Microsoft Configuration Manager Reviews

We primarily utilize SCCM for deploying and updating applications across our network. This includes managing crucial Windows updates to ensure our systems are up-to-date and secure.

One of the standout features of SCCM is its application management capabilities. It allows us to create packages efficiently and deploy them to specific groups within our network. This streamlined process has significantly improved our software distribution workflows. Regarding remote control capabilities, SCCM does offer these features. But I haven't extensively utilized them in my role. I'm aware that SCCM allows for remote querying and control, which can be beneficial for IT support and maintenance tasks.

While SCCM offers robust features for application management, we don't currently use it for device inventory and asset management purposes. For these tasks, we rely on a separate inventory management system.

I've been using Microsoft Configuration Manager (SCCM) for about a month now. During this time, I've gained experience in deploying and updating applications, including critical Windows updates. SCCM has been instrumental in streamlining our application management processes.

I rate SCCM around an eight for stability. It has proven to be a reliable tool for application management and deployment within our organization.

In terms of scalability, I believe there's room for improvement. While SCCM is capable of handling our current needs effectively, scalability could be enhanced to accommodate future growth and larger deployments.

Regarding technical support, I haven't needed to contact Microsoft directly for assistance. The resources available through their documentation and online forums have been quite helpful in resolving any issues or questions that arise.

The console provides an organized interface for managing applications, updates, and device groups. This made the setup process relatively smooth for me.

I would recommend SCCM to others, especially for organizations looking to streamline their application management processes and ensure compliance with software updates. It's a valuable tool that has positively impacted our software distribution and compliance efforts.

We were replacing SCCM. It's been easy enough to do in terms of getting the devices and seeing what's being discovered from that type of info. We're looking for hardware and software data coming across. 

The solution is helping us by bringing the hardware details on it, and it's a software install. That way, we can account for the devices and identify and understand what is actually installed do the computers. 

It's very easy to use and understand. 

The solution is affordable.

It is stable and reliable. 

We've found scalability to be good.

Technical support was helpful and responsive.

The setup is simple and pretty standard. 

We'd like additional data related to security and the configurations of the hardware. 

On some hardware, we'd like an easier way to get peripherals attached. 

I've been using the solution for about six months. I haven't used it for that long. 

It is stable. It's reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution can scale well. We weren't surprised about anything. It does what needs to be done. 

Technical support is excellent. When we had a question, we got prompt answers. We are quite satisfied with the level of support. 

Positive

The initial setup was pretty standard. It was not complex. 

We have witnessed an ROI.

The pricing is good. I'd rate its affordability eight out of ten. It could always be cheaper, however, we are pretty happy with the cost.

We are not on the latest version. However, we're getting to upgrade the product.

You need to understand what type of data you need and what it can pull. That's part of the configuration that needs to be done at the outset. If you know what you want and you make sure the system can do it, and it's configured right, and you'll be happy.

I'd rate the solution nine out of ten.

It is used for software deployments, PC operating system deployments, and security patch deployments.

Currently, we are using it on-premises, but we are slowly moving to the cloud solution that is called Intune or Microsoft Endpoint Management (MEM).

We have high availability for all of our deployments. We can trust this platform for all our deployments. We are quite happy with the fact that we can do what we want to do. It fulfills our goals for all deployments.

It is a very well-rounded product. It is a complete package with all the features using which we are able to manage our PCs very efficiently. 

One area of improvement is regarding the patching of Office 365 products. We have some difficulties on this side, and it can be improved.

Their support should be improved. Mostly, when we are doing patches on Microsoft 365 clients, we need to escalate to Microsoft support. It takes a long time to get to someone in their support team who has good knowledge of the product. Their support at level one is not quite helpful and knowledgeable.

In my previous company, we deployed SCCM two years ago.

And in my current company, I have been using this solution for more than one year.

Its stability is quite good, and its performance is quite good. There is nothing to complain about.

It is scalable, but we are far from reaching that limit. We don't have any problem with its scalability.

We have three people working on the SCCM side. In terms of the implementation, we have 6,000 PCs that have this installed. It is being used daily.

Mostly, when we are doing patches on Microsoft 365 clients, we need to escalate to Microsoft support. We are not quite happy with the support because it takes a long time to get to someone who is knowledgeable. When we have a tricky issue like this, it is very complicated to get appropriate support. We lose a lot of time with Microsoft support before we find someone who is able to understand and resolve the issue. 

