Microsoft Configuration Manager Reviews

We use Microsoft Endpoint Configuration Manager for application deployment and patching. We run the gamut, and we use it for quite a bit.

To do what we are doing with the configurations manager manually would be impossible. We have over 100,000 systems, and it simplifies a lot of what we are doing. The reporting aspect allows you to report on patch compliance, etc. It just simplifies a lot of things.

I like a lot of the reporting capabilities and baseline configurations.

Some of the capabilities aren't fully developed yet. It's an ongoing work in progress. I think they are making some steps in the right direction as far as managing workstations centrally, like Intune. 

I have been using Microsoft Endpoint Configuration Manager for over ten years.

Microsoft Endpoint Configuration Manager is stable.

On a scale from one to ten, I would give stability a nine. 

Microsoft Endpoint Configuration Manager is very scalable. We probably have 150,000 users right now.

On a scale from one to ten, I would give scalability a nine.

The initial setup is a bit challenging. We have a relatively complex environment. It's a little bit more complicated than it might be for a smaller environment. It can be relatively straightforward, but there are some twists in our environment.

We implemented this solution.

I would tell potential users that it's a worthwhile solution for any company that has to manage a lot of systems. It's a great tool.

On a scale from one to ten, I would give Microsoft Endpoint Configuration Manager an eight.

The primary use case of the solution is to deploy the computers and servers.

The most valuable feature is that it integrates well with other Microsoft solutions.

The solution can be improved with the addition of a mobile device manager.

I have been using the solution for three years.

The solution is stable.

The solution is scalable.

The initial setup is straightforward.

The implementation was completed in-house.

I give the solution a nine out of ten.

I recommend the solution because it functions as advertised. The solution is user-friendly and easy to learn. The solution has a nice-looking interface, unlike others out there.

We utilize it for tasks such as ongoing OS patching, application deployment, configuring services, making adjustments to conferencing settings, comparing configurations across different systems, and implementing security measures, among other things.

Certainly, MECM, being MECM, is undeniably one of the best tools I've come across, having a plenty of features that have been steadily improving over time. In our role, it serves as an outstanding solution, particularly as a configuration manager. Nothing quite compares to MECM in this regard. The interface and its capabilities have been immensely helpful. While I've explored other tools on the market, including premium options, MECM stands out as superior to all of them. Moreover, it aligns seamlessly with Microsoft platforms and their various intricacies. It's a significant advantage.

The cloud account management is a valuable feature.

Regarding this, I'd like to mention the agent situation. When the agent on an end-user device is not functioning correctly, it can be quite problematic. It would be highly beneficial if there were a self-healing mechanism in place. Essentially, if the agent becomes corrupted or encounters issues, it should be able to rectify itself autonomously. This is particularly critical because, in order to utilize a tool like MECM (assuming you're referring to Microsoft System Center Configuration Manager), we need to deploy agents, known as AsMs, on all the devices we use, such as Windows 10 or Windows Server. Sometimes, when we deploy configurations or updates, they don't apply properly due to agent issues. This issue has been present since we began using MECM around 23 years ago. Unfortunately, there is currently no built-in mechanism for the agent to detect its own problems and initiate self-repair.

Microsoft doesn’t have any feature to scan vulnerabilities and hence, they could include those.

I would rate it six or seven out of ten.  There have been significant issues in the past, particularly over the last three years. Sometimes, the activities we attempt to implement are not entirely successful, and they end up being ignored. Achieving a full implementation success rate of 100% is challenging; typically, we reach about 90-95%. It requires substantial effort and diligence to get everything working as it should, highlighting the need for improvements in this regard.

MECM has impressive scalability. It can support up to 150,000 devices, and if you require more, you can simply add another primary site. This scalability is as advertised, and I have experience working in a large environment. I would rate it 9 out of 10. 

The timeline for setting up this system depends on the number of endpoints or end-users involved. For example, during my time at Walmart, where we were supporting around 350,000 endpoints and 8,000 servers, it took a few months to get the environment settled. In my current organization, which is focused on internal services, it only takes about a week, sometimes even just a couple of days. The process, though, remains quite similar. It can be done by a lot of people but requires support from teams. 

