In order to facilitate adhering to the EO easily and in an enterprise way, Microsoft Defender for Endpoints has been selected to achieve this. In order for MDE to reliably apply all of the protections required, Cisco AMP must be removed. Having Cisco AMP installed side-by-side with MDE places MDE in passive mode which cannot effectuate the protections required by the EO. To that end EPM has identified 543 Windows endpoints and 1,480 MacOS endpoints with some named version of AMP installed, that will have to be removed to meet the requirements.
| Table of Contents | ||
|---|---|---|
|
Configuration Manager has a Software Package already available to begin this. It is available for ITSOs to apply today to get ahead. Given the breadth and depth of the AMP installs, this package may not get everything installed on an endpoint. It uses the vendor prescribed method, but there may be conditions that exist on your endpoints that prevent the vendor method from succeeding, so please be vigilant if you deploy the package ahead of EPM.
...
AMP will removed by EPM on February 25th - however, we ask ITSOs to be vigilante and act to remove AMP in advance of this timeline to ensure successful compliance.
How:
Windows
A Linkedin learning course on deploying packages and programs in Configuration Manager.
...
If a password was set on the installer follow this process provided by Cisco https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215440-procedure-to-uninstall-the-amp-connector.html
Jamf
A is a link to the global script to remove AMP that ITSOs can use to deploy to their site.
https://mdm.utexas.edu/view/settings/computer-management/scripts/1010?tab=script
...