In order to easily facilitate adhering to the EO easily and in an enterprise way, Microsoft Defender for Endpoints has been selected to achieve this. In order for MDE to reliably apply all of the protections required, Cisco AMP must be removed. Having Cisco AMP installed side-by-side with MDE places MDE in passive mode which cannot effectuate the protections required by the EO. To that end EPM has identified 543 Windows endpoints and 1,480 MacOS endpoints with some named version of AMP installed, that will have to be removed to meet the requirements.
Configuration Manager has a Software Package already available to begin this. It is available for ITSOs to apply today to get ahead. Given the breadth and depth of the AMP installs, this package may not get everything installed on an endpoint. It uses the vendor prescribed method, but there may be conditions that exist on your endpoints that prevent the vendor method from succeeding, so please be vigilant if you deploy the package ahead of EPM.
In Scope:
All EPM enrolled endpoints are required to remove AMP
Out of scope:
Servers
Impact:
The removal of AMP will require a reboot
Timeline:
AMP will removed by EPM on February 25th - however, we ask ITSOs to be vigilante and deploy the removal in advance of this timeline to ensure successful compliance.
How:
A Linkedin learning course on deploying packages and programs in Configuration Manager.
Removal of AMP on MacOS devices using Jamf
We have copied over a script created by LAITS to fully uninstall AMP. This script has been fully tested by several units over the last year.
AMP will removed by EPM on February 25th - however, we ask ITSOs to be vigilante and deploy the removal in advance of this timeline to ensure successful compliance.
Here is a link to the global script to remove AMP that you can use for your site.
https://mdm.utexas.edu/view/settings/computer-management/scripts/1010?tab=script