Integrate FEP 2012 with SCCM 2012

May 30, 2011 at 11:54 am in Uncategorized by nsienaert

 

Hi There!

Recently FEP 2012 Beta 2 was released. As announced at MMS, FEP is moving from the Enterprise CAL to the Core CAL, in other words if you have SCCM, you have FEP.

Knowing this, customers will be probably more interested to use and to integrate FEP within SCCM.

Also, one of the odd issues with FEP 2010 and SCCM is that there is no auto-approval process. There are some workarounds to do so but with SCCM 2012 auto-approval is an out-of-the-box feature.

Let’s have a look.

Make sure you have following prerequisites: (in my case SQL Database Engine was already installed)

  • Install Analysis Services of SQL
  • Install Integration Service for SQL
  • Re-Run SQL 2008 SP1 or Above (if SQL was already installed)
  • Make Sure SQL Server Agent service is set to automatic and started

Start the Installation:

forefront1

If we open the SCCM Console for the first time what is changed?

1. There are FEP Security Roles

forefront2

2. The 3 FEP packages are there…
Note: Microsoft is pushing to use Applications with SCCM 2012. For FEP they auto create Packages… Verraste emoticon

forefront3

3. The FEP Collections

forefront5

4. Two FEP Policies which you can use as base for custom ones.

forefront6

5. In-console monitoring

forefront4

Now we have seen what it’s changed in the SCCM console, let’s make the environment secure…

First, I deploy the Forefront clients to all my client machines.

Second, I will make sure WSUS is downloading my Forefront Definition updates.

forefront7

Third, I create an auto-approval rule (for more info check on of my previous posts)

forefront8

Fourth, I create a custom FEP policy which I assign to my client machines.

Note: You can also import pre-created FEP policies for several server roles. You can find these templates under the installation directory.

forefront9

Fifth, the status of:

  • the deployment of the Forefront agent
  • installed Definition updates
  • policy deployment

can be monitored in the SCCM console.

forefront10

Till next time!

Nico (twitter: nsienaert)