We are currently using McAfee VirusScan Enterprise, managed by McAfee ePO, for our anti-malware coverage on a dark (airgapped) network. Management is considering dropping McAfee and just going with Windows Defender instead. I've been able to download the definitions for Defender, and I assume I can deploy those definitions as well, using LDMS 2016.3. The next question is, what other aspects of Windows Defender management can LDMS/EPM handle? Is anyone else out there managing Windows Defender using LDMS or EPM? What I read elsewhere says that people who use just Defender for their anti-malware naturally use SCCM for managing it. I don't really want to be pulled into SCCM's gravity. How much can LDMS/EPM do with this?