We are using a dedicated server with SCCM 2012 R2 and it has FEP 2012 integrated and deployed FEP clients across the network and we love the ease of the process and the power SCCM brings to the table (so far).
There is an InfoSec team member who does not have the rights to access the server (via RDC), but we would like him to have access to the FEP Dashboard (or any other front end for FEP) to see the reports and various stats on the client virus/malware activities.
Is there a remote management console that we could use for FEP in this scenario? We have one for another malware protection software installed on the same dedicated server, we deployed its clients on the network and we installed a remote management console on that InfoSec team member's computer and it works great. I assumed there should be something for FEP and after some research I found out there is some sort of extension (for SCCM or FEP) and/or an msi setup file for FEP for that to work.
I would really appreciate some guidance on this matter.
You could install the SCCM console on your team member's system and then scope his permissions so he can only access the Endpoint Protection related items. For example, there's a built-in security role named "Endpoint Protection Manager" that you could use. Or you could create a custom role based off of that role and configure it with fewer/greater permissions as needed. To install the console, you just need the files in the tools -> ConsoleSetup folder under the SCCM program files install location:
http://www.petervanderwoude.nl/post/how-to-silent-install-the-configmgr-2012-admin-console/
https://technet.microsoft.com/en-US/library/gg712284.aspx#BKMK_PlanningForRBA
You could install the SCCM console on your team member's system and then scope his permissions so he can only access the Endpoint Protection related items. For example, there's a built-in security role named "Endpoint Protection Manager" that you could use. Or you could create a custom role based off of that role and configure it with fewer/greater permissions as needed. To install the console, you just need the files in the tools -> ConsoleSetup folder under the SCCM program files install location:
http://www.petervanderwoude.nl/post/how-to-silent-install-the-configmgr-2012-admin-console/
https://technet.microsoft.com/en-US/library/gg712284.aspx#BKMK_PlanningForRBA
- Proposed as answer by Joyce LMicrosoft contingent staff, Moderator 22 hours 4 minutes ago
System Center Endpoint Protection is completely integrated into ConfigMgr, so there is no separate console just for Endpoint Protection (at least no other official/supported console.) There hasn't been a separate console since Forefront Client Security which was before FEP 2010/ConfigMgr 2007.
Good luck