Scheduled quick scans will not run on a laptop using battery power. Laptops are only plugged in when turned off and stored in charging carts so they NEVER automatically scan. I am trying to manage thousands of laptops in a school system. An option should be available to run the scan even when not plugged in to AC power.

We had to move away from SCEP to a "real" AV product. The main reason was due to the lack of data loss prevention in SCEP. If you added DLP, better reporting, an easy way determine what files had been quarantined and an easy way to restore files I may consider switching back. I just don't feel like SCEP is a full thought out AV solution. Instead it seems to be some afterthought that MS can't figure out what they want to do with. It deserves a dedicated console or at least a dedicated node inside ConfigMgr.

Endpoint protection client

As Bitlocker / MBAM is being fully integrated into SCCM, it would be useful to add an Anti-Tamper option so that end users with Admin Access are unable to remove Bitlocker Protection / Encryption without either a password (potentially similar to a recovery code from MBAM portal), or being granted access via SCCM with a new role.

This would also potentially need to be expanded to the Client so that it isn't possible to remove the client, and then the protection.

It would be good if we could set different policy configurations for OS Drive, Fix Data Drive & Removable Data Drive.
Currently We are not able to configure only OS Drive only

Would like to be able to use BitLocker Management portals when using non-standard SQL ports. Currently the install script\configuration requires standard ports in order to be able to install.

When Application Guard is configured through Group Policy, Enterprise PKI roots can be imported into the Application Guard container, but this setting is not available directly in Configuration Manager.

Adding this setting to Configuration Manager would allow easier configuration, and also prevent having two places where Application Guard is configured.

When using offline files if an item is detected within the cache it gets removes by SCEP using the system account. Offline files sees the file removed from the cache but not by the user so it just downloads it again from the file server. This repeats indefinitely and is only resolved if the file is touched by the user rather than system.

Hello, Dear Team, as we can in enterprises we need more control on the client machines. It will convenient if that control can be accessed in single console of the SCCM. As a endpoint protection we need control startup applications, launching applications(blocking or allowing), control of the removal devices, force removal of potentially exploit apps, even traffic analyzer is needed. Sound like a crazy but really needed features.

During a quick or full scan, the user can not perform a scan (for example, files on a USB drive).

Have controls where you can block website and pages on all major browsers.

A user should not be able to reboot n Remote Desktop server. That should require and Administrator.

Administrators should be able to disable the 'restart now' option

Somehow this disappeared in Windows 10 (Possibly 8 as well) it was there in Windows 7.

there is problem in windows 10 , the problem is your security . the security problem is " any one can rest your profile without make pin or password " and i have lost my all data from my documents .
and i am the biggest fan of my windows 10 .

One post in 2015.
2 posts in 2016.
None in 2017.
Last post over 12 months ago.
Not a Blog...

I would like to request for an downloadable link to the latest SCEP Installer. I have a restricted environment that is not managed by config manager. We have SCEP running on over 200k clients, configured by GPO. These machines are deployed using images. To ensure the client is not required to download SCEP+SP1+definition updates, the intent is to pre-load the updated VHD/WIM with the latest version of SCEP, so that the server is not taxed with having to download those updates from WSUS.

Unhide Endpoint Protection Reports (Default is hidden)
SQL Server Reporting Services > ConfigMgr_Site > Endpoint Protection (Now click Details view top right, select Endpoint Protection again) There is an Endpoint Protection - Hidden folder

Our security guys find that the OOB reports are not as details as let say Symantec Endpoint Protection Manager. Would love to see out of the box reports. Also, the Collection drop down list on the reports or console in relationship to SCEP does not work well with RBA. I have multiple I.T departments and I set up Collections for each sites for restriction where each site can only see their own collection. When in SCEP, the drop down collection list will show as empty.

In SCEP logs add the option to show the IP address in addition to the hostname.

This would be beneficial for SIEM tools as you can more easily correlate events between systems as some systems (routers for example) only use IPs and not hostnames