How do you manage SCEP on clients over the internet? Or can you only manage this when they are on the intranet? I know they can get definitions and updates from the internet but can I still see their status from my console?
You have two options, you could use Direct Access so that the clients are Always connected or you could setup your SCCM Environment for Internet Based Client Management.
http://technet.microsoft.com/en-us/library/bb680388.aspx It requires a PKI infrastructure, but then the SCCM clients can be managed over the internet and as Endpoint Protection is integrated
with SCCM that is what you need.
