.png)
Using Windows Intune Endpoint Protection or an Existing Endpoint Protection Application
Updated: December 17, 2012
Applies To: Windows Intune December 2012 Release
Before deploying Windows Intune to client computers that have another endpoint protection application running, determine which of the following approaches is optimal for your environment:
-
Use Windows Intune Endpoint Protection instead of the existing endpoint protection application.
-
Do not use Windows Intune Endpoint Protection; continue to use the existing endpoint protection application instead.
Use Windows Intune Endpoint Protection to Help Secure Client Computers
To use Windows Intune Endpoint Protection to help secure client computers, do the following:
-
Leave the other endpoint protection application running while you deploy the Windows Intune client software to the client computers.
-
Determine how you will remove the other endpoint protection application from the client computers.
-
Set a policy to explicitly enable Windows Intune Endpoint Protection on the client computers.
-
After you confirm that the policy has taken effect and that Windows Intune is helping to secure client computers, remove the existing endpoint protection application from those clients.
After you deploy the Windows Intune client software, Windows Intune Endpoint Protection contacts the Windows XP Windows Security Center (which must be enabled for this to occur) or the Windows Action Center (in Windows Vista® and Windows® 7) to check whether another endpoint protection application is installed. By default, if another endpoint protection application is installed and Windows Intune Endpoint Protection detects the application, Windows Intune Endpoint Protection automatically disables itself (however, Windows Intune Endpoint Protection does report on the health of the other endpoint protection application, and it displays that information in the Windows Intune administrator console). If Windows Intune Endpoint Protection does not detect the other endpoint protection application, Windows Intune Endpoint Protection will remain enabled.
If Windows Intune Endpoint Protection detects another endpoint protection application on client computers, to ensure that Windows Intune Endpoint Protection is helping to protect those computers, you have to explicitly enable it.
To explicitly enable Windows Intune Endpoint Protection on client computers that are running another endpoint protection application that was detected by Windows Intune, you have to create a Windows Intune policy, and then deploy it to those computers. To do so, in the Windows Intune administrator console, create a new policy, set the policy value for Enable Endpoint Protection to Yes, and deploy the policy to the appropriate computers. After you confirm that Windows Intune Endpoint Protection is helping to secure the client computers, you can remove or disable the other endpoint protection application.
Continue to Use an Existing Endpoint Protection Application Instead of Windows Intune Endpoint Protection
To continue to use an existing endpoint protection application, install and deploy the Windows Intune client software on client computers as required. By default, if Windows Intune Endpoint Protection detects that another endpoint application is installed, Windows Intune Endpoint Protection will disable itself. If it does not detect another endpoint protection application, Windows Intune will remain enabled.
