Endpoint Protection

Can anyone tell me how can I enable endpoints that have somehow become disabled remotely?

Go to the Clients tab and select whichever client you want from your group and right click it. You will have options there to enable certain components.

Full details in this article:

About commands that you can run on client computers

Also do you have temper protection enabled? Should stop people disabling the client on machines by default tamper protection is set to log only.

Tamper Protection can be found at
Clients > Polocies > General Settings > Tamper Protection Tab > Change the action to Block & Log > click ok.

Needs to be done on every group you don't want people apart from SEPM admins to be able to disable. Will stop people manually shutting down the client or messing with it. 

We do have tech support that needs to disable it at times to do installs and other scans.

Ok so I have taken a screen shot that has 2 machines listed. I see where a few things are listed as component malfunctioned would I need to reinstall the client to fix this issue?

That would probably quickest/easiest. You could first try a repair of the SEP client via add/remove programs to see if that fixes it. That way you wouldn't need to do the reinstall.

If the password section is set to prevent stop/unistall of SEP then support will still be able to stop and uninstall client if needed with the password. It won't stop ligitimate tampering if the correct password is used.