Hey guys, I need some help.

We are using a dedicated server with SCCM 2012 R2 and it has FEP 2012 integrated and deployed FEP clients across the network and we love the ease of the process and the power SCCM brings to the table (so far). 

There is an InfoSec team member who does not have the rights to access the server (via RDC), but we would like him to have access to the FEP Dashboard (or any other front end for FEP) to see the reports and various stats on the client virus/malware activities.

Is there a remote management console that we could use for FEP in this scenario? We have one for another malware protection software installed on the same dedicated server, we deployed its clients on the network and we installed a remote management console on that InfoSec team member's computer and it works great. I assumed there should be something for FEP and after some research I found out there is some sort of extension (for SCCM or FEP) and/or an msi setup file for FEP for that to work. 

I would really appreciate some guidance on this matter. 

You could install the SCCM console on your team member's system and then scope his permissions so he can only access the Endpoint Protection related items. For example, there's a built-in security role named "Endpoint Protection Manager" that you could use. Or you could create a custom role based off of that role and configure it with fewer/greater permissions as needed. To install the console, you just need the files in the tools -> ConsoleSetup folder under the SCCM program files install location:

http://www.petervanderwoude.nl/post/how-to-silent-install-the-configmgr-2012-admin-console/

https://technet.microsoft.com/en-US/library/gg712284.aspx#BKMK_PlanningForRBA

You could install the SCCM console on your team member's system and then scope his permissions so he can only access the Endpoint Protection related items. For example, there's a built-in security role named "Endpoint Protection Manager" that you could use. Or you could create a custom role based off of that role and configure it with fewer/greater permissions as needed. To install the console, you just need the files in the tools -> ConsoleSetup folder under the SCCM program files install location:

http://www.petervanderwoude.nl/post/how-to-silent-install-the-configmgr-2012-admin-console/

https://technet.microsoft.com/en-US/library/gg712284.aspx#BKMK_PlanningForRBA

• Proposed as answer by Joyce LMicrosoft contingent staff, Moderator 22 hours 4 minutes ago

Yea, I have thought about this option. But there must be a management console for this purpose. I found a few threads on this topic and I will probably reply over there to get some answers.

System Center Endpoint Protection is completely integrated into ConfigMgr, so there is no separate console just for Endpoint Protection (at least no other official/supported console.) There hasn't been a separate console since Forefront Client Security which was before FEP 2010/ConfigMgr 2007.

Good luck

Kevin, thank you for clarifying this.. Okay, so then is the solution that you provided earlier the only way to accomplish what we want? Are there any prereqs for this process you described (hotfixes or anything else)?

It's the only solution that I'm aware of to accomplish what you described. There are no prereqs beyond configuring the role-based access to your desired access/functionality level. When you install the console on a remote system, make sure that you also install the corresponding cumulative update (hotfix) to bring it to the same level as what's installed on the primary site. When you install a CU on the primary, it puts a folder under the ConfigMgr program files location named hotfix -> <KB article number of the CU> -> AdminConsole -> i386 where you will find the .msp file that needs to be applied to the console installation.