Sunday, November 18, 2012

System Center 2012 Endpoint Protection (SCEP) Cookbook Review

A few weeks ago, I was given the opportunity to review a recently released book by Packt Publishing about System Center 2012 Endpoint Protection (SCEP).

SCEP 2012 is effectively the latest version of Microsoft's Forefront Endpoint Protection Anti-Virus and Anti-Malware suite but instead of it being a standalone product like it's predecessor, this release is integrated as a new addition to the System Center 2012 Configuration Manager (SCCM/ConfigMgr) product.


People that know me (or anyone who reads this blog) will know that I typically keep away from working in depth with SCCM and instead try to focus on SCOM, Orchestrator, VMM, AppController and DPM with a working knowledge of SCSM thrown in for good measure! The reason for this is that apart from the facts that SCCM is such a huge product in itself and takes a long time to upskill to expert level on, we have a number of excellent SCCM consultants and Subject Matter Experts working in our company that would generally be involved in these types of customer deployments.

With the new licensing model that Microsoft has released for System Center 2012 (where a customer now can't individually purchase a single System Center product any more and instead needs to purchase the whole suite in one go), any new features or Unique Selling Points (USP's) that I can talk about when consulting with potential new System Center 2012 customers is a massive bonus. That's where SCEP 2012 comes in and why my motivation to review this new book stems as much from my own desire to learn more about the product and it's deployment as opposed to just recieving a free copy of it for personal use!

You might be thinking to yourself, "What exactly has a cookbook got to do with System Center?" and to be fair, the concept of technology centered cookbooks is new to me too. The idea of these books is to provide people who already have a basic understanding of a given technology (in this case SCEP or SCMM) with a set of 'recipes' for solving problems related to it. The publisher explains the cookbook concept in detail here.

The Book

Lead author on the book is Andrew Plue and it was reviewed by Nicolai Henriksen (SCCM MVP), Matthew Hudson (SCCM MVP) and Stephan Wibier.

Although I have this book nearly 3 weeks now, I intentionally left it until this week to have a read through it as I'm involved in building a new System Center 2012 demo environment in our datacenter and wanted to work through it to see if it would help me get the SCEP side of the demo up and running without calling in help from our SME's.

The book is just over 200 pages in lenght and contains the following chapters:

Chapter 1, Getting Started with Client-Side Endpoint Protection Tasks, provides a number of recipes for performing tasks at the local client level, such as forcing a definition update or modifying the SCEP client policy.

Chapter 2, Planning and Rolling Installation, will walk you through some of the considerations you will need to make before deploying SCEP, as well as showing you how to enable the SCEP role on your SCCM server.

Chapter 3, SCEP Configuration, will show you recipes for performing essential tasks, such as configuring SCEP policies and alerts, as well as walking you through the process of setting up SCEP's reporting features.

Chapter 4, Client Deployment Preparation and Deployment, includes a number of recipes to assist you with every step of client deployment from preparation to actually deploying the clients.

Chapter 5, Common Tasks, covers a number of day-to-day tasks that every SCEP administrator will need to know how to do it correctly in order to keep SCEP healthy and your Endpoints protected from malware.

Chapter 6, Management Tasks, covers important high level tasks, such as using policy templates, merging polices, and responding to SCEP alerts.

Chapter 7, Reporting, makes a deep dive into the reporting capabilities offered with SCEP. You will be shown how to execute reports, as well as provide access to reports. You will also be shown how to create your own custom reports.

Chapter 8, Troubleshooting, provides you with some tools to assist you with the time-consuming effort of troubleshooting an anti-malware product. The recipes in this chapter will help you deal with Definition Update issues, as well as how to approach false positives.

Chapter 9, Building an SCCM 2012 Lab, is a great chapter for anyone who has not yet taken the plunge on SCCM 2012. There is just a single recipe in the chapter that will show you the quickest down-and-dirty method for standing up an SCCM 2012 server in a lab environment. This is vital to anyone considering deploying SCEP, because with the total integration of SCEP with SCCM 2012, you can't experience SCEP without an SCCM environment.

My Thoughts

After reading through pretty much the whole book this week, I found the information to be concise and to the point. With its help, I managed to easily setup my demo environment with SCEP 2012 and learned how to quickly configure it to best practice recommendations. I also thought that the 'Notes', 'Tips and Tricks' and 'How It Works' sections scattered throughout the book provided some really good information that was evident of the real-world deployment experience the author and reviewers had.

Overall, if you're thinking of deploying SCCM 2012 with SCEP or if you have already deployed it and don't feel that you are getting enough out of it, then I'd recommend this book as a handy companion to get you up and running!

You can order the book in 'dead tree' format from Amazon here or in Kindle format from here.

Also, if you like this type of cookbook, then you might want to consider signing up to the publishers PacktLib which apart from serving as a portal to access your purchased books, from time to time they release free e-books on it that can come in handy as part of your technical library.

Wednesday, November 7, 2012

MMS 2013 Content Survey Now Open

Last night Microsoft sent out an e-mail announcing their annual Content Survey request for the upcoming Microsoft Management Summit (MMS) 2013 is open. This survey is detrimental in ensuring that the content presented at MMS is relevant to what the attendees want to see.

If you haven't registered on the MMS website and didn't receive an e-mail, you can access the Content Survey here:

It contains questions about the different types of technologies that you work with and what level of technical detail you would like to see those technologies presented on - Level 100 is just an entry-level overview session and Level 400 is the deep-dive technical content that most experienced techies are looking for.

MMS 2012 was held this year in April and although I had an excellent time and saw some really excellent and cool presentations, I couldn't help but feel I had seen a lot of the stuff being presented on over the previous 12 months through participation in Community Evaluation Programs (CEPs) and other online blogs and articles. Speaking with other attendees over there, this was kind of the general consensus.

I understand that not all attendees will spend nearly all of their spare time like I did learning System Center and participating in these Community driven programs but I honestly have to say that at MMS 2012, if I was running late for a particular session (it was in Vegas right..), that the decision to just give the session a miss and download it later was made easier due to the fact that I had either seen most of the stuff already or that the session was geared towards Level 100 audiences.

The fact that this year was the launch of System Center 2012 probably played a big part in the sessions that were delivered as Microsoft needed to ensure that everyone had a good understanding and overview of the products and Level 100 and Level 200 sessions are the best way to do that.

Speaking with Rod Trent and Flemming Riis last night, we all agreed that now is the time to get the right level of content and deep-dive sessions that we want presented by simply filling in the Content Survey form. If you are filling out the survey today or in the next few days (it doesn't take longer than 3 minutes), then one of the most important questions to ensure you complete is the last one about the 'General Event Questions' shown below

MMS previous attendees (alumni) should pay particular attention to this section and ensure that you use it as the forum to get your requests and points across about what you don't want to see and also what you would really love to see.

Don't be afraid to full up this section with as much suggestions as you can think of and if Microsoft get enough people suggesting the same thing, then they will definitely listen and add it to the content for next year.

So, what are you waiting for - start filling it out!