Microsoft Configuration Manager Reviews

We use Microsoft Endpoint Configuration Manager for application deployment and patching. We run the gamut, and we use it for quite a bit.

To do what we are doing with the configurations manager manually would be impossible. We have over 100,000 systems, and it simplifies a lot of what we are doing. The reporting aspect allows you to report on patch compliance, etc. It just simplifies a lot of things.

I like a lot of the reporting capabilities and baseline configurations.

Some of the capabilities aren't fully developed yet. It's an ongoing work in progress. I think they are making some steps in the right direction as far as managing workstations centrally, like Intune. 

I have been using Microsoft Endpoint Configuration Manager for over ten years.

Microsoft Endpoint Configuration Manager is stable.

On a scale from one to ten, I would give stability a nine. 

Microsoft Endpoint Configuration Manager is very scalable. We probably have 150,000 users right now.

On a scale from one to ten, I would give scalability a nine.

The initial setup is a bit challenging. We have a relatively complex environment. It's a little bit more complicated than it might be for a smaller environment. It can be relatively straightforward, but there are some twists in our environment.

We implemented this solution.

I would tell potential users that it's a worthwhile solution for any company that has to manage a lot of systems. It's a great tool.

On a scale from one to ten, I would give Microsoft Endpoint Configuration Manager an eight.

The primary use case of the solution is to deploy the computers and servers.

The most valuable feature is that it integrates well with other Microsoft solutions.

The solution can be improved with the addition of a mobile device manager.

I have been using the solution for three years.

The solution is stable.

The solution is scalable.

The initial setup is straightforward.

The implementation was completed in-house.

I give the solution a nine out of ten.

I recommend the solution because it functions as advertised. The solution is user-friendly and easy to learn. The solution has a nice-looking interface, unlike others out there.

We use it to manage our enterprise desktops and laptops. Most of our enterprise computers are managed using this platform, but we also include some mobile devices. It allows us to manage our desktops effectively with policies in place. I estimate that over 50% of our laptops are managed using this platform.

Endpoint Manager is valuable to our organization because it allows us to connect to our enterprise from remote locations securely. The most useful feature is its robustness and scalability. It is highly scalable and flexible, allowing us to use it in various environments. Additionally, we can specialize the policies related to each device group. This ensures that each group has access to the applications they need for their work and non-work hours.

Microsoft Endpoint Manager has incompatibility issues with some Linux versions and most of our programmers are using Linux operating systems. This creates a challenge for administrators in terms of managing the Linux operating system. For example, Fedora and Kali Linux are two of the most popular Linux distributions among developers, and so policies need to be fine-tuned to work properly on these systems. The solution should be more compatible with different versions of Linux. 

I have been using Endpoint Manager for two years.

The stability is good.

The solution is highly scalable.

The technical support is awesome.

Positive

Before switching to Microsoft Endpoint Manager we used a trial version of ManageEngine, but it was very costly compared to Microsoft Endpoint Manager. We switched because we already had the Microsoft Developer ecosystem in our environment, and we got it at a really low cost being a bundled product. Manage Engine is a worldwide solution that specializes in endpoint management. It is on the same level as Microsoft, but Microsoft has an upper hand in terms of budget.

The initial setup is straightforward. We had a team of three people that configured and deployed Microsoft Endpoint Manager. 

We deploy this software in our endpoint computers, most of the staff computers and laptops, as well as 50% of the staff laptops that are signed out. We are also trying it on some mobile devices to see the results before rolling it out to all mobile devices. 

The implementation was completed in-house.

We have seen a great return on investment using the solution through time saved. Most of our enterprise computers are equipped with advanced features and internet access is for the most part open. To increase the working throughput of staff and employees, we use endpoint managers with reduced fees and separate policies to ensure they only have access to useful applications during working hours. This has actually increased productivity in terms of time saved.

Microsoft Endpoint Manager also provides a return on investment by helping us save money. For example, if we want to deploy other solutions, we would have to subscribe to them. And some of those solutions are hardware-oriented, while others are software-oriented. By using Microsoft Endpoint Manager, we can save money by purchasing these solutions together.

Microsoft provides a steep price for their enterprise products, but they offer very competitive pricing for their legacy customers. We have been using Microsoft products for the past six to seven years and have found that the cost is considerably less than if we were to purchase a single product. For example,  ManageEngine is passed on to us at an individual price, which makes the overall cost much higher.

I give the solution a nine out of ten.

Maintenance is required for some client requests because a few of our cases involve clients reporting issues with their applications. We need to maintain their laptops because they usually run into issues while running other applications. However, in the case of personal computers, there is no problem. We can maintain them with only 20% of the typical maintenance requirements.

