SCCM 1610 and Server 2016 AntiVirus

glenimp617 · 17 Feb 2017 at 08:20

Hi Everyone,

What's everyone doing about managing AV on Server 2016?

Do I assume we keep the onboard windows defender and manage through policies, or have they updated endpoint?

Thanks!!

glenimp617 · 22 Feb 2017 at 08:42

Hi all,

Thought I'd share my findings after messing about over the past few days.

Server 2016 no longer uses endpoint, it's the onboard windows defender. SCCM can manage it but you need to be on the latest version (1610). You need to add in the windows defender product to your software update sync and include it in your endpoint auto deployment policy.

There are a few gotchas though which not many people tell you about. In order for it to work, both Windows 10, Sever 2016 and the SCCM server need fully patching. There are bugs which MS have only just fixed. Also, if your SCCM server is running on 2008 or 2012 you also need to manually download the hotfixes for WSUS.

Throrik · 24 Feb 2017 at 11:54

Can you not manage it via SCEP? We have an EPP set up and deploy SCEP to our servers and manage it via SCCM's built in Endpoint Management - we're not using 2016 yet but we're on 1610.

glenimp617 · 24 Feb 2017 at 12:07

Yep, that's what we're doing. The endpoint policies work just the same. I assume windows defender is actually endpoint just under a new name.

Saundie · 24 Feb 2017 at 17:55

How do you guys keep up with these changes? Do you have a test environment at work, or do you have a home lab for testing the new builds? I went on an SCCM course in December 2015 and use SCCM 2012 R2 regularly for work, and I can't help but feel like I'm falling behind. There is no chance of us upgrading to the 1607 or anything else on the current branch at work.

Throrik · 24 Feb 2017 at 21:38

Why not upgrade? It's fairly simple - we have pilot collections for all app/osd trials/updates and we simply have an ironclad rollback plan before updating to the latest CB, exactly the same as we would do before adding a CU to Exchange.

It'd be great to have a separate test environment, but seeing as I work in a college that's not going to happen on our budget. I do a lot of reading MVPs blogs, Technet, SystemCentreDudes, Twitter following folks like Johan Arwidmark and the like who post daily about System Centre / OSD related subjects.

Saundie · 25 Feb 2017 at 07:45

I would like to upgrade, but it's not within my sphere of influence. All of our server and network infrastructure is shared with another part of the business, and it's managed by third party service provider. I'm just a simple desktop support analyst, so I have no say in the matter. The service provider is extremely slow at upgrading to the latest and greatest. They still have workstations being managed by SCCM 2007, and they're only just looking at upgrading from Exchange 2010.

I don't want to do desktop support for much longer, so I've been trying to get up to speed with things like SCCM. It's a bit difficult to really understand it when you only use it in a lab environment, though I suppose it's better than nothing!