| Accelerating Risk Remediation with Guided Exposure Management |
|---|
In this 90-minute hands-on lab, you’ll walk the complete Tanium Exposure Management lifecycle in Tanium Cloud — using Tanium Comply for real-time visibility into vulnerable and non-compliant endpoints across CIS Benchmarks and CVE-based content, then layering in Tanium Benchmark to compute a Risk Score weighted by exploitability signals (EPSS, CISA KEV) and Asset Criticality so you focus only on exposures that are both reachable and business-critical. You’ll see how Comply’s Remediation Guidance cuts through the noise by surfacing clear, actionable context directly on each finding — answering not just what is exposed, but how and where to fix it — then make the operational pivot from a Comply finding into Tanium Enforce to push CIS Benchmark configurations to endpoints, and from Comply → Patch or Comply → Deploy using native Patch and Deploy Actions to turn a prioritized finding into a deployable fix in a few clicks. By the end of the session, you’ll close the loop with Remediation Visibility to verify results back inside Comply, experiencing how Tanium accelerates the full path from vulnerability discovery to resolution across IT and security teams.
Pre-Req(s): Practical use of Tanium (Tanium Cloud console and core workflows), Conceptual understanding of Exposure Management (vulnerability, compliance, prioritization, remediation) | Exposure Management | Intermediate | |
| Agentic Incident Response: From Detection to Containment Across the Microsoft + Tanium Ecosystem |
|---|
In this 90-minute hands-on lab, you’ll work a real-world incident response scenario from initial detection through full containment using the Microsoft and Tanium Cloud ecosystem — all from a single unified workflow. You’ll watch Tanium Connect stream real-time endpoint telemetry into Microsoft Sentinel to sharpen SOC detections, fire the Tanium Incident Scoping Agent in Microsoft Security Copilot when a Defender incident lands to map the enterprise-wide blast radius, then pivot through the Edge for Business connector for browser-posture insight, Entra ID for identity enrichment by department, group, and role, and Intune for compliance state. By the end of the session, you’ll have experienced first-hand how Tanium turns your existing Microsoft investment into a coordinated, end-to-end incident response capability.
Pre-Req(s): Prior working knowledge of Tanium and the Tanium Cloud console, Working knowledge of Microsoft Entra ID (users, groups, and core identity concepts) | Core, Endpoint Management, Technology Partnerships | Beginner-Intermediate | |
| Applying Multi-Framework Compliance Benchmarks with Enforce |
|---|
In this 90-minute hands-on lab, you’ll use Tanium Enforce in Tanium Cloud as the remediator and steady-state enforcer for compliance benchmarks across multiple frameworks — CIS, NIS2, CMMC, and Essential Eight — while going end-to-end on one framework in the hands-on session. You’ll start in Tanium Comply to import benchmark content and run an assessment against your endpoints, author custom checks where the out-of-the-box content stops short, then pivot into Enforce to build matching Compliance policies, import CIS remediation aligned to the same control IDs, and deploy Enforcements against your computer groups. By the end of the session, you’ll have closed the loop by re-running the Comply assessment to verify endpoints are configured exactly as the benchmark expects — collapsing the gap between a CIS recommendation and an enforced configuration from weeks of GPO authoring down to minutes on a single Tanium agent.
Pre-Req(s): Practical use of the Tanium Cloud console, Familiarity with Tanium Comply and basic compliance concepts (CIS Benchmarks, control IDs, assessment scans) | Core, Endpoint Management, Exposure Management | Intermediate | |
| Automating Patch Workflows with Ambient Agents |
|---|
In this 90-minute hands-on lab, you’ll automate end-to-end patching workflows in Tanium Cloud by pairing Tanium Patch with Ambient Agents — the system-level AI agents introduced in Tanium Atlas that continuously observe the endpoint environment and surface what matters before you ask. You’ll build Patch Lists for operating systems and third-party Managed Applications, scope them to computer groups, and configure Deployments inside maintenance windows, then let an Ambient Agent watch the patch surface and proactively flag — or kick off — closed-loop remediation when new CVEs or failed deployments demand attention. By the end of the session, you’ll have moved from reactive patch triage to proactive operational hygiene, applying Tanium and AI together to keep endpoints continuously current without the manual searching, clicking, and context-switching that defines traditional patch operations.
