Faster Delivery = Happy Users
Automated Process = Fewer Errors
Standards = Cost Reduction
Order Visibility = Confidence
Linking Systems = Efficiency
Forefront for Endpoint Protection (FEP) has been released. So what does that mean for your organization and what implications will it have? Below we’re going to get into the details around why Microsoft has initiated this change but firstly let’s look at the main effects of this change:
Forefront for Endpoint Protection 2010 will no longer be managed by its own separate management console, this function will now be directly integrated with System Center Configuration Manager (SCCM).
This represents a philosophical change in the way Microsoft views security for endpoints. MS believes that simply having an anti-virus/anti malware tool is no longer enough for proper protection in the modern landscape. They believe that comprehensive security is better achieved by incorporating traditional endpoint security tools leveraged by central management capabilities. One cannot have a secure system if either of those traditionally separate philosophies are not aligned.
What does this change entail? Who needs to be aware of this?
a) Current Forefront for Client Security customers will need to license System Center Configuration Manager for their environment in order to centrally manage and deploy the solution. This would entail the purchase of either SCCM or the Core CAL for customers who don’t already own either.
b) Customers who currently own the Core CAL or SCCM and who aren’t leveraging Forefront for Endpoint Protection should revisit their security spend and consider leveraging this centrally managed solution.
c) This applies even more so for customers who own the ECAL; they already own the full System Center Client Suite as well as Forefront Protection Suite and as such will benefit from the enhanced security management provided by this change and potentially reduce security costs.
It should be noted that if you choose to deploy Forefront for Endpoint without System Center you can on a system by system basis but you will not have the ability to push out updates centrally, end user devices will need to update directly from MS. For more information on this process see the FEP Technical Resources on TechNet link below.
Please keep in mind that an SCCM Standard ML is needed to deploy Forefront for Endpoint to Server OS. Customers who already own the System Center Server Management Suites (SMSE or SMSD) already own the requisite licenses and therefore can leverage this change to their benefit for their server deployments right away.
If you want to learn more about Forefront for Endpoint Protection, see the highlights and features, please see the following links:
Forefront for Endpoint Protection home page:
Forefront for Endpoint Protection and System Center Configuration Manager trial download page:
Forefront for Endpoint Protection FAQ page:
Forefront for Endpoint Protection Team Blog:
Forefront Team Blog (lists a number or resources provided for Endpoint Protection)
The FEP technical resource pages on TechNet:
System Center Team Blog (This links to an article on the convergence of Desktop Security and Management)