Forefront virus definitions not updating

You will need to remove any group policies that may have been configured to disable Windows Defender on domain machines.

I created a separate Windows 10 SCEP policy and deployed it against my collection of Windows 10 machines, whereupon I applied a SCEP 2012 standard desktop policy, modified to include Outlook 2010/2013 exclusions.

Windows 10 takes a different approach and is now able to be directly managed by SCCM without replacing it. Even if you tell SCCM to install the SCEP client when you launch SCEP.exe, on a Windows 10 machine it will launch Defender.I've finally got everything to play nicely in my lab so I'm sharing a few screenshots.