soetie Posted September 18, 2015 Report post Posted September 18, 2015 Hi All, im having a few questions but cant find the answer to it: 1. is sccm endpoint protection official released for windows 10 2. Can i install and manage ssccm ep also without the complete sccm suite. 3. is endp. protec, in windows 10 the same as the default windows defender? For now we have a policy that updates the client through windows updates. I dont want to use sccm but i still want to use endpoint protec. and manage updates etc through gpo. Is that possible? regards Quote Share this post Link to post Share on other sites More sharing options...
pembertj Posted September 18, 2015 Report post Posted September 18, 2015 See here for some answers: http://www.windows-noob.com/forums/topic/12780-scep-on-windows-10-rtm/ Quote Share this post Link to post Share on other sites More sharing options...
soetie Posted September 18, 2015 Report post Posted September 18, 2015 To bad that sccm is needed. I dont use sccm for any other purpose. Maybe i should have take a look at another virusscanner. Thanks Quote Share this post Link to post Share on other sites More sharing options...
Peter33 Posted September 18, 2015 Report post Posted September 18, 2015 SCCM is not needed. You can simply use the Windows Defender and configure it with group policies. That's basically the same what the SCEPInsatall.exe is doing when you are using Endpoint Protection with SCCM in Windows 10. Quote Share this post Link to post Share on other sites More sharing options...
NickolajA Posted September 22, 2015 Report post Posted September 22, 2015 Or you could manage it with Intune instead and OMA-DM, much cooler ;-) 1 Quote Share this post Link to post Share on other sites More sharing options...
boyjaew2 Posted February 22, 2016 Report post Posted February 22, 2016 So, what is the answer here? We know SCEP is replaced in win 10 with defender. I have messed with group policy to try and get it to run with no success.I previously deployed SCEP with ccm client. Now no matter what I try, short of changing the regkey for defender locally (which gets turned off again when GPO is applied regardless of a change in group policy settings) I have found no way to get access to the GUI locally on the client or see that it is being managed by sccm SCEP policy. What the heck is going on here? Thanks, Quote Share this post Link to post Share on other sites More sharing options...
ZeZe Posted February 22, 2016 Report post Posted February 22, 2016 I guess where you gain is on the reporting level. Windows Defender will do the job to secure your computer but on a management level, you'll need CM. But I never used it, but the reports are there and I assume that you might have more control to arrange different policies to different computer groups. Quote Share this post Link to post Share on other sites More sharing options...
boyjaew2 Posted February 22, 2016 Report post Posted February 22, 2016 I think that if I could some how magically get SCEP v. 4.8.10240.16384 into SMS_CCM\Client where my client install bits are it would maybe work. Right now I have v. 4.7.214.0 . Any idea which MS forest-gnome I have to genuflect to to get that upgrade? Is this even an accurate assumption? Quote Share this post Link to post Share on other sites More sharing options...
boyjaew2 Posted February 22, 2016 Report post Posted February 22, 2016 I imagine some of you sitting back and having a good chuckle at my little saga, but I think I've found out a few things that could come in handy. I'm still waiting to see if this is the real solution or not. So, bear with me. 1) It doesn't seem to matter what version of SCEP gets pushed with the ccm client install (the install will fail anyway - at least from what I've seen. Might be different with the GPO setting corrected?) as, when everything else is configured correctly it looks like win 10 just uses whichever version of defender it has on hand. 2) I had three GPOs on the OU I was testing. From what I've found all three have to have "Turn off Windows Defender" disabled. Although it looks like it should have worked with it Not configured as well, but that didn't seem to be the case for me. The key to watch on the client side is HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender - DisableAntiSpyware. If that is set to '1'. There will be problems. 3)Then, doing nothing else, I changed my Default Antimalware Policy in sccm, toggling the Real-time protection > Allow users on client computers to configure real-time protection settings: I would then update the machine policy VIA ccm client and I could see it being greyed on/off. So, I know my malware policy is still being respected VIA ccm settings. Though the settings now seem to be part of the OS and not in a tab on the defender/scep GUI. 4) I Ran gpupdate and rebooted several times and everything has stuck so far. That's all I've got. Hope it helps someone. I wasn't able to find single source anywhere that mentioned all of this in one go. So, FWIW. 1 Quote Share this post Link to post Share on other sites More sharing options...
boyjaew2 Posted February 22, 2016 Report post Posted February 22, 2016 P.S. I also tested defender communication with SCCM with an EICAR file and it caught, removed and reported on the file in the SCCM console as expected. Quote Share this post Link to post Share on other sites More sharing options...