Pre-Req(s): Familiarity with Tanium (Tanium Cloud console and core workflows), Understanding of software and OS updates (patch lifecycle, CVEs, maintenance windows), Understanding of AI terminology (agents, models, prompts) | AI Services, Core, Exposure Management | Intermediate-Advanced | |
| Detecting and Remediating Unauthorized AI Tools: An End-to-End Governance Scenario |
|---|
In this 90-minute hands-on lab, you’ll work an end-to-end governance scenario for shadow AI — the unauthorized AI agent tools that run persistently in the background, make autonomous outbound connections to LLM providers, access local file systems, and bundle vulnerable runtimes that carry measurable CVE exposure. Using Tanium Cloud, you’ll detect and triage AI software through Security Operations’ process-level behavioral telemetry and network-connection evidence (not just software presence), assess the CVE delta against your AI acceptable use policy with Exposure Management, then deploy enforcement controls with Endpoint Management and execute coordinated silent remediation paired with targeted user communication across the entire fleet — including remote, off-VPN endpoints. By the end of the session, you’ll have built an automated playbook that chains detection through remediation end-to-end, turning a multi-day manual fire drill into a sub-10-minute autonomous workflow, and produced a compliance evidence package that maps directly to auditor requirements.
Pre-Req(s): General familiarity with Windows endpoint environments — processes, services, and installed software, Conceptual understanding of shadow IT, software execution controls, and CVE severity ratings, Comfort with a web-based enterprise console (no command-line proficiency required) | AI Services, Core, Endpoint Management, Exposure Management, Security Operations | Intermediate | |
| Discovering and Managing OT/IoT Assets: Hands-On OT Security |
|---|
In this 90-minute hands-on lab, you’ll discover, inventory, and manage OT assets in a Tanium Cloud environment populated with simulated industrial devices — PLCs, HMIs, and engineering workstations sitting side by side with traditional IT endpoints. You’ll walk the full Tanium OT workflow: ingest OT assets into the platform, classify them in Tanium Asset by vendor, role, firmware, then surface vulnerability and compliance findings through Tanium Comply and Tanium Exposure Management — all from the same console you use for IT. By the end of the session, you’ll have first-hand experience of the full Tanium OT workflow and a clear understanding of how a single platform can close the visibility gap that IT/OT convergence creates — without adding complexity, separate tooling, or separate teams.
Pre-Req(s): Working knowledge of Tanium and the Tanium Cloud console, Familiarity with OT/IT convergence concepts (PLCs, HMIs, industrial protocols) | Endpoint Management | Beginner-Intermediate | |
| Extending Tanium: Custom Content, MCP & APIs |
|---|
In this 90-minute hands-on lab, you'll extend Tanium beyond its out-of-the-box capabilities — authoring custom sensors and packages in the cross-platform Tanium Script Language (TSL) to surface and act on data unique to your organization, and connecting Tanium to external systems through its public APIs. You’ll wire in MCP (Model Context Protocol) so AI assistants can interact with Tanium data and actions in natural language, drive remediation and operational workflows through direct Tanium API calls, and use Automate’s API step to integrate Tanium with the rest of your operational stack. By the end of the session, you'll walk away with working code and reusable patterns for custom content, API-driven automation, and MCP integration — a practical extensibility toolkit you can apply directly to your environment.
Pre-Req(s): Entry-level scripting experience in any language, Basic knowledge of Tanium Interact and custom content management | AI Services, Core | Advanced | |
| Getting Answers Without Admin Rights: A Hands-On Intro to Tanium Atlas for Non-Admins |
|---|
In this 90-minute hands-on lab, you’ll experience Tanium Atlas — Tanium’s autonomous operating system for IT and security operations in Tanium Cloud — from the perspective of a non-admin user with read-only console access. You’ll skip Interact syntax and module hopping and instead use Atlas’s single prompt-driven interface to ask natural-language questions of your environment, watch dynamically generated pages and visualizations assemble the answer around you, and explore the inline next-step recommendations Atlas surfaces alongside the data — with every state-changing action gated by human-in-the-loop approval policies so a read-only user can investigate safely. By the end of the session, you’ll have seen first-hand how Tanium turns uncertainty into answers — giving anyone with console access real-time visibility and the confidence to act in minutes, not hours, without scripts, guesswork, or sleepless nights.
Pre-Req(s): Console access to a Tanium Cloud environment (no admin rights required for the lab), Basic familiarity with IT or security questions you’d want answered in your role (no scripting required) | AI Services, Core, Endpoint Management, Exposure Management, Security Operations | Beginner-Intermediate | |
| Know the Terrain: From Indicators to Outcome with Guardian, Atlas, and Threat Response |
|---|
In this 90-minute hands-on lab, you’ll work a browser-extension risk scenario end-to-end across Tanium Guardian, Tanium Atlas, and Tanium Threat Response — starting from a fleet-wide inventory of browser extensions (including the AI-related extensions, local LLMs, and MCP servers that Guardian Spotlight: AI Tools surfaces) and following the trail through real-world threat patterns observed by Tanium Security Research. You’ll use Guardian’s expert-curated insights to prioritize risky, unwanted, or AI-capable extensions by permissions, provenance, and behavior, pivot through Atlas as your investigation hub to reason across the data and bring Threat Response telemetry alongside to confirm what is actually executing on the endpoint. You’ll close the loop with remediation actions through Tanium Enforce — blocking and removing the offending extensions — and package the work into a repeatable investigation-and-governance workflow you can run continuously to manage extension and AI attack surface over time.