Positive

We were previously working with BigFix. I also worked with HPE's solution. As compared to these two products, SCCM is much more integrated with the Microsoft ecosystem. We are fully on Windows, so it is much easier for us to manage our PCs with SCCM. It is easier to have a Microsoft product on Microsoft operating systems.

It is a Microsoft product, and we have an efficient team that is managing the solution. We have a lot of people who have the knowledge of doing its setup. So, deployment is not an issue for us. If you know the product, it is quite easy. You just need the knowledge of the product.

From the beginning to the end, it took about six months. It was deployed on all PCs.

We mainly had two people for its implementation. I managed the deployment, and I had one external resource who helped me in implementing the full product. To implement it, we needed to integrate all of the enterprise applications. This integration of the enterprise applications was outsourced, and there were a few people involved.

For its maintenance, we have a resource in India who is managing the solution. We need one full-time administrator for managing the solution. We also have one person who is integrating new applications and updates with this platform.

Its licensing is quite complicated because we are getting the license not only for SCCM but for the full Microsoft package. We don't need to pay for a separate license. We need to have one license that includes everything we need, such as Windows, Microsoft 365, SCCM, encryption, and so on. So, we don't have a specific price for it. Perhaps, it is good that it includes the full suite of licensing of Microsoft. It is expensive, but we are getting a lot of features.

In the next release, we are moving to the cloud, which also fits the strategy of Microsoft. We would like that the features on the cloud side are very similar to what we have on the on-premise side. We are looking to move to the cloud with Intune, but Intune is not like SCCM in terms of the features. We prefer that they develop all the features on the cloud.

I would recommend others to go for it if they are using any other solution to manage their Windows or Microsoft environment. It will make life easier. I would also recommend others to check the cloud solution before implementing the on-premise solution. They can see what can be done on the cloud. Cloud is not fully ready to replace the on-premise solution, but they can do some of the parts on the cloud and some of the parts on-premises.

I would rate it a nine out of 10.

We use Microsoft Endpoint Configuration Manager for application deployment and patching. We run the gamut, and we use it for quite a bit.

To do what we are doing with the configurations manager manually would be impossible. We have over 100,000 systems, and it simplifies a lot of what we are doing. The reporting aspect allows you to report on patch compliance, etc. It just simplifies a lot of things.

I like a lot of the reporting capabilities and baseline configurations.

Some of the capabilities aren't fully developed yet. It's an ongoing work in progress. I think they are making some steps in the right direction as far as managing workstations centrally, like Intune. 

I have been using Microsoft Endpoint Configuration Manager for over ten years.

Microsoft Endpoint Configuration Manager is stable.

On a scale from one to ten, I would give stability a nine. 

Microsoft Endpoint Configuration Manager is very scalable. We probably have 150,000 users right now.

On a scale from one to ten, I would give scalability a nine.

The initial setup is a bit challenging. We have a relatively complex environment. It's a little bit more complicated than it might be for a smaller environment. It can be relatively straightforward, but there are some twists in our environment.

We implemented this solution.

I would tell potential users that it's a worthwhile solution for any company that has to manage a lot of systems. It's a great tool.

On a scale from one to ten, I would give Microsoft Endpoint Configuration Manager an eight.

This is a diverse tool so its use case varies. Most people use it for patch management and software distribution, and operating system deployment. It can also be used for policy management and for maintaining a baseline on the computer, depending on the company and its goals. We are consultants and resellers and deploy this solution on the cloud and on-prem. We use Azure for our cloud deployments. I'm a consultant and president and CEO of our company. 

The solution enables significant streamlining and reduces resources from a personnel perspective.

Patching is very effective and reporting is very good. In general, the software distribution and operating system deployment are very good. Most organizations with small support resources leverage it, along with the Azure Autopilot component or the Intune Autopilot component. The customer orders the solution, it's shipped to them, they open it, log on with their Azure credentials and it builds the machine for them as opposed to going to an imaging center, and having a dedicated staff for that particular function. 

I think the asset management component, the TSM piece, could be improved. That would allow them to compete with other products. It's currently very basic and rudimentary because there are no other connectors such as PeopleSoft that you can get.

I've been using this solution for 24 years. 

This is a very mature product so it's very stable. In the 24 years I've been using it, most of the kinks have been worked out. It's all about having a healthy network and a healthy, active directory structure. If those two things are in place, you'll have a really good experience. If not, it will definitely show its head in the SCCM product. 

The scalability is excellent. 

