Microsoft Forefront Endpoint Protection 2010 and Microsoft System Center Deep Dive into Management and Reporting

0
0
1495 days ago, 634 views
PowerPoint PPT Presentation
Session Objectives and Takeaways. Session Objectives(s):Demonstrate streamlined administration and operations for Forefront Endpoint Protection utilizing System Center Configuration ManagerUnderstand how to successfully oversee FEP PolicyFEP Monitoring: Dashboard, Alerts

Presentation Transcript

Slide 1

SIM311 Microsoft Forefront Endpoint Protection 2010 and Microsoft System Center Deep Dive into Management and Reporting Chris Norman Sr. Acceleration Engineer Microsoft Adwait Joshi Sr. Item Manager Microsoft

Slide 2

Session Objectives and Takeaways Session Objectives(s): Demonstrate streamlined administration and operations for Forefront Endpoint Protection utilizing System Center Configuration Manager Understand how to viably oversee FEP Policy FEP Monitoring: Dashboard, Alerts ~ezentity_amp~amp; Reporting FEP Remediation Tasks: Virus outputs and mark refreshes Takeaways Convergence of FEP and ConfigMgr makes endpoint assurance and administration simple and more successful

Slide 3

Forefront Endpoint Protection 2010 One framework for desktop administration and insurance Enhanced Protection Simplified Desktop Management Ease of Deployment Built on top of Microsoft ~ezentity_#174~ System Center Configuration Manager Supports all System Center Configuration Manager topologies and scale Facilitates simple movement Deploy crosswise over different working frameworks Windows ~ezentity_#174~ customer and Server Protection against all sort of malware Proactive security against zero day dangers Productivity-arranged default setup Integrated administration of host firewall Backed by Microsoft Malware Protection Center Unified administration interface for desktop chairmen Effective cautions Simple, operation-situated strategy organization Historical detailing for security executives

Slide 4

Policy Lifecycle

Slide 5

Policy Lifecycle at a Glance Policy Creation: ConfigMgr Console Group Policy Management Console Export/Import of XML (fep2010gptool.exe) Policy Deployment: ConfigMgr Software Distribution of Policies bundle Group Policy Command-line During install (FEPInstall.exe/approach ~ezentity_amp~lt;policy~ezentity_amp~gt;) After Install (ConfigSecurityPolicy.exe ~ezentity_amp~lt;policy~ezentity_amp~gt;) Policy Monitoring: Dashboard and Reports

Slide 6

FEP Policy: CfgMgr or Group Policy~ez_AElig~

Slide 7

Policy Creation: ConfigMgr Console New Policy wizard Create new approach in light of layout Copy existing arrangement Use source strategy as format Import strategy from XML

Slide 8

Policy Templates - Client

Slide 9

Available Server Workloads Policies

Slide 10

Default Policies FEP gives 2 default strategies: Default Desktop Policy Weekly snappy sweep, RTP on, default prohibitions, Firewall empowered Assigned to Deployment Succeeded\Deployed Desktops Collection Default Server Policy No planned output, RTP on, default avoidances, Firewall not empowered Assigned to Deployment Succeeded\Deployed Servers Collection Can be changed however not erased

Slide 11

Policy Precedence Computers can have a place with different Collections, so might be contender for various strategies Only one approach can be connected by means of ConfigMgr at once ConfigMgr - conveyed approach does not bolster ~ezentity_quot~layering~ezentity_quot~ Precedence is utilized to decide the viable arrangement

Slide 12

FEP 2010 Policy Management demo

Slide 13

Under the Hood: Policy Creation Admin makes/refreshes a FEP arrangement in reassure A ConfigMgr Program is made inside the ~ezentity_quot~FEP Policies 1.0~ezentity_quot~ Package and set to incapacitated Status Filter dispatches PlcUpdtr.exe Ensures default arrangements are available and a la mode Creates genuine program and updates the program~ezentity_#39~s ISV Data Updates Client establishment Package with default strategies if necessary Enables every impaired program Creates Applypolicy.vbs if missing All movement is logged to C:\Program Files\Microsoft Configuration Manager\ AdminConsole \ AdminUILog \FepPolicySourceUpdater.log

Slide 14

Policy Creation: GPMC .ADMX/.ADML documents on introduce media Manage through Vista/Windows 2008 (or later) GPMC

Slide 15

ConfigMgr GPO Policy Creation: Import/Export

Slide 16

GPO ConfigMgr Policy Creation: Import/Export

Slide 17

Policy Lifecycle

Slide 18

Policy Lifecycle at a Glance Policy Creation: ConfigMgr Console Group Policy Management Console Export/Import of XML (fep2010gptool.exe) Policy Deployment: ConfigMgr Software Distribution of Policies bundle Group Policy Command-line During install (FEPInstall.exe/strategy ~ezentity_amp~lt;policy~ezentity_amp~gt;) After Install (ConfigSecurityPolicy.exe ~ezentity_amp~lt;policy~ezentity_amp~gt;) Policy Monitoring: Dashboard and Reports

Slide 19

Assign to ConfigMgr Collection(s)

Slide 20

Verify Program Advertisements

Slide 21

Under the Hood: Client Applies Policy ConfigMgr customer gets new strategy from publicized program (the FEP strategy) Advertised program (ApplyPolicy.vbs) runs Check to check whether CCM_ISV_SoftwarePolicy Class exists Requests Machine approach and assesses it ApplyPolicy.vbs finds the arrangement with most astounding priority Builds list of strategies and priority Identifies Policy with most noteworthy priority and makes .xml record Calls C:\Program Files\Microsoft Security Client\ ConfigSecurityPolicy.exe ~ezentity_quot~~ezentity_amp~lt;Policy~ezentity_amp~gt;.xml~ezentity_quot~ All of this signed in %temp%\FEP-Applypolicy-%computername%.log

