Allow for the provisioning, management and recovery of bitlocker protected volumes using sccm.

Would like to see the option to password protect/prevent client uninstall when the client is used for endpoint protection. This goes with another suggestion of having the client block removable media read and/or write.

We would like to see the ConfigMgr client endpoint protection aspect to be able to block read and/or write access to removable media and if need be admins able to password bypass. This is one aspect of 3rd party endpoint protection software that prevent companies form switching to ConfigMgr for endpoint protection.

In the SCCM Admin Console it would be nice to have shorter names for the column titles. Specifically the Endpoint Protection Definition columns.

I often setup Endpoint Protection Definition Last Version / Last Update Time/ Last Full Scan End Time

These take up a lot of room and require scrolling. It would be nice to abbreviate Endpoint Protection Definition to EP Def.

Some malware reproduces themselves in various files.
For us a Quick/Full Scan if the Client is infected would be great.

Option:
If the Client was infected within "X" Hours/Days, run a "Quick/Full" Scan and create a report

We're currently able to allow real time protection in Defender to be managed/disabled. It would be really nice if we could set a max time limit where it would re-enable itself if someone has disabled it.

I am currently migrating exclusions from MacAfee where they can use drive exclusions. Because we can put something in c:\programfiles\programname or d:\programfiles\programname I have to exclude all paths that someone may put the application into. In MacAfee they can do **\programname\exclusion.

Ask change the requirements of Endpoit Protection Point. When we are installing Endpoit Protection Point the Windows Defener service should be started on the server. Because we are using a third-party anti-virus software, even if Windows Defener does not operate as an anti-virus software, we do not want to be configured to coexist multiple anti-virus.

As of SCCM 1802 all Windows 10 devices show as managed in the SCCM console for Endpoint protection, even if those devices have another Antivirus product installed such Symantec Endpoint Protection.

While I'm all in favour of not requiring the SCEP client on Windows 10, devices where Windows Defender is disabled because another AV product is installed should not show as managed. This is just confusing and makes it hard to see how many devices are actually managed by SCCM.

Antimalware policy cannot configure ScanPurgeItemsAfterDelay in it.
It would help all admins if we can set the value in the policy.
QuarantinePurgeItemsAfterDelay can be set in the policy. So let's have ScanPurgeItemsAfterDelay configurable in order to achieve full control on antimalware history management.

the endpoint protection should have a new malware policy that will allow a central management of the windows defender security center - ransomware protection - allow an app through controlled folder access, allowing the IT admin to add/remove controlled folder access (and maybe give the user access to add extra files whenever required, but allow the IT admin to decide)

Please provide the applicable windows defender application guard , etc policies in the sccm client properties like you already do for baselines . This makes it much easier for troubleshooting .

See Apple's support article HT208436 "32-bit app compatibility with macOS 10.13.4 High Sierra" at https://support.apple.com/en-us/HT208436.

SCEP version 4.5.32.0 runs as a 32-bit app, so it warns users about compatibility, displaying error "SCEP is not optimized for your Mac. This app needs to be updated by its developer to improve compatibility."

This error does not instill our supported users with much confidence about their security.

We use a "next gen" AV program, but we want to leverage Windows Defender to do "limited periodic scanning". The setup is supported by Defender and or AV client, but there does not seem to be an option to enable the feature via SCCM EPP management. I'd like to be able to force this to be toggled on.

When I view the dashboard for Windows Defender ATP I can see onboarding status % and agent health but cannot click on the pie chart nothing happens. It would be great if I can see list of machines for each status

In SCEP logs add the option to show the IP address in addition to the hostname.

This would be beneficial for SIEM tools as you can more easily correlate events between systems as some systems (routers for example) only use IPs and not hostnames

The v_AM_NormalizedDetectionHistory view in the SCCM database does not accurately reflect the RemediationType for detected threats. It almost always shows NoAction, even though the threat was quarantined or removed.

We are using this view to report status to our SIEM system, and our security team would prefer that it actually show how the threat was remediated.

Instead of having organizations manually create shares and write custom scripted solutions for downloading the updates, have ConfigMgr natively be able to handle this.

ConfigMgr Site Settings:
- Define 1 or more network locations
- Define an update schedule for how often ConfigMgr will download new SCEP updates to those locations
- Optional settings - Define proxy information and service account

It would be awesome if it did this through a scheduled task so it could survive ConfigMgr services being down (primary/db, etc).

Endpoint Protection - Monitoring mode only.

Sometimes, in first Endpoint Protection deploying in specific business sensetive networks, we need option to detect malwares and monitor only without any actions with malwares. If malware detected Endpoint Protection will only report to SCCM console and no other actions. SCCM administrator will decide what to do with the detected malicious objects, so as not to stop the business process if it is infected.