As Endpoint Protection is a ConfigMgr feature, System Center 2012 Configuration Manager installation is a prerequisite for enabling the endpoint protection role. Before installing the role, you must understand its placement in your hierarchy. If you have a multiple site hierarchy, you must install the role at the top of your hierarchy on your CAS; if you have a standalone primary site, install the role on that site server. The endpoint protection role can be installed only on a single site system server in your hierarchy.
Enabling the endpoint protection role performs the following actions:
• Presents you with a EULA that you must accept
• Sets the default Microsoft Active Protection Service (formerly ...