M50093: Deploying and Administering Microsoft Forefront Client Security Version: A Length: 3 Days Published: June 27, 2008 Language(s): English Audience(s): IT Professionals Level: 400 Technology: 2007 Microsoft Office system Type: Course Delivery Method: Instructor-led (classroom) About this Course Elements of this syllabus are subject to change. Learn critical deployment and administration skills in this 400-level instructor-led course on Microsoft Forefront Client Security. Targeted at systems integrators, consultants, and deployment partners, this three-day class includes lecture and hands-on labs and was developed by Microsoft Consulting Services using their detailed implementation knowledge and best practices. Audience Profile This course is intended for technical deployment specialists and senior-level administrators who manage a Microsoft Exchange Server or Microsoft SharePoint Products and Technologies infrastructure or security practice. At Course Completion After completing this course, students will be able to: oDescribe the Forefront Client Security components and architecture, and identify the different server roles. oComplete and troubleshoot the server setup process, identify various server topologies, and describe basic MOM concepts and the MOM agent. oIdentify Forefront Client Security client component characteristics and describe the client setup and deployment processes. oUnderstand Forefront Client Security administration and user roles, Forefront Client Security Policy UI settings and policy deployments, and know how to troubleshoot the Management Console. oUnderstand the reporting services infrastructure used by Forefront Client Security. oUse Forefront Client Security reports and alerting services, and troubleshoot reporting procedures. oDescribe the security state assessment (SSA) component of Forefront Client Security, and understand its architecture. oDescribe the object processor and manifest update in SSA. oReview the SSA Security Check messages and results. oReview methods and procedures used to submit malware to Microsoft for analysis.# Before attending this course, students must have Windows Server certifications or deployment experience and be familiar with the Forefront product line: Client, Server, and Edge. Free online classes and labs are available at https://partner.microsoft.com/global/productssolutions/40032262 to help ensure an adequate baseline knowledge has been achieved prior to attending this instructor-led training. Course Outline Module 1: Course Overview This module provides an overview of the Forefront Client Security components and architecture. It describes what to expect from the product, and what modules will be covered on what days. Lessons oForefront Product Overview oForefront Client Security oMicrosoft Forefront Client Security Components oTraining Modules After completing this module, students will be able to: oDescribe the Forefront Client Security components and architecture. Module 2: Forefront Client Security Server Roles and Topologies This module explains the various roles involved on the server side of a Forefront Client Security infrastructure, as well as how they relate to each other in the various possible topologies. Lessons oForefront Client Security Server Roles oCollection Server oCollection Server Database oReporting Server oReporting Database Server oForefront Client Security Server Setup oRole Installation Steps oServer Topologies oSQL Server Database Sizing oConfiguration Wizard oMOM Concepts oForefront Client Security Server Setup Troubleshooting Lab : Installing a Three Server Topology oLaunch the Virtual Environment oCreate Forefront Client Security Accounts oInstall the Management, Collection, and Reporting Server oInstall the Reporting Server Database oInstall the Distribution Server Role oConfigure Client Security on a Three Server Topology oGrant Correct Permissions for Forefront Client Security Service Accounts oVerify the Installation of Client Security on a Three Server Topology After completing this module, students will be able to: oIdentify the different server roles within Forefront Client Security. oComplete the server setup process. oIdentify various server topologies. oReview basic MOM concepts. oDiscuss Forefront Client Security server setup troubleshooting. Module 3: Forefront Client Security Client This module explains the Forefront Client Security client setup configuration and deployment. Lessons oGeneral Information oAntimalware oMOM Agent oClient Setup oClient Deployment Planning oForefront Client Security Client Deployment Methods oTroubleshooting Lab : Deploying the Forefront Client Security Client oConfigure WSUS 3.0 to Deploy the Forefront Client Security Client oCreate a Forefront Client Security Client Package and Distribute It oDistribute the Antimalware and Security Assessment State Definition Updates oMalware and Spyware Detection oView the Malware and Spyware in the Dashboard After completing this module, students will be able to: oBe able to describe Forefront Client Security client component characteristics and information. oBe able to describe the antimalware agent and engine. oUnderstand the MOM agent. oUnderstand the client setup process. oUnderstand client deployment basics. Module 4: Forefront Client Security Management This module explains Forefront Client Security management. Lessons oAdministration oAdministration Dashboard oForefront Client Security Policy Deployment oForefront Client Security Management Console Troubleshooting Lab : End-to-End Policy Deployment oDeploy a Test Policy oRefresh and Verify Policy on the Client oView Policy Application via GPResult oView Summary Reports oPolicy Configuration Effects on Client UI Lab : Configuring Forefront Data Retention oExamine Data Retention Periods oModify Database Retention Settings After completing this module, students will be able to: oBe familiar with Forefront Client Security administration. oUnderstand Forefront Client Security Administration User roles. oUnderstand Forefront Client Security Policy UI settings and policy deployments. oBe familiar with Forefront Client Security Management Console troubleshooting. Module 5: Forefront Client Security Reporting and Alerting This module explains Forefront Client Security Reporting and Alerting. Lessons oReporting Services Overview oReporting Architecture oMOM Reporting oForefront Client Security Reports oSQL Server Reporting Services Troubleshooting oAlerts Lab : Viewing Forefront Client Security Reports oExplore Forefront Client Security Reports Lab : Managing Forefront Client Security Accounts oView Reporting Failure oSpecify SQL Server Reporting Credentials to Forefront Client Security Lab : Creating an E-Mail Report Subscription and Setting an E-Mail Notification oConfigure SQL Server Reporting Services oCreate an E-Mail Subscription oCreate an E-Mail Notification oFollow the Alert Notification Flow oView E-Mail Server Settings After completing this module, students will be able to: oUnderstand the reporting services infrastructure used by Forefront Client Security. oBe familiar with Forefront Client Security Reports. oBe familiar with Forefront Client Security Alerting Services. oUnderstand Forefront Client Security Reporting troubleshooting procedures. Module 6: Security State Assessment This module explains security state assessment. Lessons oSecurity State Assessment oSSA General Information oSSA Architecture oSSA Object Processor (OP) and Manifest Updates oSSA Security Checks Lab : Security State Assessment oExamine Security State Assessment information in MOM and the Forefront Client Security Management Console oConfigure WSUS for Security State Assessments oDetect Vulnerabilities oUpdate Clients After completing this module, students will be able to: oUnderstand the security state assessment component of Forefront Client Security. oBe familiar with the architecture of the SSA. oBe familiar with the object processor and manifest update in SSA. oUnderstand the SSA security check messages and results. Module 7: Submitting Malware to Microsoft for Analysis This module explains malware submission. Lessons oMalware Submission oAssisting Customers with Malware Submissions After completing this module, students will be able to: oReview methods and procedures used to submit malware to Microsoft for analysis. Module 8: Closing This module provides a review of the Forefront Client Security course, and a list of Web sites that provide additional information on Forefront Client Security. Lessons oAntimalware Client Registry Settings oAntimalware Errors oPP Tracing oAntimalware Events oSSA Scan Event Log Events oMOM Command Line Reference Module 9: Appendices Lessons oAppendix A: Antimalware Client Registry Settings oAppendix B: Antimalware Errors oAppendix C: PP Tracing oAppendix D: Antimalware Events oAppendix D: Antimalware Events oAppendix F: MOM Command Line Reference