Have SCEP for Mac and Linux report to Config Manager
Endpoint Protection for Mac and Linux, once installed, are simply adrift in the workstation cosmos, with no visibility of their health, status or activity. This is abnormal in the antimalware/antivirus space. Unless you're a home user, administrative reporting and visibility is a must.
For reference, if you're a Jamf Pro (formerly Casper Suite) user, there are some Extension Attributes you can configure which gather the status of SCEP:
You can also write your own using the scep_daemon binary which gets installed into:
(symlink of /Applications/System Center Endpoint Protection.app/Contents/MacOS )
/Applications/.scep/Contents/MacOS/scep_daemon --status can be parsed for results and fed back into the Extension Attributes.
For example, we parse out the RIPStatus value, to determine if the RealTime Protection has been disabled. You can also parse out how long since the last update attempt, how long since the last SUCCESSFUL updated was completed. And then make Smart Groups that apply remediation.
You could use scep_ctl to change the specific configuration setting, but in all the above cases (Disabled, over 2 days since last update attempt/last successful update) we usually just re-install the entire agent and re-apply our default configuration, as it causes SCEP to perform update, etc.
A bit brute-force but it works.
But, yes, SCEP reporting to Config Manager - or some other management tool - is still needed.
A single pane of glass is really important for SCEP across multiple operating systems!
Daniel Lingfjord commented
I agree with TBBX. I cannot stick with SCCM alone if its unable to do this. I'll need support from managers to allow budget for another system to properly do these things instead of SCCM.
Seems like important, basic functionality that could easily be added. Please consider implementing reporting for other OS versions!