I would recommend that everyone try out the Endpoint Manager solution from Microsoft. It is a great product because it integrates well with Microsoft products, which most organizations use. This reduces the number of integration and troubleshooting problems. Even if Microsoft products are not used in an organization, I still recommend this product. Other solutions are available but there may be some integration and troubleshooting problems.

The on-premises useability is very good.

The solution is stable. 

For the most part, for our needs, the scaling is fine.

Microsoft is already pushing users towards Intune, as opposed to SCCM. It's on the roadmap for them. It's inevitable. SCCM will be on Endpoint Manager in the future. I would say nothing needs to be changed.

The solution is on-premises. The cloud version of the product, if a person needs to be on the cloud, would be InTune, which already exists as an option. SCCM doesn't need to offer cloud features for this reason.

We have used the solution for the past decade. It's been around ten years at this point.

The solution is stable. There are no bugs or glitches. It doesn't crash or freeze.

SCCM is built for corporate networks. There is some advantage from Microsoft in terms of the content management gateway that we already have so that we can utilize the internet, however, scaling is fairly it's straightforward.

In our company, we have 44,000 devices. We do not need more. Scalability-wise we are good. We are not a company of hundred thousand devices. I'm not looking to scale it more. Therefore, I can't speak to what scalability would be like for those with 100,000 or more devices.

We have a support team that does technical support for us. I don't work directly with Microsoft. I go into priority calls, however, our technical teams manage that. Therefore, I can't speak to how helpful or responsive they are.

We are trying to transition from SCCM to Bigfix.

My understanding is that the installation is a two-day setup, however, I did not personally set it up, and therefore can't speak of the implementation or how easy or difficult it might have been.

I cannot speak on pricing. I let the procurement team deal with it. Therefore, I don't have any information on licensing fees, et cetera.

I have looked at comparisons between Bigfix, SCCM, and Intune. I personally prefer INTune as a solution, however, the company is moving towards Bigfix and away from SCCM.

We are just customers and end-users of SCCM.

We have been using SCCM for the past decade, however, now, the company is supposed to go with Intune for model management. However, we have a new CPO or CSO double hatting with security as well. He's more inclined in Bigfix features, which offer more robust patch management as well as vulnerability scan. SWe dropped the plan to go with Intune and will go with Bigfix, moving us away from SCCM.

Our CPO, CSO is mainly the driver for the change, not because it is on our roadmap or our partnership with the vendor or anybody else.

In general, I would recommend the solution to other organizations and companies. We've been happy with it over the years. I'd rate it at a nine out of ten.

We utilize it for tasks such as ongoing OS patching, application deployment, configuring services, making adjustments to conferencing settings, comparing configurations across different systems, and implementing security measures, among other things.

Certainly, MECM, being MECM, is undeniably one of the best tools I've come across, having a plenty of features that have been steadily improving over time. In our role, it serves as an outstanding solution, particularly as a configuration manager. Nothing quite compares to MECM in this regard. The interface and its capabilities have been immensely helpful. While I've explored other tools on the market, including premium options, MECM stands out as superior to all of them. Moreover, it aligns seamlessly with Microsoft platforms and their various intricacies. It's a significant advantage.

The cloud account management is a valuable feature.

Regarding this, I'd like to mention the agent situation. When the agent on an end-user device is not functioning correctly, it can be quite problematic. It would be highly beneficial if there were a self-healing mechanism in place. Essentially, if the agent becomes corrupted or encounters issues, it should be able to rectify itself autonomously. This is particularly critical because, in order to utilize a tool like MECM (assuming you're referring to Microsoft System Center Configuration Manager), we need to deploy agents, known as AsMs, on all the devices we use, such as Windows 10 or Windows Server. Sometimes, when we deploy configurations or updates, they don't apply properly due to agent issues. This issue has been present since we began using MECM around 23 years ago. Unfortunately, there is currently no built-in mechanism for the agent to detect its own problems and initiate self-repair.

Microsoft doesn’t have any feature to scan vulnerabilities and hence, they could include those.

I would rate it six or seven out of ten.  There have been significant issues in the past, particularly over the last three years. Sometimes, the activities we attempt to implement are not entirely successful, and they end up being ignored. Achieving a full implementation success rate of 100% is challenging; typically, we reach about 90-95%. It requires substantial effort and diligence to get everything working as it should, highlighting the need for improvements in this regard.

MECM has impressive scalability. It can support up to 150,000 devices, and if you require more, you can simply add another primary site. This scalability is as advertised, and I have experience working in a large environment. I would rate it 9 out of 10. 