Technical support for SCCM is good. You have to get past the tier one person, but once you get to a dedicated MECM engineer, it's good. The support forums are also helpful. 

If the solution is being deployed by someone with experience, it can be done in about two hours. They're pretty good with hydration kits where you can configure all the prerequisites and all the components, and you're up and running in about two clicks. It's the customer and budget that dictates how complex or how involved a setup is. If they're only leveraging a couple of the core features of the product, it's pretty straightforward, but if they want to use more advanced functions and distribute that out and do low balancing and that sort of thing, it takes a little more time. Generally, clients allow us to integrate for them, we conduct a turnkey training solution, and then they take it over.

Although the solution is not as expensive as Ivanti, the cost is still quite high. Certain licensing arrangements can get you a better deal, but it's still expensive. It's based on a CAL license, so if you have a client on an endpoint, there's going to be a charge. I think it's around $US35 per license per year. It's not too bad. 

If you're new to the solution then it's worthwhile studying the documentation because it's not easy in terms of all the components that make it up such as SQL and so forth. 

I rate the solution nine out of 10. 

Systems management, inventory, pushing out deployment, and patching. It has multiple purposes.

It helped our internal IT get ahold of all the applications that we are actually running out there. With the SCCM inventory, we found a lot of rogue applications. We were able to identify them, find out who was running them, and either put them on our application list or remove them.

One of our goals with the patching of systems was to automate it so we wouldn't have to manually push out patches anymore. It gave us the ability to set up schedules, set up all the groups and collections and, according to what our security requirements are, to automate the patching of our servers and desktops. Everybody knows now exactly what days it will happen and what is going to get patched, on a schedule. That was a huge culture shift.

What's valuable is the basic management of the systems, being able to control who can access the systems.

You can remote control or RDP. That has been the most valuable because we can go into one console and can get to anything we want. Instead of going to all these different consoles, we centralized everything. That's the big one that we really are enjoying, that we have a central console for everything.

We run into little stuff all the time. There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. At least that tells us which ones didn't reboot, but before that got put in the 2018 version, it was really tough because management wanted a report of what patched and what wasn't, we couldn't give it to them.

We went into the feedback site and added our feedback and voted on it. The reboot pending was a big step forward, but we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now.

I would also love to be able to patch Linux servers. I would love that ability to be on one console and patch my environment. I know they're doing it with the Azure piece right. I saw that at Ignite last year, where they're looking to almost have SCCM as part of the cloud, and they will supposedly let you patch your Linux boxes from the cloud. Being a law firm, that is not going to happen for us. We are not cloud-friendly.

Finally, their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. Our security really liked the idea of being able to get compliance reports themselves, on patching etc. However, it is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it or anything like that. That's all they said, "It's a known issue."

We've had no stability problems at all. Things have been running great for a year, we haven't had any real issues with the system itself. We've had to tweak some things like everybody does, some registry keys here and there, but there has not been a stability problem at all.

It scales, but it gets expensive. If you're looking to do - and this is something I hear they're changing in one of the future versions - built-in HA, high-availability, right now you have to use Microsoft clustering. So you have to buy Microsoft clustering to make it highly available. 

As far as load balancing across, they don't have that support yet, so that you can actually build multiple primaries and have it load balance across. They don't have any of that functionality yet. That would be a nice feature, to scale that way. The way they have designed SCCM is to put the load in the offices. You put secondary sites out there where you put DPs on the sites and they pull from the local site, not from across the LAN. That helps with the load, it doesn't really hit the primary server.

We had to escalate our issue because you always get that person at first-level support who reads off a script. Then, after a couple hours, you say, "Escalate this." Once we got to the second person, we were able to figure our issues out. I would rate tech support at seven out of 10, based on our experience.

We used ZENworks for years. I used to work for Novell, so I was biased toward it too. We switched because we weren't sure where they were going. With Novell going away, Micro Focus taking over, and somebody taking over the whole umbrella corporation, we had no idea. They couldn't give us a real roadmap out for a long period of time. We were a little worried about being on a product that might not be around in five years.

We had no problems with ZENworks. It was fine, we loved it, but we were worried about the future.

I did a lot of research before I set it up. I watched a lot of YouTube videos, talked to Microsoft, demos, etc. I did enough homework so that when we set it up it was pretty simple. You just have to understand the SCCM infrastructure and how it works. If you don't understand that it might be confusing when you first install it. You have to understand your primary site, your secondary site, your distribution points and how they work, so you know how to set it up correctly.