The setup process typically involves configuring prerequisites, setting up SQL Servers (especially for larger environments), and dealing with any network restrictions. Some networks have specific requirements and restrictions that need to be accommodated. As mentioned earlier, ensuring that your system can communicate with agents across the environment is crucial. In more basic terms, you'll need relays or distribution points in each data center or location. These distribution points help in routing and redistributing the data efficiently. The complexity of the setup mainly hinges on the number of offices and locations you're dealing with. Fortunately, the setup itself is straightforward and user-friendly, so understanding it doesn't require much time if you're familiar with the process.

The setup is extremely easy and I would rate it 10 out of 10. 

Certainly, in an enterprise environment, having an SME for deploying MECM is essential. Even though I can handle it myself and have experience implementing SCCM for over a hundred to two hundred and seven devices, I still seek the guidance of an SME to ensure I'm on the right track. It's always beneficial to have that expertise, especially when dealing with Microsoft products.

I would recommend it using simply and would rate it 8 out of 10.

It is used for software deployments, PC operating system deployments, and security patch deployments.

Currently, we are using it on-premises, but we are slowly moving to the cloud solution that is called Intune or Microsoft Endpoint Management (MEM).

We have high availability for all of our deployments. We can trust this platform for all our deployments. We are quite happy with the fact that we can do what we want to do. It fulfills our goals for all deployments.

It is a very well-rounded product. It is a complete package with all the features using which we are able to manage our PCs very efficiently. 

One area of improvement is regarding the patching of Office 365 products. We have some difficulties on this side, and it can be improved.

Their support should be improved. Mostly, when we are doing patches on Microsoft 365 clients, we need to escalate to Microsoft support. It takes a long time to get to someone in their support team who has good knowledge of the product. Their support at level one is not quite helpful and knowledgeable.

In my previous company, we deployed SCCM two years ago.

And in my current company, I have been using this solution for more than one year.

Its stability is quite good, and its performance is quite good. There is nothing to complain about.

It is scalable, but we are far from reaching that limit. We don't have any problem with its scalability.

We have three people working on the SCCM side. In terms of the implementation, we have 6,000 PCs that have this installed. It is being used daily.

Mostly, when we are doing patches on Microsoft 365 clients, we need to escalate to Microsoft support. We are not quite happy with the support because it takes a long time to get to someone who is knowledgeable. When we have a tricky issue like this, it is very complicated to get appropriate support. We lose a lot of time with Microsoft support before we find someone who is able to understand and resolve the issue. 

Positive

We were previously working with BigFix. I also worked with HPE's solution. As compared to these two products, SCCM is much more integrated with the Microsoft ecosystem. We are fully on Windows, so it is much easier for us to manage our PCs with SCCM. It is easier to have a Microsoft product on Microsoft operating systems.

It is a Microsoft product, and we have an efficient team that is managing the solution. We have a lot of people who have the knowledge of doing its setup. So, deployment is not an issue for us. If you know the product, it is quite easy. You just need the knowledge of the product.

From the beginning to the end, it took about six months. It was deployed on all PCs.

We mainly had two people for its implementation. I managed the deployment, and I had one external resource who helped me in implementing the full product. To implement it, we needed to integrate all of the enterprise applications. This integration of the enterprise applications was outsourced, and there were a few people involved.

For its maintenance, we have a resource in India who is managing the solution. We need one full-time administrator for managing the solution. We also have one person who is integrating new applications and updates with this platform.

Its licensing is quite complicated because we are getting the license not only for SCCM but for the full Microsoft package. We don't need to pay for a separate license. We need to have one license that includes everything we need, such as Windows, Microsoft 365, SCCM, encryption, and so on. So, we don't have a specific price for it. Perhaps, it is good that it includes the full suite of licensing of Microsoft. It is expensive, but we are getting a lot of features.

In the next release, we are moving to the cloud, which also fits the strategy of Microsoft. We would like that the features on the cloud side are very similar to what we have on the on-premise side. We are looking to move to the cloud with Intune, but Intune is not like SCCM in terms of the features. We prefer that they develop all the features on the cloud.