The timeline for setting up this system depends on the number of endpoints or end-users involved. For example, during my time at Walmart, where we were supporting around 350,000 endpoints and 8,000 servers, it took a few months to get the environment settled. In my current organization, which is focused on internal services, it only takes about a week, sometimes even just a couple of days. The process, though, remains quite similar. It can be done by a lot of people but requires support from teams. 

The setup process typically involves configuring prerequisites, setting up SQL Servers (especially for larger environments), and dealing with any network restrictions. Some networks have specific requirements and restrictions that need to be accommodated. As mentioned earlier, ensuring that your system can communicate with agents across the environment is crucial. In more basic terms, you'll need relays or distribution points in each data center or location. These distribution points help in routing and redistributing the data efficiently. The complexity of the setup mainly hinges on the number of offices and locations you're dealing with. Fortunately, the setup itself is straightforward and user-friendly, so understanding it doesn't require much time if you're familiar with the process.

The setup is extremely easy and I would rate it 10 out of 10. 

Certainly, in an enterprise environment, having an SME for deploying MECM is essential. Even though I can handle it myself and have experience implementing SCCM for over a hundred to two hundred and seven devices, I still seek the guidance of an SME to ensure I'm on the right track. It's always beneficial to have that expertise, especially when dealing with Microsoft products.

I would recommend it using simply and would rate it 8 out of 10.

This is a diverse tool so its use case varies. Most people use it for patch management and software distribution, and operating system deployment. It can also be used for policy management and for maintaining a baseline on the computer, depending on the company and its goals. We are consultants and resellers and deploy this solution on the cloud and on-prem. We use Azure for our cloud deployments. I'm a consultant and president and CEO of our company. 

The solution enables significant streamlining and reduces resources from a personnel perspective.

Patching is very effective and reporting is very good. In general, the software distribution and operating system deployment are very good. Most organizations with small support resources leverage it, along with the Azure Autopilot component or the Intune Autopilot component. The customer orders the solution, it's shipped to them, they open it, log on with their Azure credentials and it builds the machine for them as opposed to going to an imaging center, and having a dedicated staff for that particular function. 

I think the asset management component, the TSM piece, could be improved. That would allow them to compete with other products. It's currently very basic and rudimentary because there are no other connectors such as PeopleSoft that you can get.

I've been using this solution for 24 years. 

This is a very mature product so it's very stable. In the 24 years I've been using it, most of the kinks have been worked out. It's all about having a healthy network and a healthy, active directory structure. If those two things are in place, you'll have a really good experience. If not, it will definitely show its head in the SCCM product. 

The scalability is excellent. 

Technical support for SCCM is good. You have to get past the tier one person, but once you get to a dedicated MECM engineer, it's good. The support forums are also helpful. 

If the solution is being deployed by someone with experience, it can be done in about two hours. They're pretty good with hydration kits where you can configure all the prerequisites and all the components, and you're up and running in about two clicks. It's the customer and budget that dictates how complex or how involved a setup is. If they're only leveraging a couple of the core features of the product, it's pretty straightforward, but if they want to use more advanced functions and distribute that out and do low balancing and that sort of thing, it takes a little more time. Generally, clients allow us to integrate for them, we conduct a turnkey training solution, and then they take it over.

Although the solution is not as expensive as Ivanti, the cost is still quite high. Certain licensing arrangements can get you a better deal, but it's still expensive. It's based on a CAL license, so if you have a client on an endpoint, there's going to be a charge. I think it's around $US35 per license per year. It's not too bad. 

If you're new to the solution then it's worthwhile studying the documentation because it's not easy in terms of all the components that make it up such as SQL and so forth. 

I rate the solution nine out of 10. 

First off, to clarify some confusion, Microsoft recently changed the name of a previous on-premises tool called SCCM (Microsoft System Center Configuration Manager) to MECM (Microsoft Endpoint Configuration Manager).

In our company, we originally used SCCM with all our Microsoft products, but after a while, many companies including ours started to move their on-premises devices to the cloud, and MECM, along with Intune on an Azure tenant, became our preferred solution for managing devices that are both on-premises and in the cloud.

I worked with a team to complete the upgrade of our SCCM solution to the current version of MECM, which we now use exclusively to deploy software packages, scripts, updates, and operating systems via task sequences. Then, after buying an Azure AD tenant, we took out a license for Microsoft Intune (now part of MECM), in order to link our use of MECM for managing devices that exist on the internet, such as in the case of teleworkers.

MECM has given us many benefits, but the main benefit is that we no longer have to deploy software manually onto hard drives or with USB flash drives, and instead you can do everything over the network.

