System Center Endpoint Protection Cookbook Review
Well this is our first book review of 2017 here at SCConfigMgr.com and I couldn’t think of a better subject, endpoint protection.
The endpoint protection product in question is none other than Microsoft’s own Systems Center Endpoint Protection which ships as part of the Systems Center Configuration Manager product and to most of you it will look very similar to Windows Defender. The author in question is fellow Enterprise Mobility MVP, Nicolai Henriksen.
Do Not Overlook Systems Center Endpoint Protection!
Microsoft Systems Center Endpoint Protection (formally Forefront Endpoint Protection) is a product which many people overlook during the exploration of the requirement to protect their servers and clients. I think one of the main reasons for this is that fact that the protect on the surface might appear to be basic in nature, lacking the bells and whistles of the often complex option lists of top tier vendors.
The truth of the matter is though that for the majority of environments, SCEP will provide you with high level of protection which is already licensed for when you have an SCCM environment in place.
Comprehensive Step by Step Reading
Nicolai does a great job at taking you through the process of adding the SCEP role in SCCM, deploying clients via both client settings and Windows imaging tools, reporting on client compliance and also provides tips and tricks to get more out of the product in terms of newer generation of security threats including potentially unwanted programs.
Due to the fact SCEP is in effect a bolt on for SCCM, it is important to understand how the various aspects of management fit together. From creating collections based on the role of the client, to the hand in hand aspect of settings in both group policy objects and the SCCM console, all of which are covered here.
Performance optimisations are discussed in chapter 3 and I would pay particular attention to the section on process exclusions (https://support.microsoft.com/en-us/kb/943556) as failure to apply the recommendations can result in undesirable effects.
Modern Day Threats Explored
In the closing chapter of the book it runs through coping mechanisms for potentially unwanted programs, submitting suspect files to Microsoft, the role of the Enhanced Mitigation Experience Toolkit. Nicolai also runs through how to protect against ransomware using the FSRM role in Windows Server (which incidentally inspired my recent post on this matter – http://www.scconfigmgr.com/2017/03/21/protect-file-servers-from-ransomware-with-sccm-cicb/).
I would highly recommend anyone who is considering opting to use SCEP as their primary endpoint security product to add this book to their “IT Library”.
Further information about the author, and where to purchase the book can be found at the following URL – https://www.packtpub.com/books/info/authors/nicolai-henriksen
Maurice has been working in the IT industry for the past 18 years and currently working in the role of Principal Consultant with TrueSec. With a focus on OS deployment through SCCM/MDT, group policies, active directory, virtualisation and office 365, Maurice has been a Windows Server MCSE since 2008 and was awarded Enterprise Mobility MVP in March 2017.