I would recommend others to go for it if they are using any other solution to manage their Windows or Microsoft environment. It will make life easier. I would also recommend others to check the cloud solution before implementing the on-premise solution. They can see what can be done on the cloud. Cloud is not fully ready to replace the on-premise solution, but they can do some of the parts on the cloud and some of the parts on-premises.

I would rate it a nine out of 10.

The on-premises useability is very good.

The solution is stable. 

For the most part, for our needs, the scaling is fine.

Microsoft is already pushing users towards Intune, as opposed to SCCM. It's on the roadmap for them. It's inevitable. SCCM will be on Endpoint Manager in the future. I would say nothing needs to be changed.

The solution is on-premises. The cloud version of the product, if a person needs to be on the cloud, would be InTune, which already exists as an option. SCCM doesn't need to offer cloud features for this reason.

We have used the solution for the past decade. It's been around ten years at this point.

The solution is stable. There are no bugs or glitches. It doesn't crash or freeze.

SCCM is built for corporate networks. There is some advantage from Microsoft in terms of the content management gateway that we already have so that we can utilize the internet, however, scaling is fairly it's straightforward.

In our company, we have 44,000 devices. We do not need more. Scalability-wise we are good. We are not a company of hundred thousand devices. I'm not looking to scale it more. Therefore, I can't speak to what scalability would be like for those with 100,000 or more devices.

We have a support team that does technical support for us. I don't work directly with Microsoft. I go into priority calls, however, our technical teams manage that. Therefore, I can't speak to how helpful or responsive they are.

We are trying to transition from SCCM to Bigfix.

My understanding is that the installation is a two-day setup, however, I did not personally set it up, and therefore can't speak of the implementation or how easy or difficult it might have been.

I cannot speak on pricing. I let the procurement team deal with it. Therefore, I don't have any information on licensing fees, et cetera.

I have looked at comparisons between Bigfix, SCCM, and Intune. I personally prefer INTune as a solution, however, the company is moving towards Bigfix and away from SCCM.

We are just customers and end-users of SCCM.

We have been using SCCM for the past decade, however, now, the company is supposed to go with Intune for model management. However, we have a new CPO or CSO double hatting with security as well. He's more inclined in Bigfix features, which offer more robust patch management as well as vulnerability scan. SWe dropped the plan to go with Intune and will go with Bigfix, moving us away from SCCM.

Our CPO, CSO is mainly the driver for the change, not because it is on our roadmap or our partnership with the vendor or anybody else.

In general, I would recommend the solution to other organizations and companies. We've been happy with it over the years. I'd rate it at a nine out of ten.

This is a diverse tool so its use case varies. Most people use it for patch management and software distribution, and operating system deployment. It can also be used for policy management and for maintaining a baseline on the computer, depending on the company and its goals. We are consultants and resellers and deploy this solution on the cloud and on-prem. We use Azure for our cloud deployments. I'm a consultant and president and CEO of our company. 

The solution enables significant streamlining and reduces resources from a personnel perspective.

Patching is very effective and reporting is very good. In general, the software distribution and operating system deployment are very good. Most organizations with small support resources leverage it, along with the Azure Autopilot component or the Intune Autopilot component. The customer orders the solution, it's shipped to them, they open it, log on with their Azure credentials and it builds the machine for them as opposed to going to an imaging center, and having a dedicated staff for that particular function. 

I think the asset management component, the TSM piece, could be improved. That would allow them to compete with other products. It's currently very basic and rudimentary because there are no other connectors such as PeopleSoft that you can get.

I've been using this solution for 24 years. 

This is a very mature product so it's very stable. In the 24 years I've been using it, most of the kinks have been worked out. It's all about having a healthy network and a healthy, active directory structure. If those two things are in place, you'll have a really good experience. If not, it will definitely show its head in the SCCM product. 

The scalability is excellent. 

Technical support for SCCM is good. You have to get past the tier one person, but once you get to a dedicated MECM engineer, it's good. The support forums are also helpful. 

