Q: Should I enable the Operations Manager proxy for my monitored Windows servers?

A. Yes. While this isn't enabled by default, that's really only because Microsoft has to be most secure by default, and the reality is, every Operations Manager environment enables this option.

The only real risk is when monitoring servers you don't trust. Then this setting could potentially allow for alert spoofing, since you're giving the agent permission to be a proxy for objects discovered on other computers. To enable the proxy, perform the following:

  1. Start the Operations Manager console.
  2. Open the Administration workspace.
  3. Navigate to Device Management, Agent Managed.
  4. Right-click the server you want to enable proxy for and select Properties.
  5. Select the Security tab.
  6. Check the Allow this agent to act as a proxy and discover managed objects on other computers then click OK.

You can enable this for all computers by using the following PowerShell command:

Get-SCOMAgent | where {$_.ProxyingEnabled.Value -eq $False} | Enable-SCOMAgentProxy