Make the same report functions available in EP Mac client as on Windows
Make the EP for Mac enterprise friendly
For reference, if you're a Jamf Pro (formerly Casper Suite) user, there are some Extension Attributes you can configure which gather the status of SCEP:
You can also write your own using the scep_daemon binary which gets installed into:
(symlink of /Applications/System Center Endpoint Protection.app/Contents/MacOS )
/Applications/.scep/Contents/MacOS/scep_daemon --status can be parsed for results and fed back into the Extension Attributes.
For example, we parse out the RIPStatus value, to determine if the RealTime Protection has been disabled. You can also parse out how long since the last update attempt, how long since the last SUCCESSFUL updated was completed. And then make Smart Groups that apply remediation.
You could use scep_ctl to change the specific configuration setting, but in all the above cases (Disabled, over 2 days since last update attempt/last successful update) we usually just re-install the entire agent and re-apply our default configuration, as it causes SCEP to perform update, etc.
A bit brute-force but it works.
But, yes, SCEP reporting to Config Manager - or some other management tool - is still needed.
Reporting is basic, critical functionality needed in the enterprise environment. Please consider adding this.