In case you have not yet tried enabling Endpoint Protection in CM 2012 and wondering how to do it, let me try to help you.
One of the most important things to determine Is where to install the Endpoint protection Point role in your CM 2012 hierarchy. If you have a CM 2012 standalone primary site server, you can enable the Endpoint Protection Point site system role on the Standalone primary site server. If you have a Central Administration Site (CAS) server, then you need to enable the Endpoint Protection point site system role on the CAS server.
Now you follow these two articles from TechNet to determine prerequisites for Endpoint Protection and the process of enabling the endpoint protection.
Prerequisites for Endpoint Protection in Configuration Manager 2012
How to configure Endpoint Protection in Configuration Manager 2012
If you want to deploy endpoint protection in a phased manner to your desktop environment, you can create custom client device settings to enable Endpoint Protection agent and target these settings on a new collection with desired workstations/servers. Once you have done testing to your satisfaction you can simply add new workstations by subnets or AD sites any other smart logic.
In case you have an existing third party AV agent installed on your computers and in case SCCM fails to remove that agent and fails to install, you can use application packages to deploy a script/ command line/ executable/ MSI which will remove the third party agent prior to enabling Endpoint Protection agent.
To track the endpoint protection agent deployment status, go to monitoring section and select the collection you want to track, and review results.