If the solution is being deployed by someone with experience, it can be done in about two hours. They're pretty good with hydration kits where you can configure all the prerequisites and all the components, and you're up and running in about two clicks. It's the customer and budget that dictates how complex or how involved a setup is. If they're only leveraging a couple of the core features of the product, it's pretty straightforward, but if they want to use more advanced functions and distribute that out and do low balancing and that sort of thing, it takes a little more time. Generally, clients allow us to integrate for them, we conduct a turnkey training solution, and then they take it over.

Although the solution is not as expensive as Ivanti, the cost is still quite high. Certain licensing arrangements can get you a better deal, but it's still expensive. It's based on a CAL license, so if you have a client on an endpoint, there's going to be a charge. I think it's around $US35 per license per year. It's not too bad. 

If you're new to the solution then it's worthwhile studying the documentation because it's not easy in terms of all the components that make it up such as SQL and so forth. 

I rate the solution nine out of 10. 

First off, to clarify some confusion, Microsoft recently changed the name of a previous on-premises tool called SCCM (Microsoft System Center Configuration Manager) to MECM (Microsoft Endpoint Configuration Manager).

In our company, we originally used SCCM with all our Microsoft products, but after a while, many companies including ours started to move their on-premises devices to the cloud, and MECM, along with Intune on an Azure tenant, became our preferred solution for managing devices that are both on-premises and in the cloud.

I worked with a team to complete the upgrade of our SCCM solution to the current version of MECM, which we now use exclusively to deploy software packages, scripts, updates, and operating systems via task sequences. Then, after buying an Azure AD tenant, we took out a license for Microsoft Intune (now part of MECM), in order to link our use of MECM for managing devices that exist on the internet, such as in the case of teleworkers.

MECM has given us many benefits, but the main benefit is that we no longer have to deploy software manually onto hard drives or with USB flash drives, and instead you can do everything over the network.

Our company is spread over several regions, with the headquarters located in Paris, France, and with two remote locations in Paris and two remote locations in Morocco, where I am based. With MECM, we can deploy distribution points (e.g. file servers) in different areas, such that we can deploy packages from any of the distribution points that are nearest to the intended location.

This is useful because when a device needs a package, it will trace the location of the nearest distribution point from which it can source the package, to speed up the transfers over the internet and not impact the overall bandwidth.

I manage software updates and operating systems for devices, and within seconds, we can remotely deploy a system for, say, 2,000 devices. Not only that, but we can also deploy scripts and create comprehensive compliance rules.

There are several challenges regarding MECM worth mentioning.

With MECM, you can't deploy packages remotely for end users who are working from home, unless you pass them through Intune with an Azure tenant. After initiating a VPN connection, the remote machine will contact Intune in order to retrieve packages, scripts, etc.

Intune is a great solution for managing devices but it is expensive because you also have to buy an Azure service called CMG (Cloud Management Gateway). CMG works as an intermediary between your on-premises MECM server and remote end users, via email authentication, but it can be difficult to integrate with MECM and costly.

There are also some limitations of Intune, such as the inability to deploy operating systems the traditional way via task sequences, making it such that we have to use Autopilot to deploy operating systems. Though, with Intune and Autopilot you can deploy what you have on-premises, including GPO strategies for local endpoints and general endpoint configurations. 

It is important to note that MECM by itself can only manage Microsoft devices, despite how Intune can be used alongside it to manage multiple platforms (e.g. Android / Apple devices).

Finally, there is a steep learning curve when it comes to administration. A lot of experience is needed in terms of troubleshooting, as this is one of the most difficult tasks in MECM. We were seven people in a group and I was the only one that had the patience to do the troubleshooting at times. If we have a problem with a certain feature in MECM, we need to observe the log, reading and analyzing, to discover the problem. 

I have worked with Microsoft Endpoint Configuration Manager for six years.

MECM is stable. However, whenever Microsoft makes changes or updates to the workstation operating system (Windows 10, for example), you also have to adapt your version in the server accordingly. So, in future, if you're going to be deploying Windows 11, you will also need to upgrade your version of Windows in MECM. This means that you are always thinking about which versions of operating systems you have in your workstations as well as which versions you have in MECM.

