Managing Security with System Center Configuration Manager 2012

The idea for this blog started one rainy Saturday afternoon when my 5-year-old daughter hopped on the computer and pulled up her favorite online game. It was amazing how quickly she’s learned to use a computer. And, for the most part, she learned how to use it on her own. There was plenty of trial and error and there was a lot of “Dad, I know how do this!” (if only I knew how to better convey tone in a blog posting). But throughout she was unfazed by the unknown and kept trying until she got what she wanted. Now if only there is a way to impart this knowledge to other members of family it might save me a lot of time as the family’s tech support guy…

As much as I was impressed with a 5-year-old’s undaunted pursuit of fun, this event magnified to me how our world is changing. Today in customer environments we’re seeing great change in the behaviors and the expectations of end users. End users are now demanding the same level of functionality that they have at home for their favorite applications and hardware. This is sometimes called the consumerization of IT or attributed to the Gen Y-ers. Regardless of the label or demographic, it is the end user’s move towards being more of an adventurist and, as a result, their desire for functionality outside the purview of typical IT support. This new modus operandi presents a challenge to IT managers responsible for protecting resources and keeping end users productive.

With System Center Configuration Manager 2012 and System Center Endpoint Protection 2012, we wanted to help our customers with these changes. Our focus was around “operationalizing security management,” which in a nutshell means allowing you to put the right people on the right tasks, and providing these tasks in the right way. For example:

  • We want your security experts to be able to focus on tasks like forensic investigations, rather than the day-to-day running of a definition update deployment.
  • We want you to be able to streamline your processes so that management administrators are able focus on tasks that they are accustomed to, such as managing both OS updates and new definition updates.
  • We want you to be able to work with a single, complete infrastructure using Endpoint Protection on top of Configuration Manager.

The following are a few of the features that come with Configuration Manager 2012 and Endpoint Protection 2012 that help you to operationalize security management:

  • Automatic deployment rules – using a rich set of criteria you can define the types of updates that you want to automatically approve and deploy within your environment. Configuration Manager will automatically check with Windows Update or Microsoft Update to see if there are any new updates that match your rule definition. This type of functionality is a great way to keep your environment up-to-date with the latest updates. It is especially important for scenarios such as definition updates, since these are released multiple times a day.
  • Role-based administration – both Configuration Manager 2012 and Endpoint Protection 2012 now fully support role-based administration. This allows you to securely designate specific tasks to your security administrators and management administrators.
  • Real time malware alerts – everyone that has been around for a security issue knows that time is very important. The quicker you know means the higher the chance that you can mitigate the impact of an issue. To help with this Endpoint Protection now provides real-time alerts for malware activity. This means from the console you can quickly get status from all your clients if there is a malware outbreak.
  • Email subscriptions –now that we get the alerts to the console quickly, we also looked for ways to cut the figurative tether between you and the console. To help with this we added in email subscriptions. This means that you can subscribe to events like malware alerts and receive these alerts on your mobile device.

Those are a few of the changes that we’re making. I hope you get a chance soon to check out Configuration Manager 2012 and Endpoint Protection 2012.

Mark Florida

Lead Program Manager

System Center Configuration Manager