A: You don't have to use SCCM to deploy and manage the FEP client, but it's the preferred approach. The FEP server component integrates with SCCM and provides easy deployment, updating, reporting, monitoring, and policy control from the SCCM management console once the FEP server piece is installed.

You can also perform reporting and alerting through Forefront integration from System Center Operations Manager, but not the deployment or policy control. (Group Policy could be used for these missing pieces.)

Another option is to run FEP in unmanaged, without SCCM or SCOM. However, you'll no longer get alerts or reporting on the client status. You could still use Group Policy to control policies on the FEP client. For malware definition updates, clients could use Microsoft Update or a Windows Software Update Server.

Microsoft has a page with some nice detail on the options.