Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Have SCEP for Mac and Linux report to Config Manager

Endpoint Protection for Mac and Linux, once installed, are simply adrift in the workstation cosmos, with no visibility of their health, status or activity. This is abnormal in the antimalware/antivirus space. Unless you're a home user, administrative reporting and visibility is a must.

14 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    TBBX shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • TBBX commented  ·   ·  Flag as inappropriate

        For reference, if you're a Jamf Pro (formerly Casper Suite) user, there are some Extension Attributes you can configure which gather the status of SCEP:
        https://www.jamf.com/jamf-nation/discussions/15170/managing-microsoft-system-center-2012-endpoint-protection
        You can also write your own using the scep_daemon binary which gets installed into:
        /Applications/.scep/Contents/MacOS aka
        (symlink of /Applications/System Center Endpoint Protection.app/Contents/MacOS )
        /Applications/.scep/Contents/MacOS/scep_daemon --status can be parsed for results and fed back into the Extension Attributes.
        For example, we parse out the RIPStatus value, to determine if the RealTime Protection has been disabled. You can also parse out how long since the last update attempt, how long since the last SUCCESSFUL updated was completed. And then make Smart Groups that apply remediation.
        You could use scep_ctl to change the specific configuration setting, but in all the above cases (Disabled, over 2 days since last update attempt/last successful update) we usually just re-install the entire agent and re-apply our default configuration, as it causes SCEP to perform update, etc.
        A bit brute-force but it works.

        But, yes, SCEP reporting to Config Manager - or some other management tool - is still needed.

      • Craig commented  ·   ·  Flag as inappropriate

        A single pane of glass is really important for SCEP across multiple operating systems!

      • Daniel Lingfjord commented  ·   ·  Flag as inappropriate

        I agree with TBBX. I cannot stick with SCCM alone if its unable to do this. I'll need support from managers to allow budget for another system to properly do these things instead of SCCM.

      • JS commented  ·   ·  Flag as inappropriate

        Seems like important, basic functionality that could easily be added. Please consider implementing reporting for other OS versions!

      Feedback and Knowledge Base