How to Enable Endpoint Protection Point on SCCM.

Working SCCM environment.

Windows Server Update Services (WSUS) is enabled and configured for software updates synchronization.

Software Update Point site system system must be enabled and configure to deliver definition updates if you will used Configuration Manager software update to deploy definition and engine updates.

Endpoint Protection role must be install on one site system server only and at the top of the hierarchy on a Central Administration site or Stand-along primary site.





To install the Endpoint Protection Role:

Open Configuration Management Console, Administration. In the Administration workspace, expand Site Configurations, then click Server and Site System Roles Right-click on the Server and Site System Roles, then choose Add site system roles. On the Add Site System Role Wizard, click Next until System Role Selection. Select Endpoint Protection Point. A warning message will pop-up and just click OK, then Click Next



On the Endpoint Protection License Terms, Accept the Licence terms by checking the check box, then click Next.

On the Cloud Protection Service, Select Basic Membership, then click Next, until Completion. On Completion, verify that Add Site System Wizard completed successfully, then click Close.





Your Endpoint Protection Point is now installed.





You can check the installation of the Endpoint Protection Point, on log EPSetup.log.











NOTE: Enabling the Endpoint Protection will install the SCEP client on the server.

When you are using Windows Server 2016, you might encounter an error "SCEPInstall.exe return 0x80070002". Check this post





NOTE:. Check this post Enpoint Protection error 0x80070002 on how to resolve it.

***Will continue to update this document to include configuration of Endpoint Protection, create and deploy antimalware policy and deploy endpoint protection client settings.





Stay tuned!









/Arlene





In this post I will discus how to enableonEnabling Endpoint Protection role in SCCM will allow you to manage antimalware policies and definition update, Windows Firewall security for you client computers in you Configuration Manager.Before installing Endpoint Protection Role, you must have the following: