Information Technology Reference
In-Depth Information
role at the top site in the hierarchy, whether that is a central administration site or a
standalone primary site.
■
Client settings
To install the Endpoint Protection client on workstations, you must
configure the appropriate default client settings or create and deploy a custom client
setting that targets specific collections.
■
Software update point
If you want to use software updates to deliver antimalware
definition and engine updates, you must implement the Software Updates feature of
Configuration Manager.
■
Reporting services point
Before you can run reports related to Endpoint
Protection, you must configure a reporting services point site system.
■
Security permissions
The Endpoint Protection Manager security role provides the
ability to create and modify antimalware and Windows Firewall policies. This security
role also enables you to deploy Endpoint Protection policies to collections, to monitor
status, and to create and modify console alerts and reports. You must configure the
security role before you implement Endpoint Protection.
You can download specific Endpoint Protection clients to protect Mac computers and
Linux clients from the Microsoft Volume Licensing Service Center. You cannot manage these
clients from the Configuration Manager console. However, you can use a System Center 2012
Operations Manager management pack to manage Linux clients from Operations Manager.
MORE INFO
PREREQUISITES
You can learn more about Endpoint Protection prerequisites at
http://technet.microsoft
The Site System role
You must deploy the Endpoint Protection Point Site System role before you can install
Endpoint Protection on client computers. Consider the following factors when you deploy this
Endpoint Protection role:
■
Deployment within a Configuration Manager hierarchy
You can install the
Endpoint Protection point only on a single site system server. You must locate this
server within the central administration site for a hierarchy configuration or in the pri-
mary site in a standalone primary site configuration. You also must accept the specific
Endpoint Protection license agreement when prompted.
Microsoft Active Protection Service membership
When you install an Endpoint
Protection point, you may specify the default Microsoft Active Protection Service
membership setting. If you choose to join the service, Configuration Manager
automatically collects information about detected software and sends it to Microsoft.
Based on this information, Microsoft creates new antimalware definitions. You can
choose from two levels of membership:
■
