Part 13: Endpoint Protection overview

, 0

In this post we will cover the following:

  • What is Endpoint Protection
  • When to use Endpoint Protection
  • Malware and Windows Firewall management
  • Microsoft Defender Advanced Threat Protection
  • Endpoint Protection clients

This post is still in development

What is Endpoint Protection

Endpoint Protection helps to manage antimalware policies and Windows Firewall security for the endpoints.

When to use Endpoint Protection

Endpoint Protection supports different configurations listed below directly managed from the ConfigMgr console

  • Configure antimalware policies, Windows Firewall, and manage Microsoft Defender Advanced Threat Protection.
  • Utilize Software Update Point to download the latest antimalware definition updates to keep endpoints up-to-date.
  • Configure email notifications, use in-console monitoring functionality, and reports.

Important
Windows 10 and Windows Server 2016 onward operating systems come with pre-installed Windows Defender. For these operating systems, the Windows Defender management client gets installed along with the ConfigMgr client without additional configuration. On the Windows 8.1 operating systems and earlier versions, the Endpoint Protection client is installed with the Configuration Manager client.

Malware and Windows Firewall management

Malware management with Endpoint Protection
In ConfigMgr console, you can create and deploy antimalware policies that contain settings for Endpoint Protection client configurations. These policies can be monitored through the monitoring functionality in the Endpoint Protection Status node under Security in the Monitoring workspace. Endpoint Protection reports are also available in the Reporting node.

Windows Firewall management with Endpoint Protection

Configuration Manager provides basic management of the Windows Firewall on client computers through Endpoint Protection. You can configure the following on each network profile:

  • Enable or disable the Windows Firewall.
  • Block incoming connections, including those in the list of allowed programs.
  • Notify the user when Windows Firewall blocks a new program.

Microsoft Defender Advanced Threat Protection

You can manage and monitor Microsoft Defender Advanced Threat Protection with Endpoint Protection. Here you can read more about Microsoft Defender Advanced Threat Protection.

Endpoint Protection clients

We already know that management clients are available for different Windows operating systems.

Well! Microsoft has also developed clients for Mac and Linux servers. Here you can check through official Microsoft documentation how to download those clients.