Best Practices for WFH for SCEP

Occasional Visitor

Our company of 8000+ users transitioned form a 90% on-site to an 80+% WFH population in a matter of days. I recently joined the company and was given the SCEP/Defender ATP environment and I am new to the application. No one has looked at the policies no made any updates for over 18 months. Are there any recommendations or Best Practices for settings changes. Any help/comments would be appreciated.

1 Reply


Are you using Intune or ConfigMgr.

In case you are using Intune, management would be easier and you just have to make sure your devices are enrolled. 

Policies depends on your your company policy and whether they are using their own device or company given them device. You may consider place most resources online like instead of saving and copy document in their personal device, setup SharePoint and have all documents there and set policy preventing them from downloading them in their PC. You may consider DLP policies too.

As for Windows Defender ATP, you have to make sure all devices are being monitored and regularly check report and take actions based on activities. When people are working from home, you as IT administrator would have less control and they might insert malicious devices like infected external hard disk or USB drive to their work PC and you have to keep an eye on these cases. It is good idea to make sure cloud protection and Controlled folder access is enable too (you need to do some testing to prevent false-positive).