Managing and monitoring SCEP (System Center Endpoint Protection) clients centrally allows for scalability. SCCM (System Center Configuration Manager) provides centralized SCEP configuration and management, and there are SCCM roles that must be configured to allow this.
- [Instructor] Even though System Center Endpoint Protection the client can be used on a standalone system, we can also integrate it with a server-side enterprise environment. And that's what we're going to do in this video. We're going to talk about the server requirements. Endpoint can be integrated with System Center Configuration Manager or SCCM. What's the benefit? Well, let's say that we've got hundreds or even thousands of endpoint devices that we want to protect with System Center Endpoint Protection. Instead of managing them each individually, we can add centralized management with SCCM where we have the central deployment of configurations to device collections.
In SCCM, a device collection you could think of as a group of computers. So we might have accounting computers or we might even have a collection just for certain laptops in a region. Either way, we get to deploy settings like anti-malware policies and Windows Firewall policies to these collections of devices, because often, not every device in the entire organization is going to need the exact same anti-malware setting. If that is the case, we can do that easily as well. With SCCM integration, we also have an easy way, a delivery vehicle, to send out updates to the SCEP Engine as well as to the anti-malware definitions.
So we can use the update mechanism already in place if we've configured it in SCCM. And of course SCCM allows us to configure alerts. So threshold notifications, even email notifications when certain items are violated, and we even have reports to report on our malware situation. Now, what do we need to do if we want to use the SCCM server-side component? Well, first, you're going to need to have Microsoft System Center Configuration Manager. Now if you've got that, that means that you've also got Active Directory, because SCCM requires Active Directory.
We also require DNS because that's used for name resolution, which is required by Active Directory, and SCCM stores its configuration data as well as its resultant data from inventorying and checking for malware issues that's stored in a SQL Server database. So that's also required. Simply stated, if you've already got SCCM up and running, you're good to go. Those are really SCCM requirements. Now, we also have to consider a mechanism for getting a hold of updates that we can deploy to our SCEP-protected clients.
But we'll go into those details in a different video. Here in the System Center Configuration Manager console tool, we can get an idea of how the integration with Endpoint Protection looks and feels. First of all, in the assets and compliance workspace which we see here down in the bottom left, notice that we've got Endpoint Protection in the left-hand navigator. If I expand that, we can work with our anti-malware policies, Windows Firewall policies, and Windows Defender ATP policies, advanced thread protection. At the same time, if we go to the software library workspace, take a look at our updates, I've already got some updates synchronized here.
Here we can see a number of definitions for Windows Defender that we can blast down to protected clients. And if I click on the monitoring workspace, for instance, I can go all the way down under Security under Endpoint Protection Status and get some information related to how we're doing in terms of our malware situation. So we can see that there's a lot of centralized integration and benefits to doing this with System Center Configuration Manager. In SCCM, there are a couple of roles that need to be configured to use System Center Endpoint Protection.
One is the Endpoint Protection point role, and that needs to be installed at the top of your SCCM hierarchy if you've got multiple servers and multiple sites. If you want to deliver updates, you're going to need a software update point role in SCCM to create things like automatic deployment rules that we'll cover in detail later in another demo. You will also need a reporting services point role if you want to run some of the reports related to Endpoint Protection, and you'll also consider maybe configuring an SNTP mail server if you want email notification through alerts.
Back here in the SCCM console, if I go to the Administration workspace, over in the left-hand navigation, I can drill down under site configuration, and if I go to Servers and Site System Roles, I can select one of my SCCM servers, and when I do that, down below, I can see which roles are installed, like here's the Endpoint Protection point role. We've also got a reporting services point role. If those roles aren't already there, we can just right-click on the server and choose Add System Site Roles to step through the configuration for the role.
So in summary, when we want to work with the server-side components related to System Center Endpoint Protection, we have to bear in mind that we could run the Endpoint Protection client standalone, but in an enterprise, it makes more sense to have a central management tool, and that would be SCCM. So therefore we should consider integrating Endpoint Protection protection with SCCM if we're already using SCCM. And to do that, you're going to need to think about some of the SCCM server roles that we discussed to make Endpoint Protection function properly.
- Malware types
- Getting Endpoint Protection up and running
- Deploying the SCEP Windows client
- Removing malware on a SCEP client
- Configuring custom policies
- Planning an update strategy
- Windows firewall settings
- Using PowerShell cmdlets for monitoring