Endpoint protection is pretty sweet, and the integration with SCCM Console is very well done. Nice work MS guys!
This is basically a dump from my internal documentation. It might be a little unpolished, but sometimes it’s better to ship a product then continue fretting about perfection…
Install EPP Role on the CAS
- Navigate to Administration -> Sites -> Site Server and System Roles
- Right-click the CAS and choose “Add site server role.”
- On the System Role Selection screen choose ‘Endpoint Protection Point’ and click Next.
- On the Endpoint Protection screen accept the license terms.
- On the Microsoft Active Protection screen review the information and make a choice.
Create EPP Collectons
- Download the script named prep-site-server-wsus.ps1 from my Github page.
- Modify the variables at the top of the script to match your Org’s name and site code.
- Run the script ON THE SITE SERVER, using your admin account.
Configure and Deploy Custom Anti-Malware Policies
- Navigate to Assets and Compliance -> Endpoint Protection -> Antimalware Policies.
- Right-click -> Import.
- In the import dialog, navigate to “C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates”.
- For each Endpoint Collection that was created, there should be a custom anti-malware setting found in the folder that can be imported. Choose to import an .xml template that matches a collection you’re interested in working on.
- Right-click the imported EPP Policy and choose ‘Deploy’.
- Deploy the policy to the collection that matches the policy name best.
- Repeat this process for all of your EPP collections.
Configure Client Settings
- Navigate to Administration -> Client Settings.
- Right-click and choose to create a new client settings package.
- On the ‘General’ screen, name the new package and check the box labeled ‘Endpoint Protection’.
- On the Endpoint Protection screen, set the following settings
Manage Endpoint Protection client on client computers: True Install Endpoint Portection client on client computers: True Automatically remove previously installed antimalware software: True Suppress any required computer restarts: True Disable alternate sources for the initial update: False
- Click OK to save changes.
- Right-click the new client settings package and choose ‘deploy’.
- Deploy the client settings to a collection of your computers.
Endpoint should now be uninstalling your previous virus scanner, and installing the EPP. Wooo!