Assigning a Policy to Endpoint Computers
Applies To: Forefront Endpoint Protection
To assign Forefront Endpoint Protection policies to FEP clients, you assign the FEP policy to a Configuration Manager collection. A policy can be assigned to more than one collection if needed and a collection can have more than one policy assigned to it.
When a Forefront Endpoint Protection client has more than one policy assigned to it, the policy with the highest precedence is applied by the Forefront Endpoint Protection client.
This section describes how to assign a policy to a Configuration Manager collection. For more information about Configuration Manager collections, see Collections in Configuration Manager (https://go.microsoft.com/fwlink/?LinkId=196838).
To assign a policy to a collection
In the Configuration Manager console, expand System Center Configuration Manager, expand Site Database, expand Computer Management, expand Forefront Endpoint Protection, and then click Policies.
Right-click the policy that you want to assign, and then click Assign Policy.
Note
You cannot assign the Default Server Policy or the Default Desktop Policy.
In the Assign Policy dialog box, click Add.
In the Browse Collection dialog box, select the collection to which you want to assign the policy, and then click OK.
If you need to assign this policy to multiple collections, in the Assign Policy dialog box, for each collection, click Add and repeat this step.
In the Assign Policy dialog box, click OK.
A separate Configuration Manager advertisement is created for each collection a policy is assigned to. The advertisements are created in the Software Distribution\Advertisements\FEP Policies folder in the Configuration Manager console.
Note
The default assignments for the Default Server Policy and the Default Desktop Policy cannot be modified.
After assigning Forefront Endpoint Protection policies to the proper collections you will want to make sure that the policies are being applied.
Monitoring Forefront Endpoint Protection policy deployment
In the Configuration Manager console, expand System Center Configuration Manager, expand Site Database, expand Computer Management, and then click Forefront Endpoint Protection.
View the Policy Distribution Status section of the Operational Statistics on the Forefront Endpoint Protection dashboard. You might need to refresh the page to get the latest information.
In the Links and Resources pane, under Web Reports, click Policy Distribution Overview for the policy deployment information starting at the collection level and going down to the computer level.
Note
Only computers running the Forefront Endpoint Protection client software and the Configuration Manager agent will be included in the results displayed in the Forefront Endpoint Protection reports and in the Forefront Endpoint Protection dashboard statistics.
Note
In the About information displayed for the Forefront Endpoint Protection client software, information regarding the time the FEP policy was applied is provided. The time shown for Policy Applied is in Coordinated Universal Time (UTC).