There was still something missing with ConfigMgr 2012 B2 and that was the Forefront Endpoint Protection (FEP) integration. Well, that’s been taking care of now. It’s now available already for a week (see: Forefront Endpoint Security Blog), so it’s about time to take a first look at it. The installation hasn’t changed much since FEP 2010 with ConfigMgr 2007 (see also: ConfigMgr 2007 and Forefront Endpoint Protection 2010), except that it’s now ConfigMgr 2012 B2 aware.
The first thing that I noticed was that the FEP 2012 B client is not really the FEP 2012 client yet, but the still FEP 2010 client (evaluation version). Both have version number 2.0.657.0.
The next thing that I noticed was that there actually didn’t change that much… Of course there are now subfolders (under the Device Collections) instead of subcollections and everything can be found in the “new ConfigMgr 2012 –workspaces”, but for example the packages are still the “old” packages.
So did nothing change then? Of course there are some new things. One of these things is that there are new/ more Reports. Another bigger one is an add-on to the new Role-Bosed Security of ConfigMgr 2012. FEP 2012 provides three standard security roles for ConfigMgr 2012:
- FEP Full Administrator: All permissions for FEP in ConfigMgr
- FEP Policy Author: Permissions to create, modify and delete FEP policies in ConfigMgr
- FEP Policy Deployment Manager: Permissions to deploy FEP policies
I would say that there are still some obvious points to improve, like a newer client and a client deployment as a new ConfigMgr 2012 –Application.