SCCM Endpoint Protection Management Guide

Jonathan LefebvreSCCM, SCEP13 Comments

SCCM Endpoint Protection is not the simplest SCCM tasks to put in place. Over the years, we trained many SCCM administrator using a simple approach and deployment strategy. We created this complete SCCM Endpoint Protection Guide based on our knowledge and experience.

This e-book is a best-practice guide on how to plan, configure, manage and deploy Endpoint Protection with SCCM. This e-book aims to help SCCM administrator understand the basic concept of each part of the Endpoint Protection management.

Many Endpoint Protection settings require customization based on your environment, this document describes a typical case that can be used in any organization as a good starting point for efficient malware protection.

The guide will help you achieve theses tasks:

  • Install Endpoint Protection point role
    • Setup your SCCM server to respond to your Endpoint Protection clients
  • Configure Software Update point to support Endpoint Protection
    • Enable the right product in your software update point to enable definition updates
  • Configure automatic deployment rules for Definition Updates
    • Automate your process, less effort, more results
  • Configure Endpoint Protection Agent policies
    • Ensure that your agents are configured correctly
  • Deploy the Endpoint Protection Agent
    • Plan a best-practice deployment strategy based on our experience
  • Manage Endpoint Protection clients
    • Day-to-day operational tasks to maintain client health

This guide does not explain how to setup your Software Update Point.

This guide does not cover Windows Defender Advanced threat.

Download and own this SCCM Endpoint Protection Management Guide in a single PDF file.

The PDF file is a 67 pages document that contains all information to manage endpoint protection with SCCM. Use our products page or use the button below to download it.

Download

SCCM Endpoint Protection Document screenshots

SCCM Endpoint Protection Guide
SCCM Endpoint Protection Guide
SCCM Endpoint Protection Guide

13 Comments on “SCCM Endpoint Protection Management Guide”

    1. Hi Alexander,
      Thanks for sharing this info.

      We are looking into this as to why this requirement, what is the impact(if any), but so far the guide still works as-is.

      thanks.
      Jonathan

    1. If you are still on CM2012, its a dead-horse. YOu can longer deploy the software updates or virus definitions as of January 2020. You must purchase ESU MAK keys and migrate all your clients to a Current Branch infrastructure.

    1. Hi Adam,

      yes this guide is still accurate for SCCM CB 1706.

      These task haven’t changed:
      Install Endpoint Protection point role
      Configure Software Update point to support Endpoint Protection
      Configure automatic deployment rules for Definition Updates
      Configure Endpoint Protection Agent policies
      Deploy the Endpoint Protection Agent
      Manage Endpoint Protection clients

      Jonathan

  1. Hi,

    I have a quick question. On page 20, “A new Software Update Package should be used for SCEP”, the screenshot shows a UNC path to package source. Do we create a new share or does this point to something that should already exist?

    Thank you,
    Mark

    1. Hi Mark,

      If you have a UNC path for different sources for SCCM (driver, OS, package, Software update) you can use that share.

      Having a specific (and new) folder to store SCEP definition updates is the way to do it.

      Hope this answer your question
      Jonathan

  2. I bought another report and have yet to receive it yet. I want to buy more of these reports but I don’t know if you guys are even in business or what’s happening. You definitely processed my card but no product.

  3. Pingback: New Endpoint Protection Dashboard and Reports Available |

  4. Pingback: List of SCCM Endpoint Protection Agent Versions |

  5. Pingback: SCCM Endpoint Protection Management Guide |

Leave a Reply