When should endpoints not be configured as satellites?

Endpoints should not be configured as satellites when they may become internet-facing devices. Satellite endpoints are designed to operate within a controlled network environment, where they can reliably communicate with the Tanium server and other endpoints. If an endpoint is internet-facing, it could face a variety of security risks, including unauthorized access and exposure to attacks from outside the organization’s controlled environment. This scenario challenges the integrity of the Tanium architecture, as satellite endpoints need consistent connectivity to function properly and report back to the Tanium server. In a situation where devices could potentially connect directly to the internet, it becomes imperative to ensure those devices are not configured as satellites in order to maintain optimum security and data integrity.

Furthermore, the other options address valid scenarios but do not directly impact the configuration of endpoints as satellites in the same critical manner. For example, being part of a managed network or regularly updated do not inherently create risks that would affect the satellite functionality as significantly as internet exposure would. Additionally, while critical applications should certainly be taken into consideration with respect to endpoint configuration, it is the potential exposure to the internet that poses the most significant threat to the integrity of the satellite setup. Thus, internet-facing endpoints are a definitive reason to avoid configuring them as satellites.