Managing ForeFront Endpoint with SCCM2012

I believe with SCCM2012, Administrator can Deploy ForeFront Endpoint Protection client, configure it, set up policy for it, update it and monitor it.

If I understand Microsoft also has ForeFront server. I wonder if ForeFront Server is designed also to deploy the EndPoint Protection client, configure it , and do all that SCCM2012 can do regarding ForeFront EndPoint Management.

Since SCCM2012 as well as ForeFront Server are both Microsoft, I wonder if I can just use SCCM2012 and do without ForeFront, when it comes to EndPoint Protection ???

Any help will be very much appreciated.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
Couple of means for deploying FEP client
#1 Deploying the FEP client manually
#2 Deploying and managing the FEP client with SCCM
#3 Managing the FEP client with Group Policy
#4 Managing the FEP client with SCOM

The preferred way to deploy and manage FEP on client PCs is using the System Center Configuration Manager 2007 R3 platform. If you have SCCM, or if you deploy SCCM just to manage FEP, running the FEP server setup on top of SCCM 2007 R3 adds some huge functionality to SCCM.
In the past SCCM version, it is shared in further details on Automatically Deploying Forefront Endpoint Protection Updates via System Center Configuration Manager

Down the road, there is mention for SCCM 2012 as well as monitoring of FEP client which include below.
o Computers not targeted by FEP (will never get FEP client installed)
o Computers with out of date FEP Versions (have FEP installed, but is out of date)
o Computers Pending FEP Deployment (deploy is scheduled, but not started/finished yet)
o Run Antimalware Definition updates (=update the virus engine)
o Run Quickscan
o Run Full scan
o FEP email settings
o FEP Alerts

With System Center 2012 release, Microsoft has eventually adopted different approach to just using FEP server. They have included the endpoint protection service with Configmgr 2012.   Therefore now you can manage forefront via SCCM console.

So I see SCCM 2012 does suffice if the a/m is good enough if using FEP and I am not seeing any lacking (I am not going to drill into FEP specific capability comparing with other HIPS endpoint)
jskfanAuthor Commented:
I have not used ForeFront as Antivirus/Antimalware.
I have used TrendMicro in the past. it has a console , you can discover computers in Active Directory, then deploy the TrendMicro agent to computers. Computers will report back to TrenMicro server from which you can manage and monitor the function of TrendMicro Clients..

I wonder if ForeFront has the same concept ? if so then using SCCM seems like you can do the same thing from 2 different products : ForeFront Server and SCCM

The point I want to make is  what is Forefront able to do that SCCM is not, and vice-versa, in matter of Antivirus and Antimalware.

btanExec ConsultantCommented:
SCCM discover the asset and is still recommended if you see those links. FEP Policies are assigned to SCCM collections.  I see Forefront Endpoint Protection is built on System Center Configuration Manager. By default, the FEP Security Management Pack is configured to discover endpoints that are running server operating systems. If you want to monitor endpoints that are running client operating systems, you must perform manual procedure.

How to deploy Forefront Endpoint Protection 2012 beta on SCCM 2012 beta
After we installed the FEP 2012 server components in the previous step, this chapter gives a basic overview of the default FEP 2012 beta topics in the SCCM 2012 beta console.
The following SCCM options are available in Software Library console:
- Software Library / Overview / Application Management / Packages /
o FEP Deployment
o FEP Operations
o FEP Policies
Integrate Forefront Endpoint Protection (FEP) 2012 in System Center Configuration Manager (SCCM) 2012
Now that FEP 2012 is installed, how does it behave and how do you control it?
FEP functionality works via workstation collection membership – default policies are deployed via the Software Library to collections whose membership is kept up-to-date dynamically via SCCM discovery methods. Admins don’t actually need to do anything to ensure that FEP is deployed and updated correctly, as there’s enough default functionality in the system to guarantee that this happens automatically.

Forefront Endpoint Protection in SCCM 2012
Head over to Assets and Compliance –> Endpoint Protection –> Antimalware Policies (There you will have a default client policy, which is the only we are going to alter, since this applies to all SCEP agents in the site) You can also choose import a policy, Forefront comes with a bunch of premade policies that Microsoft has created.
When FEP is combined with SCCM, it give that Enterprise standing and in high term  - you can take a hands-off maintenance approach with the FEP client, get constant at-a-glance statistics, centralized logging, and centralized management, and you get to leverage your existing management infrastructure etc

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.