You have to do such maintenance every six months, where you need to consider the versions of operating systems while upgrading and testing to see if they are compatible with your MECM. On the whole, it ends up being a lot of work.

To improve scalability across on-premises and cloud environments, Microsoft introduced Intune which is a service implemented with MECM in the cloud in order to provide communication with devices in remote locations. So if you need to manage remote devices with MECM, you can do so by buying the Azure tenant service, and attach it to your MECM.

In total, we are using MECM and Intune to configure almost 2,000 devices across the company.

We haven't had many problems that have warranted the use of Microsoft support. Thankfully, there are a lot of people on the internet who are also working with MECM so we have a lot of documentation to work with. If you follow the documentation, you don't need the support of Microsoft.

Before using the original SCCM, we had never used anything similar.

It's not easy to implement MECM at first because you are required to have some experience on how to deploy the database for MECM. At our company we already have people working in the data center who have lots of experience in deploying with VMs and virtualization (e.g. Hyper-V and VMware), but for me, implementing MECM was difficult.

It took us around six months to complete the entire implementation because our company has several remote locations which have to be served by the remote distribution server and distribution point servers, and after implementing each server, you have to test it extensively before you put it into production.

We did the implementation by ourselves. We have staff in different areas who helped deploy MECM, including support staff and data center personnel. For example, one person takes care of the AD server, and another takes care of our use of Intune. Yet another group takes care of the IT, engineering, and system administration, of which three people might be there just to handle the load balancing. It all depends on the requirements at the time.

If you have a small company and you have a simple need to install operating systems remotely, you can install WDS (Windows Deployment Service) on a server, which can help with the task of deploying operating systems and software remotely. But if your company has a lot of applications and devices that need monthly updates, it is better to buy a license for MECM.

I don't have the figures for the licensing because it's another group that manages the accounts and licensing for all the servers, but I believe it's quite expensive. The reason I say it's expensive is because we have a lot of products in our company, especially Microsoft products such as Microsoft Office and Microsoft System Center Orchestrator. 

Along with buying a license for MECM, we also have to buy a service called CMG (Cloud Management Gateway) which is a virtual machine in the cloud with which you can link your MECM to the Azure tenant so as to manage teleworkers. To explain a bit further, the teleworkers' machines communicate with the CMG as a tenant service in Azure, which then communicates with your MECM and on-premises policies, which then communicates back to the teleworker client.

This is a necessary process, but at least it is only a small feature and it is not difficult to add this relationship to your MECM as long as you have people experienced in the Azure tenant service.

MECM is a solution that needs a team that is well-experienced in implementation, administration, troubleshooting, and more, but the reward is worth the effort. My biggest piece of advice is that before you integrate it into your company, make sure you have the required skills.

I would rate MECM an eight out of ten.

I am using Microsoft Endpoint Configuration Manager for patch management and asset inventory.

The most valuable feature of Microsoft Endpoint Configuration Manager is it's incredibly simple to configure and execute changes in bulk, allowing for seamless deployment. With this solution, you can easily track the status of all modifications and send them with ease, making it a comprehensive and efficient solution for any necessary adjustments.

The assets have reached their end-of-life, and patching them is a complex and laborious task. It would be highly advantageous if there were an integrated solution that provided distinct options for each end-of-life asset, streamlining the process and facilitating comprehension.

I have been using Microsoft Endpoint Configuration Manager for approximately one and a half years.

I rate the stability of Microsoft Endpoint Configuration Manager an eight out of ten.

We have approximately 10,000 users using the solution.

I rate the scalability of Microsoft Endpoint Configuration Manager a ten out of ten.

I use Tanium in parallel with Microsoft Endpoint Configuration Manager. Tanium is a similar solution that has features, such as asset patching, and encryption, and can be configured around Microsoft assets.

The initial setup of Microsoft Endpoint Configuration Manager is simple.

There is an annual license needed to use the solution.

This tool is helpful for Microsoft assets but it is important to have clear visibility before implementation. It can be a complete solution but a plan.

I rate Microsoft Endpoint Configuration Manager an eight out of ten.