Windows 10 is out since July 29th, now you want to manage Windows 10 Endpoint Protection with SCCM 2012.

You have probably noticed that Windows 10 comes natively with Windows Defender. Instead of Endpoint Protection, it is now the default anti-malware managed by SCCM 2012. Actually, the Endpoint Protection agent is installed locally in Programs & Features but it’s using the Windows Defender UI with a thin layer of Endpoint Protection to manage policies and malware definitions.

If you have already deployed Windows 10 in your environment, you might have encountered an issue where your Endpoint Protection policies are applied but the malware definitions are not updated.

Some have found a way to work around this problem by extracting the Endpoint Protection installer and make Endpoint Protection malware definitions automatically update.

Unfortunately, this TechNet article is the only official documentation but it’s mentioning only Windows 10 Technical Preview, no word about Windows 10 RTM. Might only be a matter of updating their documentation.

For now, we will take the Windows 10 Technical Preview documentation and apply it to our Windows 10 RTM. It consists in enabling Windows Defender from the products tab in Software Update Point component properties.

SCCM 2012 Windows 10 Endpoint Protection Configuration

Prerequisite

Enabling Windows Defender Product

  • Go to Administration / Sites Configuration / Sites
  • Select your most top site on which Software Update Point role is installed
  • Go on Configure Sites Components from the top ribbon
  • In the drop down menu, click on Software Update Point
  • In the Software Update Point Components Properties window, go on the Products tab
  • Check Windows Defender under the Windows section, and then click on OK
    • Ensure that you have also Windows 10 checked
sccm 2012 windows 10 endpoint protection

Synchronizing Software Updates

  • Go to Software Library / Software Updates / All Software Updates
  • On the top ribbon, click on Synchronize Software Updates
sccm 2012 windows 10 endpoint protection

Verification

  • Go to Software Library / Software Updates / All Software Updates
  • In the Search field, look for Windows Defender
  • Validate that make sure you have Windows Defender definition updates in the result list
sccm 2012 windows 10 endpoint protection

From there, you deploy Windows Defender definitions like you would normally do with your existing Windows updates. To enhance your process, you could also configure an Automatic Deployment Rule (ADR) to automate the package creation and deployment.

We will update this post when Microsoft officially release their updated documentation.

Comments (13)

John Doe

11.18.2015 AT 01:14 AM
I still can´t see any reports from win10 machines or can manage Defender in SCCM . Win7 machines with SCEP are OK.

Hasan

10.27.2015 AT 12:18 AM
Great Article... A million thanks Sir.

Jonathan Lieng

11.03.2015 AT 09:29 PM
It's our pleasure Hasan and we are happy and can help out some of you.

Ola Holtberget

10.06.2015 AT 08:20 AM
Does anyone know how to import the endpoint protection policy to the Windows Defender during deployment? Like SCEP does it: scepinstall.exe /s /q /NoSigsUpdateAtInitialExp /policy %~dp0ep_defaultpolicy.xml Does Windows 10 Defender have something similar?

Ola Holtberget

10.07.2015 AT 04:49 AM
Found a solution for Windows Defender in Windows 10: "c:\Program Files\Windows Defender\ConfigSecurityPolicy.exe" EP_Policy.xml

Fred

10.02.2015 AT 06:40 AM
Hi, Does anyone know how WIN10 Defender reports an malware infection to SCCM ? I have tested but I can´t find anythin from SCCM. Local Computer shows that my my test virus has been identified and quarantined.

MrRoboto

10.08.2015 AT 11:27 AM
You need to make sure the client policy for your systems in SCCM under Administration > Client settings has Endpoint Protection enabled and set to manage client computers. This seems to allow the reporting of viruses to flow in from our Windows 10 Defender clients as well as reporting the installed version and remediation status. I can see the settings we have in our SCCM endpoint protection antimalware policies in the registry under HKLM\SOFTWARE\Policies\Microsoft\Windows Defender

Brad

09.09.2015 AT 11:39 AM
Although Endpoint is now built into Defender, the UI is vastly different and very limiting to end-users. Some details are described below. Let's hope Microsoft fixes this soon. http://www.proweb-solutions.net/blog/sccm-2012-r2-sp1-windows-defender-explained/

Chris

09.08.2015 AT 08:14 AM
Excellent article..

Benoit Lecours

09.15.2015 AT 08:04 AM
Thanks !

Nicolas Pilon

09.09.2015 AT 11:25 AM
Thank you Chris!