Pre-Req(s): Prior exposure to Tanium concepts is helpful but not required, Interest in shadow AI, browser-extension risk, and proactive governance workflows | AI Services, Exposure Management, Security Operations | Advanced | |
| Managing Just-in-Time Access with Jump Gate: Approvals and Audit Trails |
|---|
In this 90-minute hands-on lab, you’ll stand up Tanium Jump Gate in Tanium Cloud to replace standing administrator privileges with just-in-time, just-enough access — a Zero Trust, least-privilege approach that shrinks the attack surface left exposed by always-on admin rights. You’ll configure Jump Gate end-to-end by scoping access, creating and prioritizing access policies with the right approvers, and tuning request and session settings like timeouts and concurrent-session limits, then run the full request-to-session workflow from the user side by searching for a target, submitting an access request, and initiating a jump session. You’ll then switch to approver and auditor roles — reviewing requests with full context, approving or denying inline, and walking the Jump Gate audit trail to verify exactly who accessed what, when, and why.
Pre-Req(s): Basic familiarity with the Tanium Console UI — navigating modules/workbenches and common UI patterns, Basic endpoint/IT concepts — what RDP/shell access is, why approvals matter, and what least-privilege means | Core | Beginner-Intermediate | |
| Managing Mobile Endpoints and MDM Policies with Tanium |
|---|
In this 90-minute hands-on lab, you’ll bring mobile devices into the same Tanium Cloud console you already use for Windows, Linux, and Mac — enrolling iOS and iPadOS devices through Tanium Endpoint Management for Mobile (Device Management) using an Apple MDM Push Certificate, Apple Business Manager / Automated Device Enrollment for zero-touch supervised enrollment, and the Tanium MDM enrollment portal for user-driven BYOD flows. You’ll author and scope configuration profiles for restrictions, Wi-Fi, VPN, passcode, and app management, deploy them to computer groups, and exercise the mobile lifecycle actions — lock, erase, restart, and retire — when a device falls out of compliance. Then you’ll layer in the Tanium Connector for Microsoft Intune to bring Android and ChromeOS telemetry alongside your Apple inventory, so a single platform covers mobile and modern device management without a separate console, a separate team, or stale data.
Pre-Req(s): Working knowledge of Tanium and the Tanium Cloud console, Basic familiarity with MDM concepts (configuration profiles, APNs, enrollment) | Endpoint Management | Beginner-Intermediate | |
| Powering ServiceNow AI Workflows with Real-Time Endpoint Intelligence |
|---|
In this 90-minute hands-on lab, you’ll connect Tanium Cloud to the ServiceNow AI Platform and power its AI workflows with real-time endpoint intelligence — wiring up the Service Graph Connector for Tanium to sync the CMDB, layering in the Tanium AI Agent for ServiceNow so Now Assist can reason on live endpoint truth, and using Tanium Autonomous IT to execute deterministic actions back on the endpoint. You’ll see how that real-time signal cuts MTTR by replacing stale CMDB snapshots with live state inside ITSM tickets, how Tanium gives Now Assist the reliable data and policy-driven guardrails that keep AI recommendations accurate, safe, and auditable, and how a single closed-loop pattern carries one incident from detection through remediation across IT and Security. By the end of the session, you’ll have experienced Tanium’s standardized integration pattern that unifies visibility, decisioning, and execution across ServiceNow — scaling intelligent automation instead of tool sprawl.
Pre-Req(s): Administrative knowledge of Tanium (Tanium Cloud console, modules, and actions), Administrative knowledge of ServiceNow (ITSM, CMDB, and the AI Platform / Now Assist) | AI Services, Core, Endpoint Management, Technology Partnerships | Intermediate | |
| Remediating Endpoint Health at Scale with Engage: Tier-0 Self-Service |
|---|
In this 90-minute hands-on lab, you’ll use Tanium Engage together with Tanium Performance to catch endpoint health issues in real time and resolve them before they reach support - effectively becoming the Tier-0 self-service support pattern that reduces ticket volume for the help desk. You’ll watch Performance stream live CPU, memory, disk, and application-crash telemetry into Engage, layer in sentiment-survey results to build a DEX score that ties endpoint health to actual user experience and operational risk, and author attribute-based remediation tasks that target Tanium computer groups using live device data. You’ll then deliver those remediations through the End-User Notifications self-service interface so users can clear cache, restart a service, or run a one-click fix from their own machine — closing performance issues without re-imaging or Tier-1 escalations.
Pre-Req(s): Windows endpoint fundamentals, Working knowledge of Tanium and the Tanium console | Core, Endpoint Management | Intermediate | |