Manage FEP agents with or without SCCM
There’re some questions about FEP 2010 Standalone. Actually, it’s quite vague about the meaning of FEP 2010 Standalone.
FEP 2010 means FEP 2010 Server that are integrated with SCCM 2007. When most customers talk about FEP 2010 Standalone, they actually talk about to manage FEP agents without SCCM.
Below is the table break down by the management functionalities and each options you have on how to manage FEP agents:
Functionality |
SCCM |
SCOM |
GP |
Deployment |
Y |
N |
Y |
Policy management |
Y |
N |
Y |
Definition Update Deployment |
Y (with Update Rollup 1) |
N |
N |
Monitoring (alert) |
Y |
Y |
N |
Reporting |
Y |
N |
N |
To Use SCCM to manage FEP agents, you need:
- A healthy SCCM infrastructure
- Install the FEP 2010 (Update Rollup 1): https://technet.microsoft.com/en-us/library/hh211538.aspx
- Now you can manage FEP agents all through the SCCM UI (deploy, monitor and report, etc)
To Use SCOM to manage FEP agents, you need:
- A healthy SCOM infrastructure
- Use some way to deploy FEP agents (manually or through GP).
- Import the FEP 2010 Security Management Pack: https://technet.microsoft.com/en-us/library/gg412499.aspx
- Now you can monitor FEP agents
To Use GP to manage FEP agents, you need:
- A healthy AD infrastructure, all machines are domain joined.
- The way to deploy FEP agents would be the same as you deploy any other applications with GP.
- Download FEP Group Policy Tools: https://www.microsoft.com/download/en/details.aspx?id=13088 and import the admx template.
- Now you can manage FEP antimalware settings with Group Policy.
(FEP ADMX Reference: https://technet.microsoft.com/en-us/library/gg412481.aspx)
There only other option is to leverage Windows Intune, depending on the size of the organization and their wiliness to use a cloud solution.
https://www.microsoft.com/windows/windowsintune/pc-management.aspx