Manage compliance and endpoint protection settings - Managing Enterprise Devices and Apps

Information Technology Reference

In-Depth Information

The ability to take advantage of the management infrastructure Endpoint

Protection uses the existing Configuration Manager infrastructure to communicate

policy settings to clients and retrieve status information from clients.

■

Enhanced monitoring and reporting Configuration Manager provides extensive

monitoring capabilities such as email notifications, in-console monitoring, and reports

that inform administrators of malware presence and the security status of client

computers.

■

MORE INFO INTRODUCTION TO ENDPOINT PROTECTION

You can learn more about Endpoint Protection at http://technet.microsoft.com/en-us

/library/hh508781.aspx .

Implement Endpoint Protection by performing the following general steps:

1. In the central administration site or a standalone site, install the Endpoint Protection

Point Site System role.

2. Create collections as necessary and then configure Endpoint Protection alerts for each

collection. Subscribe to alerts as necessary.

3. Determine the source for obtaining updates to malware definitions and the antimal-

ware engine. You must configure additional roles, such as the Software Update Point

role, if you plan to use Configuration Manager software updates as the update source.

4. Configure antimalware policies as needed. The Default Antimalware Policy will apply

to all Endpoint Protection clients in the hierarchy. You can create and deploy custom

antimalware policies that will override the settings in the default policy.

5. Configure client settings for Endpoint Protection. You can use client settings to install

and enable Endpoint Protection clients on client computers. As you enable clients, any

antimalware policies that you have configured through client settings will come into

effect. You can create and deploy custom client settings to target specific collections

as needed.

6. Optionally, create and deploy Windows Firewall policies. You can configure Windows

Firewall profile settings and then deploy the policy to specific collections.

Monitor and manage Endpoint Protection by using the console and alerts.

7.

Prerequisites

To implement Endpoint Protection within your Configuration Manager primary site or hierar-

chy, you must meet the following prerequisites:

Endpoint Protection point Before you can install the Endpoint Protection client on

workstations, you must install and configure an Endpoint Protection Point Site System

■

Search WWH ::

Custom Search

Home