After that, installing it was easy. Just understanding what connects to what. What has to go first, what has to go second, what services you need installed and set up, and how to set them up. Once you do your research on that it is pretty simple. But if you go in blind, I can see how it could be rather difficult.

Pricing and licensing are a downside of SCCM. It's expensive. I'd have to confirm this, but I think they changed the licensing to core-based instead of socket-based. It's not cheap, because you have to buy the software, you have to buy SQL. Another thing we learned from talking to Microsoft is that they provide you a license for SQL if you run it on the same box as the primary server. If you run it outside that box, you have to buy SQL. Microsoft does recommend you running it on the same box because of performance. But then, in order to run SQL, SCCM, and everything on the same box, you better have some resources.

It's an expensive solution. There's no doubt about it.

We looked at some small-time vendors, third-party stuff. No major names. There was one that we looked at that was really small and it actually seemed pretty powerful. It was called PDQ. But it turned out to be more for small business than enterprise-ready. 

The only enterprise solutions we came across were SCCM, ZENworks, and BigFix from IBM. Even though BigFix did Linux, it did everything, the price point was really expensive. It was something that wasn't even in our ballpark, and they didn't seem to want to deal with us.

We were already on ZENworks and we knew how it worked. We knew everything about it, but again, we didn't know its future. When it came down to having discussions with our team, myself, and other architects, we decided the more we keep with a single solution - we are mainly a Microsoft shop, Windows on the desktop, and mostly Microsoft servers - the more we keep the stack together. That's why we went with SCCM.

Do your homework. Understand the basics of it, how it works between services. When you go to install it's going to ask you specific questions, and you might not know what the question is unless you did your homework ahead of time.

Microsoft offers architectural sessions. Right before we installed it, we went to Microsoft and they sat down with us and did a session with us to understand how to architect it, how do design it. I would definitely advise doing that. I don't know who they offer it to, but that was very helpful. We met with their architects at Microsoft and they helped us understand how to architect it.

I give SCCM an eight out of 10. It's powerful. It's not a 10 because it has little bugs here and there. It has little issues that are annoying. For example, you may want to do something on a maintenance window. There's no way to say, "I want this maintenance window to be on the second Tuesday of the month." It's strict. This window is this and that's it. You can't fluctuate. There are little intricacies that are a little annoying. Sometimes we find the flexibility is not there in certain circumstances.

We use Microsoft Configuration Manager for patch management. 

The product has improved time and security. 

Microsoft Configuration Manager is integrated with other Microsoft products. 

The product needs to improve scalability. 

I have been working with the product for three years. 

I rate Microsoft Configuration Manager a nine out of ten. 

I rate the tool's scalability an eight out of ten. 

The tool's deployment is easy. It takes between five to 25 minutes to complete. 

I rate Microsoft Configuration Manager a nine out of ten. 

First off, to clarify some confusion, Microsoft recently changed the name of a previous on-premises tool called SCCM (Microsoft System Center Configuration Manager) to MECM (Microsoft Endpoint Configuration Manager).

In our company, we originally used SCCM with all our Microsoft products, but after a while, many companies including ours started to move their on-premises devices to the cloud, and MECM, along with Intune on an Azure tenant, became our preferred solution for managing devices that are both on-premises and in the cloud.

I worked with a team to complete the upgrade of our SCCM solution to the current version of MECM, which we now use exclusively to deploy software packages, scripts, updates, and operating systems via task sequences. Then, after buying an Azure AD tenant, we took out a license for Microsoft Intune (now part of MECM), in order to link our use of MECM for managing devices that exist on the internet, such as in the case of teleworkers.

MECM has given us many benefits, but the main benefit is that we no longer have to deploy software manually onto hard drives or with USB flash drives, and instead you can do everything over the network.

Our company is spread over several regions, with the headquarters located in Paris, France, and with two remote locations in Paris and two remote locations in Morocco, where I am based. With MECM, we can deploy distribution points (e.g. file servers) in different areas, such that we can deploy packages from any of the distribution points that are nearest to the intended location.

This is useful because when a device needs a package, it will trace the location of the nearest distribution point from which it can source the package, to speed up the transfers over the internet and not impact the overall bandwidth.

I manage software updates and operating systems for devices, and within seconds, we can remotely deploy a system for, say, 2,000 devices. Not only that, but we can also deploy scripts and create comprehensive compliance rules.

