SCCM Endpoint Protection is not the simplest SCCM tasks to put in place. Over the years, we trained many SCCM administrator using a simple approach and deployment strategy. We created this complete SCCM Endpoint Protection Guide based on our knowledge and experience.
This e-book is a best-practice guide on how to plan, configure, manage and deploy Endpoint Protection with SCCM. This e-book aims to help SCCM administrator understand the basic concept of each part of the Endpoint Protection management.
Many Endpoint Protection settings require customization based on your environment, this document describes a typical case that can be used in any organization as a good starting point for efficient malware protection.
The guide will help you achieve theses tasks:
- Install Endpoint Protection point role
- Setup your SCCM server to respond to your Endpoint Protection clients
- Configure Software Update point to support Endpoint Protection
- Enable the right product in your software update point to enable definition updates
- Configure automatic deployment rules for Definition Updates
- Automate your process, less effort, more results
- Configure Endpoint Protection Agent policies
- Ensure that your agents are configured correctly
- Deploy the Endpoint Protection Agent
- Plan a best-practice deployment strategy based on our experience
- Manage Endpoint Protection clients
- Day-to-day operational tasks to maintain client health
This guide does not explain how to setup your Software Update Point.
This guide does not cover Windows Defender Advanced threat.
The PDF file is a 67 pages document that contains all information to manage endpoint protection with SCCM. Use our products page or use the button below to download it.
i am preparing installation and configuration of SCEP.
Now i saw that on prereq page from MS there stands “Server 2016 or later” is required for activation of Endpoint Protection Point.
Does this guide require an update?
Thanks for sharing this info.
We are looking into this as to why this requirement, what is the impact(if any), but so far the guide still works as-is.
I’ve about 4000 clients not get updates from sccm, is there logs should use to troubleshoot
If you are still on CM2012, its a dead-horse. YOu can longer deploy the software updates or virus definitions as of January 2020. You must purchase ESU MAK keys and migrate all your clients to a Current Branch infrastructure.
Is this update to date to reflect 1706?
yes this guide is still accurate for SCCM CB 1706.
These task haven’t changed:
Install Endpoint Protection point role
Configure Software Update point to support Endpoint Protection
Configure automatic deployment rules for Definition Updates
Configure Endpoint Protection Agent policies
Deploy the Endpoint Protection Agent
Manage Endpoint Protection clients
I have a quick question. On page 20, “A new Software Update Package should be used for SCEP”, the screenshot shows a UNC path to package source. Do we create a new share or does this point to something that should already exist?
If you have a UNC path for different sources for SCCM (driver, OS, package, Software update) you can use that share.
Having a specific (and new) folder to store SCEP definition updates is the way to do it.
Hope this answer your question
I bought another report and have yet to receive it yet. I want to buy more of these reports but I don’t know if you guys are even in business or what’s happening. You definitely processed my card but no product.
Most of us are on summer holidays now. Will look into this asap.
Please provide us more detail in an email at firstname.lastname@example.org
Pingback: New Endpoint Protection Dashboard and Reports Available |
Pingback: List of SCCM Endpoint Protection Agent Versions |
Pingback: SCCM Endpoint Protection Management Guide |