wilbywilson Posted June 12, 2014 Report post Posted June 12, 2014 The way we have our SCCM 2012 R2 infrastructure configure is for EndPoint Protection to be installed if a machine is in a certain device collection. For instance, we have a "Endpoint Protection Laptops" collection, which queries for all laptop chassis types, and if a machine gets itself into that collection, it gets EndPoint protection installed with the custom laptop policy. Same thing with desktops, querying for the desktop chassis type, which then gets the desktop custom policy. But how are people handling VMs? It wouldn't be hard to query for VMs, but some of our VMs are Windows 7, some are Windows Server 2008/2012, etc. I wouldn't want the same endpoint protection policy to apply to all VMs, because they have different roles. Is it best practice to manually assign the VM to the Endpoint Protection device collection that it should be in? Or is there some query/strategy that I'm overlooking? Thanks Quote Share this post Link to post Share on other sites More sharing options...
Jorgen Nilsson Posted June 12, 2014 Report post Posted June 12, 2014 hI, Make a policy with the setting you want to change for the VM's, policies merge in ConfigMgr r2 for exclusions and so on so you can still use the same exclusions as you have for the Operating System.Then deploy it to a "vm" collection with the setting you want to change perhaps scheduled Scan for instance. Regards,Jörgen Quote Share this post Link to post Share on other sites More sharing options...
wilbywilson Posted June 16, 2014 Report post Posted June 16, 2014 Thanks for the idea, Jorgen. You've put me on the right track now. Quote Share this post Link to post Share on other sites More sharing options...