There are several challenges regarding MECM worth mentioning.

With MECM, you can't deploy packages remotely for end users who are working from home, unless you pass them through Intune with an Azure tenant. After initiating a VPN connection, the remote machine will contact Intune in order to retrieve packages, scripts, etc.

Intune is a great solution for managing devices but it is expensive because you also have to buy an Azure service called CMG (Cloud Management Gateway). CMG works as an intermediary between your on-premises MECM server and remote end users, via email authentication, but it can be difficult to integrate with MECM and costly.

There are also some limitations of Intune, such as the inability to deploy operating systems the traditional way via task sequences, making it such that we have to use Autopilot to deploy operating systems. Though, with Intune and Autopilot you can deploy what you have on-premises, including GPO strategies for local endpoints and general endpoint configurations. 

It is important to note that MECM by itself can only manage Microsoft devices, despite how Intune can be used alongside it to manage multiple platforms (e.g. Android / Apple devices).

Finally, there is a steep learning curve when it comes to administration. A lot of experience is needed in terms of troubleshooting, as this is one of the most difficult tasks in MECM. We were seven people in a group and I was the only one that had the patience to do the troubleshooting at times. If we have a problem with a certain feature in MECM, we need to observe the log, reading and analyzing, to discover the problem. 

I have worked with Microsoft Endpoint Configuration Manager for six years.

MECM is stable. However, whenever Microsoft makes changes or updates to the workstation operating system (Windows 10, for example), you also have to adapt your version in the server accordingly. So, in future, if you're going to be deploying Windows 11, you will also need to upgrade your version of Windows in MECM. This means that you are always thinking about which versions of operating systems you have in your workstations as well as which versions you have in MECM.

You have to do such maintenance every six months, where you need to consider the versions of operating systems while upgrading and testing to see if they are compatible with your MECM. On the whole, it ends up being a lot of work.

To improve scalability across on-premises and cloud environments, Microsoft introduced Intune which is a service implemented with MECM in the cloud in order to provide communication with devices in remote locations. So if you need to manage remote devices with MECM, you can do so by buying the Azure tenant service, and attach it to your MECM.

In total, we are using MECM and Intune to configure almost 2,000 devices across the company.

We haven't had many problems that have warranted the use of Microsoft support. Thankfully, there are a lot of people on the internet who are also working with MECM so we have a lot of documentation to work with. If you follow the documentation, you don't need the support of Microsoft.

Before using the original SCCM, we had never used anything similar.

It's not easy to implement MECM at first because you are required to have some experience on how to deploy the database for MECM. At our company we already have people working in the data center who have lots of experience in deploying with VMs and virtualization (e.g. Hyper-V and VMware), but for me, implementing MECM was difficult.

It took us around six months to complete the entire implementation because our company has several remote locations which have to be served by the remote distribution server and distribution point servers, and after implementing each server, you have to test it extensively before you put it into production.

We did the implementation by ourselves. We have staff in different areas who helped deploy MECM, including support staff and data center personnel. For example, one person takes care of the AD server, and another takes care of our use of Intune. Yet another group takes care of the IT, engineering, and system administration, of which three people might be there just to handle the load balancing. It all depends on the requirements at the time.

If you have a small company and you have a simple need to install operating systems remotely, you can install WDS (Windows Deployment Service) on a server, which can help with the task of deploying operating systems and software remotely. But if your company has a lot of applications and devices that need monthly updates, it is better to buy a license for MECM.

I don't have the figures for the licensing because it's another group that manages the accounts and licensing for all the servers, but I believe it's quite expensive. The reason I say it's expensive is because we have a lot of products in our company, especially Microsoft products such as Microsoft Office and Microsoft System Center Orchestrator. 

Along with buying a license for MECM, we also have to buy a service called CMG (Cloud Management Gateway) which is a virtual machine in the cloud with which you can link your MECM to the Azure tenant so as to manage teleworkers. To explain a bit further, the teleworkers' machines communicate with the CMG as a tenant service in Azure, which then communicates with your MECM and on-premises policies, which then communicates back to the teleworker client.

This is a necessary process, but at least it is only a small feature and it is not difficult to add this relationship to your MECM as long as you have people experienced in the Azure tenant service.

MECM is a solution that needs a team that is well-experienced in implementation, administration, troubleshooting, and more, but the reward is worth the effort. My biggest piece of advice is that before you integrate it into your company, make sure you have the required skills.

I would rate MECM an eight out of ten.