This option uses Configuration Manager software updates to deliver definition and engine updates to computers in your hierarchy.
On the left pane select Scan Settings, on the right pane you will find the scan settings such as scan email and attachments, scan removable drives etc.
On the left pane click Endpoint Protection setting, on the right side set Manage Endpoint Protection client on client computers to Yes.
Below it there is another setting Install Endpoint Protection client on client computers, when you enable this setting and if this device settings is deployed to the target collection, the endpoint protection client is installed on all the computers present inside the target collection.
Likewise you can configure the remaining settings as per you requirement. The EP client device settings that we created in above step is deployed to the target collection named All Windows 7 Computers.
After few minutes when you log in to one of the machines which was a part of target collection to which the EP client device settings was applied, we see that the EP client has been installed but it needs to be updated (Status color is RED) as the definition updates are missing.
Note – When you install an Endpoint Protection point, an Endpoint Protection client is installed on the server hosting the Endpoint Protection point. Antimalware policies when deployed to the collections specify how Endpoint Protection protects them from malware and other threats.
The Endpoint Protection role has been installed successfully. After the installation of Endpoint Protection role, we will now create a Custom client device settings for Endpoint protection.