During a quick or full scan, the user can not perform a scan (for example, files on a USB drive).

When reporting it would be great to see time of day for activity. For example, I may care less about social media or YouTube usage in evenings on company equipment than during the day.

A user should not be able to reboot n Remote Desktop server. That should require and Administrator.

Administrators should be able to disable the 'restart now' option

In SCEP logs add the option to show the IP address in addition to the hostname.

This would be beneficial for SIEM tools as you can more easily correlate events between systems as some systems (routers for example) only use IPs and not hostnames

For policies, especially related to content filtering, it would be great to have much more strict enforcement during business hours than during non-business hours on company equipment.

Alternately this would be a good tool to help enforce usage policies for hourly employees who should not be accessing certain equipment after business hours to ensure there are no labor law violations.

When using offline files if an item is detected within the cache it gets removes by SCEP using the system account. Offline files sees the file removed from the cache but not by the user so it just downloads it again from the file server. This repeats indefinitely and is only resolved if the file is touched by the user rather than system.

there is problem in windows 10 , the problem is your security . the security problem is " any one can rest your profile without make pin or password " and i have lost my all data from my documents .
and i am the biggest fan of my windows 10 .

In the SCCM Admin Console it would be nice to have shorter names for the column titles. Specifically the Endpoint Protection Definition columns.

I often setup Endpoint Protection Definition Last Version / Last Update Time/ Last Full Scan End Time

These take up a lot of room and require scrolling. It would be nice to abbreviate Endpoint Protection Definition to EP Def.

Have controls where you can block website and pages on all major browsers.

Hello, Dear Team, as we can in enterprises we need more control on the client machines. It will convenient if that control can be accessed in single console of the SCCM. As a endpoint protection we need control startup applications, launching applications(blocking or allowing), control of the removal devices, force removal of potentially exploit apps, even traffic analyzer is needed. Sound like a crazy but really needed features.

Somehow this disappeared in Windows 10 (Possibly 8 as well) it was there in Windows 7.

People who have access to SCCM can perform multiple tasks (i.e. initiate a scan, reboot the host...), but can't unquarantine the detected file for file/malware analysis purposes. Being said, it is good if SCCM has the capability of unquarantining some or all quarantined files, zip them with a password and ships them over to some other location that the SCCM admin defined when setting this feature up. It is also good to allow auto unquarantine functionality (meaning, the process mentioned above automatically after each detection if the SCCM admin wants to)

I like to have the Data from the securitycenter.windows.com (WDATP) with all the new 1709 Defender features back in to the Console, we have the Endpoint Protection status in there, but It would be really nice to have all the exploit data visible in the console in the Monitoring / Security Workspace. also the possibility to Isolate Machines and so on. One Console for anything.

the endpoint protection should have a new malware policy that will allow a central management of the windows defender security center - ransomware protection - allow an app through controlled folder access, allowing the IT admin to add/remove controlled folder access (and maybe give the user access to add extra files whenever required, but allow the IT admin to decide)

at the moment all the AV messages are in ConfigMgr, but if there is an outbreak there is only one way, via mail about alerting in CM, or we can configure StatusMessage rules to start something. Can we have a option to grab that infos to a SIEM like sentinel to get faster response about an outbreak? We need also reporting (very slow) and other mechanism in ConfigMgr that are very slow, but alerts in this case should be faster, like CM-Pivot automation to send some info's directly to a SIEM system, to get more possibility's.

Please provide the applicable windows defender application guard , etc policies in the sccm client properties like you already do for baselines . This makes it much easier for troubleshooting .

Ask change the requirements of Endpoit Protection Point. When we are installing Endpoit Protection Point the Windows Defener service should be started on the server. Because we are using a third-party anti-virus software, even if Windows Defener does not operate as an anti-virus software, we do not want to be configured to coexist multiple anti-virus.

If you're using the SCEP Client on a RDS Server and Malware has been found, every User on this Server gets a Notification from SCEP.

This really confuses many users and increases Service-Desk Calls, if you have Servers with for example more then 20 User Sessions.

Because of this, we currently have no other choice then to hide the User Interface.

It would be great if the Notification are only shown in the Session of the User, which triggered the Alert.

SCEP Marketing and Comparisons to Competition. For years I've been trying to get my account team to help us sell our security teams on the idea of switching to SCEP. To do that, we need material to help us market SCEP as a viable solution. We need to be able to compare features from our current vendor to SCEP. We need an objective look at what we gain versus what we give up if we move from our current solution. Unfortunately, it doesn't seem any of this exists.

Defender ATP onboarding policy shows error when successful.