One very important aspect of your SCEP deployment is to stay on top of which policy your clients are receiving. All new SCEP clients will receive the default policy automatically, but if you've added any additional SCEP policies with custom settings, it's a good idea to check and make sure that your clients have received the policy correctly.
In order to complete this recipe, you'll need to utilize an account that has at least the SCEP administrators SCCM role assigned to it.
Follow these steps:
Assets and Compliance
| Overview
| Devices
and locate the collection that the custom policy has been assigned to.SCEP clients receive their policy settings as SCCM advertisements of small XML files. Once a SCEP policy has been created, it needs to be assigned to an SCCM collection of computers to go into effect.
If you follow the preceding recipe and find that the computer you were spot-checking does not have the correct policy, go back to Assets and Compliance
| Overview
| Endpoint Protection
| Antimalware Policies
and double-check that your custom policy is assigned to the right collection.
If you've just deployed a new policy within the past few minutes and find that a computer does not have the correct policy, give it a few minutes and refresh the screen. It can take a while for a newly deployed policy to make its way down to a client.