System Center 2012 Endpoint Protection Getting Minor Tuneup
Microsoft recently described some improvements it made to System Center 2012 Endpoint Protection, which is the company's next-generation enterprise-grade security solution for clients and servers.
The changes, described last week in a blog post, seem somewhat minor. Microsoft is promising that less infrastructure will be required to use System Center 2012 Endpoint Protection, compared with the previous Forefront Endpoint Protection 2010 product. In addition, the new product will leverage System Center 2012 Configuration Manager's more "user centric" approach. For instance, the new security solution will show which users are more likely to bring malware into a computing environment so that IT pros can prioritize individual support.
There are a few permissions-delegation improvements as well. IT pros will be able to delegate control to end users to restart their devices after an update, for instance. Microsoft also made it easier to grant permissions to a new administrator.
The dashboard now shows collections of machines that may be affected by an exploit or malware. With the 2010 product, users had to switch to a "reports" view to see such problems. The new product also will let IT pros apply antimalware policies across a collection of machines.
On the infrastructure side, Microsoft is dropping a requirement in Forefront Endpoint Protection 2010 to use Windows Server Update Services to set up automatic approval rules for antimalware definition updates. Instead, for System Center 2012 Endpoint Protection, Microsoft has added an "automatic deployment rules" feature.
What Microsoft hasn't changed is the combination of Forefront Endpoint Protection solution with System Center Configuration Manager. Microsoft announced that combined approach when it released Forefront Endpoint Protection 2010, claiming that combining endpoint security with management through System Center Configuration Manager 2007 would address potential organizational fragmentation problems.
It has been possible to purchase Forefront Endpoint Protection 2010 without Configuration Manager 2007, but IT shops would then lack centralized management control over the security solution. At least, that's how the Forefront Endpoint Protection 2010 pricing and licensing guide (PDF) describes it.
In the near future, when System Center 2012 is released, Microsoft will license the whole suite of eight products as one solution, including System Center 2012 Endpoint Protection. Microsoft will not offer to sell Endpoint Protection 2012 as a separate product. However, older System Center individual product licenses likely will continue to be sold for one year out, according to Rob Helm, vice president at Directions on Microsoft, in a roadmap brief.
System Center 2012 solutions are currently available at the release candidate test stage. The rumored product release date is sometime in April, near the Microsoft Management Summit event.
Kurt Mackie is online news editor for the 1105 Enterprise Computing Group.