50093: Deploying and Administering Microsoft Forefront Client Security (3 Days)
About this Course
Learn critical deployment and administration skills in this 400-level instructor-led course on Microsoft Forefront Client Security. Targeted at systems integrators, consultants, and deployment partners, this three-day class includes lecture and hands-on labs and was developed by Microsoft Consulting Services using their detailed implementation knowledge and best practices.
Audience Profile
This course is intended for technical deployment specialists and senior-level administrators who manage a Microsoft Exchange Server or Microsoft SharePoint Products and Technologies infrastructure or security practice.
At Course Completion
After completing this course, students will be able to:
- Describe the Forefront Client Security components and architecture, and identify the different server roles.
- Complete and troubleshoot the server setup process, identify various server topologies, and describe basic MOM concepts and the MOM agent.
- Identify Forefront Client Security client component characteristics and describe the client setup and deployment processes.
- Understand Forefront Client Security administration and user roles, Forefront Client Security Policy UI settings and policy deployments, and know how to troubleshoot the Management Console.
- Understand the reporting services infrastructure used by Forefront Client Security.
- Use Forefront Client Security reports and alerting services, and troubleshoot reporting procedures.
- Describe the security state assessment (SSA) component of Forefront Client Security, and understand its architecture.
- Describe the object processor and manifest update in SSA.
- Review the SSA Security Check messages and results.
- Review methods and procedures used to submit malware to Microsoft for analysis.
Course Outline
Module 1: Course Overview
This module provides an overview of the Forefront Client Security components and architecture. It describes what to expect from the product, and what modules will be covered on what days.
Lessons
- Forefront Product Overview
- Forefront Client Security
- Microsoft Forefront Client Security Components
- Training Modules
After completing this module, students will be able to:
- Describe the Forefront Client Security components and architecture.
Module 2: Forefront Client Security Server Roles and Topologies
This module explains the various roles involved on the server side of a Forefront Client Security infrastructure, as well as how they relate to each other in the various possible topologies.
Lessons
- Forefront Client Security Server Roles
- Collection Server
- Collection Server Database
- Reporting Server
- Reporting Database Server
- Forefront Client Security Server Setup
- Role Installation Steps
- Server Topologies
- SQL Server Database Sizing
- Configuration Wizard
- MOM Concepts
- Forefront Client Security Server Setup Troubleshooting
Lab : Installing a Three Server Topology
- Launch the Virtual Environment
- Create Forefront Client Security Accounts
- Install the Management, Collection, and Reporting Server
- Install the Reporting Server Database
- Install the Distribution Server Role
- Configure Client Security on a Three Server Topology
- Grant Correct Permissions for Forefront Client Security Service Accounts
- Verify the Installation of Client Security on a Three Server Topology
After completing this module, students will be able to:
- Identify the different server roles within Forefront Client Security.
- Complete the server setup process.
- Identify various server topologies.
- Review basic MOM concepts.
- Discuss Forefront Client Security server setup troubleshooting.
Module 3: Forefront Client Security Client
This module explains the Forefront Client Security client setup configuration and deployment.
Lessons
- General Information
- Antimalware
- MOM Agent
- Client Setup
- Client Deployment Planning
- Forefront Client Security Client Deployment Methods
- Troubleshooting
Lab : Deploying the Forefront Client Security Client
- Configure WSUS 3.0 to Deploy the Forefront Client Security Client
- Create a Forefront Client Security Client Package and Distribute It
- Distribute the Antimalware and Security Assessment State Definition Updates
- Malware and Spyware Detection
- View the Malware and Spyware in the Dashboard
After completing this module, students will be able to:
- Be able to describe Forefront Client Security client component characteristics and information.
- Be able to describe the antimalware agent and engine.
- Understand the MOM agent.
- Understand the client setup process.
- Understand client deployment basics.
Module 4: Forefront Client Security Management
This module explains Forefront Client Security management.
Lessons
- Administration
- Administration Dashboard
- Forefront Client Security Policy Deployment
- Forefront Client Security Management Console Troubleshooting
Lab : End-to-End Policy Deployment
- Deploy a Test Policy
- Refresh and Verify Policy on the Client
- View Policy Application via GPResult
- View Summary Reports
- Policy Configuration Effects on Client UI
Lab : Configuring Forefront Data Retention
- Examine Data Retention Periods
- Modify Database Retention Settings
After completing this module, students will be able to:
- Be familiar with Forefront Client Security administration.
- Understand Forefront Client Security Administration User roles.
- Understand Forefront Client Security Policy UI settings and policy deployments.
- Be familiar with Forefront Client Security Management Console troubleshooting.
Module 5: Forefront Client Security Reporting and Alerting
This module explains Forefront Client Security Reporting and Alerting.
Lessons
- Reporting Services Overview
- Reporting Architecture
- MOM Reporting
- Forefront Client Security Reports
- SQL Server Reporting Services Troubleshooting
- Alerts
Lab : Viewing Forefront Client Security Reports
- Explore Forefront Client Security Reports
Lab : Managing Forefront Client Security Accounts
- View Reporting Failure
- Specify SQL Server Reporting Credentials to Forefront Client Security
Lab : Creating an E-Mail Report Subscription and Setting an E-Mail Notification
- Configure SQL Server Reporting Services
- Create an E-Mail Subscription
- Create an E-Mail Notification
- Follow the Alert Notification Flow
- View E-Mail Server Settings
After completing this module, students will be able to:
- Understand the reporting services infrastructure used by Forefront Client Security.
- Be familiar with Forefront Client Security Reports.
- Be familiar with Forefront Client Security Alerting Services.
- Understand Forefront Client Security Reporting troubleshooting procedures.
Module 6: Security State Assessment
This module explains security state assessment.
Lessons
- Security State Assessment
- SSA General Information
- SSA Architecture
- SSA Object Processor (OP) and Manifest Updates
- SSA Security Checks
Lab : Security State Assessment
- Examine Security State Assessment information in MOM and the Forefront Client Security Management Console
- Configure WSUS for Security State Assessments
- Detect Vulnerabilities
- Update Clients
After completing this module, students will be able to:
- Understand the security state assessment component of Forefront Client Security.
- Be familiar with the architecture of the SSA.
- Be familiar with the object processor and manifest update in SSA.
- Understand the SSA security check messages and results.
Module 7: Submitting Malware to Microsoft for Analysis
This module explains malware submission.
Lessons
- Malware Submission
- Assisting Customers with Malware Submissions
After completing this module, students will be able to:
- Review methods and procedures used to submit malware to Microsoft for analysis.
Module 8: Closing
This module provides a review of the Forefront Client Security course, and a list of Web sites that provide additional information on Forefront Client Security.
Lessons
- Antimalware Client Registry Settings
- Antimalware Errors
- PP Tracing
- Antimalware Events
- SSA Scan Event Log Events
- MOM Command Line Reference
Module 9: Appendices
Lessons
- Appendix A: Antimalware Client Registry Settings
- Appendix B: Antimalware Errors
- Appendix C: PP Tracing
- Appendix D: Antimalware Events
- Appendix D: Antimalware Events
- Appendix F: MOM Command Line Reference
Before attending this course, students must have Windows Server certifications or deployment experience and be familiar with the Forefront product line: Client, Server, and Edge.Free online classes and labs are available at https://partner.microsoft.com/global/productssolutions/40032262 to help ensure an adequate baseline knowledge has been achieved prior to attending this instructor-led training.