zoom (32/64-bit)

Latest version

Zoom for Government (64-bit)

Latest version

Zoom Outlook Plugin

Latest version

Zoom Rooms

Latest version

1The Predefined Package Gallery includes software packages that contain files hosted on Github and other insecure content distribution networks that Tanium blocks by default. For information about editing a software package to manually add inaccessible files, see Deploy cannot access the origin of a software package file.

The following audit-only software package templates are used for reporting purposes. No source files or commands are distributed for these packages, but there is logic to determine if the software is installed or out of date.

Audit-only software package templates
Application Version

Adobe After Effects CC

Latest version

Adobe Animate CC

Latest version

Adobe Audition CC

Latest version

Adobe Dreamweaver CC

Latest version

Adobe Illustrator CC

Latest version

Adobe InDesign CC

Latest version

Adobe Photoshop CC

Latest version

Adobe Prelude CC

Latest version

Adobe Premiere Pro CC

Latest version

Predefined packages for macOS

Application Version

Adobe Acrobat DC

Latest version
Adobe Acrobat Reader DC Latest version

Adobe Flash Player (Remove Only)

All versions

AgileBits 1Password 7

Latest version
aONe Keka1 Latest version

Atlassian Sourcetree

Latest version
Arduino IDE Latest version
Audacity1 Latest version
BBEdit1 Latest version
Cisco Webex Teams Latest version
DB Browser for SQLite Latest version

Devolutions Remote Desktop Manager

Latest version

Docker Desktop

Latest version

Dropbox

Latest version

GIMP1

Latest version

GitHub Desktop1

Latest version

Google Chrome

Latest version

Google Drive

Latest version
HandBrake1 Latest version

iTerm2

Latest version
Jetbrains DataGrip (ARM) Latest version
macOS Big Sur Upgrade (Phase 1 and Phase 2) 11.6.3
macOS Monterey Upgrade (Phase 1 and Phase 2) 12.2.1

Microsoft Edge

Latest version

Microsoft Office 2019

Latest version

Microsoft Office 2019 with Teams

Latest version

Microsoft Remote Desktop

Latest version

Microsoft Teams

Latest version

Microsoft Visual Studio Code

Latest version

Mozilla Firefox

Latest version

Mozilla Thunderbird

Latest version
Postman Latest version

Royal Apps GmbH Royal TS

Latest version

Slack

Latest version
Tableau Reader Latest version
TechSmith Camtasia Latest version
TechSmith Snagit Latest version
The Unarchiver Latest version
VideoLAN VLC media player (universal) Latest version
Yubico Authenticator Latest version

Zoom (ARM)

Latest version

Zoom for Government (ARM)

Latest version

Zoom Rooms

Latest version

1The Predefined Package Gallery includes software packages that contain files hosted on Github and other insecure content distribution networks that Tanium blocks by default. For information about editing a software package to manually add inaccessible files, see Deploy cannot access the origin of a software package file.

Predefined packages for Linux

Application Version

Splunk Universal Forwarder (Debian/RPM)

Latest version

Zoom (DPKG)

Latest version

Applicability scans

You can configure how often applicability scans run for the software packages that are in the Deploy software package catalog, and how frequently the applicability status cache is updated.

Applicability scans evaluate endpoints against the required operating system, minimum disk space, memory, and requirements. Applicability scans run under the following circumstances to determine if a Tanium managed device is eligible to install, is eligible for update, installed, or has failed requirements:

  • On a schedule according to the Scan Interval setting (Default: 24 hours)

  • When the endpoint receives a new deployment for the first time or a new or updated software package

  • When a deployment is about to run or has finished running a software package operation

  • When a user logs onto a Windows computer or opens the Self Service Client

Install Eligible

The count of systems where the software is not installed and system requirements are met.

Update Eligible

The count of systems where one or more of the previous versions of the application are detected, and the software package can update those systems.

Installed

The count of systems where the software package is already installed.

Update Ineligible

The count of systems where one or more of the previous versions of the application are detected, but the system requirements are not met.

Not Applicable

The count of systems where the system requirements or prerequisites are not met.

For information about how Deploy determines software package applicability, see View software package applicability.

Deployments

A deployment is a one-time or recurring action to install, update, or remove applications on targeted endpoints. For more information, see Deploying software.

Deployment templates can be used to save settings for a deployment that you can issue repeatedly. For more information, see Create a deployment template.

Maintenance windows

Maintenance windows designate the permitted times that the targeted computer groups are open for deployments to run. You can have multiple maintenance windows, even with overlapping times. Maintenance windows do not interfere with each other. For a deployment to take effect, the deployment and maintenance window times must be met. For more information, see Managing maintenance windows.

Self service profiles

With the Self Service Client application, you can publish software to Windows and macOS endpoints so that users can install software on their own without the need for IT to install for them. Deploy self service profiles and the Self Service Client application are used in conjunction with End-User Notification profiles in Tanium™ End-User Notifications 1.5 or later. For more information, see Managing End-User Self Service.

Integration with other Tanium products

Deploy integrates with other Tanium products to provide additional features and reporting.

API Gateway

Use API Gateway to access the Deploy API. For information about what features are available through the API Gateway, see Tanium API Gateway User Guide: Schema reference.

End-User Notifications

Deploy uses Tanium End-User Notifications to notify users about deployments to Windows and macOS endpoints, and to configure End-User Self Service capabilities. You can create a message with your deployment to notify the user that the system is about to begin a deployment, has completed a deployment, and if postponements are enabled, to give the user the option to postpone the deployment or restart now. For more information, see Tanium End-User Notifications.

Trends

Deploy has built in integration with Tanium™ Trends to provide data visualization. The Deploy board displays metrics related to software deployment, including machines running Deploy and gallery packages that are installed. The following panels are in the Deploy board:

  • Summary
    • Deploy Coverage
    • Endpoints Missing Software Updates Released Over 30 Days Ago
    • Mean Time to Deploy Software
    • Software Installed by Self Service User Request
  • Gallery Updates
    • Top 25 Gallery Packages Installed
    • Top 25 Gallery Package Updates Needed
  • Endpoint Status
    • Online - Endpoints Running Deploy
    • Historical - Endpoints Running Deploy

For more information about how to import the Trends board that is provided by Deploy, see Tanium Trends User Guide: Importing the initial gallery.