Thursday, November 1, 2012

System Center 2012 Endpoint Protection (part 3)

Last time I wrote a blogpost about System Center 2012 Endpoint Protection (SCEP) functionality. I mentioned the installation/configuration and deploying SCEP agents (Part 1), and deploying antimalware policies & definition updates (Part 2). This time the SCEP series continues with monitoring, dashboard views and reports. When antimalware policies and definition updates are in place, it's time to have a look at monitoring the SCEP agents. There are multiple functionalities for that.

Let's start with the SCEP dashboard first.

Beneath Monitoring, the "System Center 2012 Endpoint Protection Status" can be found. This is THE dashboard for viewing Security State (Client status, Malware remediation status, Top 5 malware by number of computers) and Operational State (Operational status of clients, Definition status on computers). It can be viewed for all collections where an anti-malware policy is deployed too. Because I deploy it to ALL servers and clients (most of time), I've selected the "All Desktop and Server Clients" collection here.

Nice thing is, it's completely dynamic. You can click on all Links and graphical stuff to go to the relevant system(s). After clicking a Link or graphical item, a specific SCEP collection is showed with systems and ALL (Deployment state, Policy name, Policy application state, Definition last version, Remediation status) Endpoint Protection information. From default collections there are buttons for SCEP available too. Both Endpoint Protection status and Malware details can be watched here. SCEP is integrated on multiple places in the console.

When looking at Reports, there are six SCEP reports available. Most usable ones are "Antimalware activity report" and Dashboard. Both have a nice graphical layout by default. When rightclick on a report it's possible to select "Create Subscription", which generates a report on a scheduled time. Reports can be delivered by Windows File Share and E-mail this way. You can define the Render format also, which can be: XML, CSV, TIFF, PDF, (M)HTML, RPL, Excel and Word files.

My personal conclusion:
Microsoft did a great job with SCEP integration in ConfigMgr 2012, with: automatic SCEP client deployment, multiple policies which can be merged, a very nice dynamic dashboard, automatic deployment rules for definition updates & beautiful reports which can be delivered multiple ways and saved in multiple formats! Therefore I recommend customers for using SCEP all the time. SCEP integration in ConfigMgr 2012 is the best antivirus solution there is!

No comments:

Post a Comment