In windows 10 when managed by SCCM+Endpoint Protection, we get Windows Defender as the Endpoint Protection client, which is fine as they use the same engine.

However the icon is for Windows Defender which doesn't make sense.

Can we change it to the SCEP icon instead which would make more sense and go along with the installed software SCEP in control panel which does have the correct icon (in Programs and Features).

Having the SCEP icon would be a nice visual clue (aside from looking at applied policies) that SCEP was managing Antivirus rather than Windows itself

SCEP Malware Alerts - Customized
The ability to customize the text and have the ability to select which fields you wish to include within the Malware email alert.

Add the option to allow/block USB devices on the endpoint protection.

It would be nice to have ability to enable Tamper Protection in defender via SCCM antimalware policy

The vAMNormalizedDetectionHistory view in the SCCM database does not accurately reflect the RemediationType for detected threats. It almost always shows NoAction, even though the threat was quarantined or removed.

We are using this view to report status to our SIEM system, and our security team would prefer that it actually show how the threat was remediated.

Great to see MBAM fully integrated in CM 1910, but the policy does not have any option to enforce the encryption. User can always postpone it.

For more info, see this: https://www.youtube.com/watch?v=kRkyx_-l9QU

Seeing how the Recovery Service endpoint only requires IIS and a Management Point role, would it be feasible to have the endpoint run on CMG?

Internet-based clients in a co-management environment cannot reach the internal MP URL. Unless they use a VPN connection. We could leverage the BitLocker CSP policies available in Intune but that doesn't offer integration with recovery keys stored in the SQL DB, or the Helpdesk and Self-Service portals.

Supporting the MBAM role through CMG could be a quick win.

Some Attack Surface Reduction Rules are missing in the Windows Defender Exploit Guard settings.

Please include the following Rules:
Block Office communication application from creating child processes
Block Adobe Reader from creating child processes
Block persistence through WMI event subscription

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction

In 1906, WDAC rules can be modified only on Folder and Files level and that is not enough. Like in Applocker, we need Publisher rules and file signing support. It is great that ex-Device Guard starts to be more or less accassable to control with GUI, but current features are not enough to utilize it to production yet. Please make it to be as controllable as Applocker.

Please add the possibility in a MW to "apply this schedule to"
- EP Defintion Updates (you may want to allow daily defintion updates, but you don't want to install anything else at that time)
- Security Updates (not all Software Updates, as it is now, but only Security Updates)

In this case make it multiselect too.

Right Click on a Computer no matter where I am looking at in SCCM and do a Virus Scan.

Please include always latest SCEP client in the SCCM client directory/package.

e.g. in SCCM1610 still the SCEP client 4.7.214.0 is included.
Current version is 4.10.209.0.

So additional effort can be reduced as the SCEP client will be updated with SCCM client auto-upgrade function.

A overview about the SCEP Policy as we have in Client Settings Resultant Box on every Client, that would be nice to show which Policy is finally running on a client. if you have more than 1 Policy you get the really end result of excludes or settings...

SCEP integration to SCSM, so that alerts would create an incidents. It should be possible to configure, so that SCSM wouldn't be flooded with the same alert over and over again for a particular computer, or if there is a major outbreak.

See Apple's support article HT208436 "32-bit app compatibility with macOS 10.13.4 High Sierra" at https://support.apple.com/en-us/HT208436.

SCEP version 4.5.32.0 runs as a 32-bit app, so it warns users about compatibility, displaying error "SCEP is not optimized for your Mac. This app needs to be updated by its developer to improve compatibility."

This error does not instill our supported users with much confidence about their security.

It would be great if there was an option to disable the icon showing there is an active scan in progress in taskbar on client computers. The icon should remain, but it should remain static, not to show when the scan is on progress. We have many users, complaining their computer is considerebly slower when EP is scanning, which is ofcourse not true, because the EP is set to only use 10-20% of cpu. Many of those complaint would be non existent, if the the icon would not show when EP is doing a scan :)