Slide 22

Policy Lifecycle

Slide 23

Policy Lifecycle at a Glance Policy Creation: ConfigMgr Console Group Policy Management Console Export/Import of XML (fep2010gptool.exe) Policy Deployment: ConfigMgr Software Distribution of Policies bundle Group Policy Command-line During install (FEPInstall.exe/approach ~ezentity_amp~lt;policy~ezentity_amp~gt;) After Install (ConfigSecurityPolicy.exe ~ezentity_amp~lt;policy~ezentity_amp~gt;) Policy Monitoring: Dashboard and Reports

Slide 24

Under the Hood: Display in Dashboard Client reports status of program establishment

Slide 25

Under the Hood: Display in Console Client reports status of program establishment Updates Collection participation Collections refreshed each moment

Slide 26

Troubleshooting Policy - FEP Client Gui Policy Information

Slide 27

Troubleshooting Policies ~ez_acirc~€“ Policy Distribution Report There are new reports that can help with investigating of approaches. You can achieve these reports by going to Computer Manager ďƒ~ez_nbsp~ Reporting ďƒ~ez_nbsp~ Reports. ~ezentity_quot~ Policy Distribution Overview~ezentity_quot~ - This report shows the breakdown of strategy circulation states per accumulation. This report will just list PCs with Microsoft Forefront Endpoint Protection 2010 introduced. ~ezentity_quot~ Policy Distribution for a particular accumulation ~ezentity_quot~ - This report shows the approach conveyance states for a particular gathering. This report is partitioned into three segments. The Applied Policy area records the quantity of PCs and the connected arrangement. The Pending State segment records the quantity of PCs that in a pending state. The Failure area records the quantity of PCs that have revealed disappointments in applying their strategy. ~ezentity_quot~ Policy Distribution for a particular gathering in a particular state ~ezentity_quot~ - This report shows a rundown of PCs in a particular accumulation and particular arrangement state (connected, pending, and disappointment). NOTE: Since strategy appropriation is like customer take off (both utilize the Configuration Manager programming conveyance capacities), investigating takes after similar ideas and utilizations comparable reports .

Slide 28

Dashboard ~ezentity_amp~amp; Remediation I need to screen my PCs wellbeing and follow up on strategy floats

Slide 29

FEP Dashboard ~ezentity_amp~amp; Remediation ~ez_acirc~€“ Key Concepts Operationalized security checking Deployment issues Protection status Antimalware action issues Definitions refreshes issues Policy appropriation issues Visibility to FEP DCM baselines Launchpad to ConfigMgr accumulations Drill down to ConfigMgr accumulations Refresh operation measurements on request Manual remediation activities : Full/Quick sweep Signature refresh

Slide 30

Dashboard and Remediation demo

Slide 31

Reports I need to have a verifiable perspective of my organization assurance state

Slide 32

FEP Reports Security disapproved of Operational examination capacities Operational consistence abilities SQL Reporting administrations Export to different arrangements Register for email notices Accessed from program Extensibility Create you possess reports Shared construction

Slide 33

Reports in ConfigMgr demo

Slide 34

Custom FEP Reporting on FEP DB OLAP demo

Slide 35

FEP Alerts I need to be inform on basic security episodes anyplace, at whatever time

Slide 36

FEP Security Alerts - Concepts Security alarms ~ez_acirc~€“ Guidelines: Actionable ~ez_acirc~€“ Actions related with a caution Timely ~ez_acirc~€“ Expected and acknowledged postponement for an alarm to achieve its goal Manageable ~ez_acirc~€“ Number ~ezentity_amp~amp; Types of expected alarms Sensitivity-based ~ez_acirc~€“ Different occurrences per ready sort or potentially accumulations Security cautions in FEP: Rely on CM and FEP information up streams Expected reaction is ~30 ~ez_acirc~€“ 120 minutes E-mail notices Viewed in FEP report (Antimalware movement) Event log Configurable limit based

Slide 37

FEP Security Alerts

Slide 38

Forefront Endpoint Protection 2012 Beta Convergence of Management and Security Built on System Center Configuration Manager 2012 Advanced insurance with lower affect on profitability New Enhancements Simplified chain of command model Role Based Access Control Definition Updates and programmed endorsement leads through ConfigMgr Improved ready timings Evaluation Options FEP 2012 Beta accessible now : http://www.microsoft.com/fep Join Community Evaluation Program (incorporated into ConfigMgr CEP) https://connect.microsoft.com/site1211

Slide 39

Summary Convergence of Forefront Endpoint Protection with System Center Configuration Manager: Lowers proprietorship costs Delivers rearranged administration and simplicity of sending Enables enhanced perceivability for recognizing and defending possibly powerless endpoints Forefront Endpoint Protection 2012 Beta Available at this point! Assess with a group of associates: https://connect.microsoft.com/site1211

Slide 40

Required Slide Speakers, please list the Breakout Sessions, Interactive Discussions, Labs, Demo Stations and Certification Exam that identify with your session. Additionally show when they can discover you staffing in the TLC . Related Content SIM317 Planning and Deployi

SPONSORS