Our company is spread over several regions, with the headquarters located in Paris, France, and with two remote locations in Paris and two remote locations in Morocco, where I am based. With MECM, we can deploy distribution points (e.g. file servers) in different areas, such that we can deploy packages from any of the distribution points that are nearest to the intended location.

This is useful because when a device needs a package, it will trace the location of the nearest distribution point from which it can source the package, to speed up the transfers over the internet and not impact the overall bandwidth.

I manage software updates and operating systems for devices, and within seconds, we can remotely deploy a system for, say, 2,000 devices. Not only that, but we can also deploy scripts and create comprehensive compliance rules.

There are several challenges regarding MECM worth mentioning.

With MECM, you can't deploy packages remotely for end users who are working from home, unless you pass them through Intune with an Azure tenant. After initiating a VPN connection, the remote machine will contact Intune in order to retrieve packages, scripts, etc.

Intune is a great solution for managing devices but it is expensive because you also have to buy an Azure service called CMG (Cloud Management Gateway). CMG works as an intermediary between your on-premises MECM server and remote end users, via email authentication, but it can be difficult to integrate with MECM and costly.

There are also some limitations of Intune, such as the inability to deploy operating systems the traditional way via task sequences, making it such that we have to use Autopilot to deploy operating systems. Though, with Intune and Autopilot you can deploy what you have on-premises, including GPO strategies for local endpoints and general endpoint configurations. 

It is important to note that MECM by itself can only manage Microsoft devices, despite how Intune can be used alongside it to manage multiple platforms (e.g. Android / Apple devices).

Finally, there is a steep learning curve when it comes to administration. A lot of experience is needed in terms of troubleshooting, as this is one of the most difficult tasks in MECM. We were seven people in a group and I was the only one that had the patience to do the troubleshooting at times. If we have a problem with a certain feature in MECM, we need to observe the log, reading and analyzing, to discover the problem. 

I have worked with Microsoft Endpoint Configuration Manager for six years.

MECM is stable. However, whenever Microsoft makes changes or updates to the workstation operating system (Windows 10, for example), you also have to adapt your version in the server accordingly. So, in future, if you're going to be deploying Windows 11, you will also need to upgrade your version of Windows in MECM. This means that you are always thinking about which versions of operating systems you have in your workstations as well as which versions you have in MECM.

You have to do such maintenance every six months, where you need to consider the versions of operating systems while upgrading and testing to see if they are compatible with your MECM. On the whole, it ends up being a lot of work.

To improve scalability across on-premises and cloud environments, Microsoft introduced Intune which is a service implemented with MECM in the cloud in order to provide communication with devices in remote locations. So if you need to manage remote devices with MECM, you can do so by buying the Azure tenant service, and attach it to your MECM.

In total, we are using MECM and Intune to configure almost 2,000 devices across the company.

We haven't had many problems that have warranted the use of Microsoft support. Thankfully, there are a lot of people on the internet who are also working with MECM so we have a lot of documentation to work with. If you follow the documentation, you don't need the support of Microsoft.

Before using the original SCCM, we had never used anything similar.

It's not easy to implement MECM at first because you are required to have some experience on how to deploy the database for MECM. At our company we already have people working in the data center who have lots of experience in deploying with VMs and virtualization (e.g. Hyper-V and VMware), but for me, implementing MECM was difficult.

It took us around six months to complete the entire implementation because our company has several remote locations which have to be served by the remote distribution server and distribution point servers, and after implementing each server, you have to test it extensively before you put it into production.

We did the implementation by ourselves. We have staff in different areas who helped deploy MECM, including support staff and data center personnel. For example, one person takes care of the AD server, and another takes care of our use of Intune. Yet another group takes care of the IT, engineering, and system administration, of which three people might be there just to handle the load balancing. It all depends on the requirements at the time.

If you have a small company and you have a simple need to install operating systems remotely, you can install WDS (Windows Deployment Service) on a server, which can help with the task of deploying operating systems and software remotely. But if your company has a lot of applications and devices that need monthly updates, it is better to buy a license for MECM.

I don't have the figures for the licensing because it's another group that manages the accounts and licensing for all the servers, but I believe it's quite expensive. The reason I say it's expensive is because we have a lot of products in our company, especially Microsoft products such as Microsoft Office and Microsoft System Center Orchestrator. 

Along with buying a license for MECM, we also have to buy a service called CMG (Cloud Management Gateway) which is a virtual machine in the cloud with which you can link your MECM to the Azure tenant so as to manage teleworkers. To explain a bit further, the teleworkers' machines communicate with the CMG as a tenant service in Azure, which then communicates with your MECM and on-premises policies, which then communicates back to the teleworker client.

This is a necessary process, but at least it is only a small feature and it is not difficult to add this relationship to your MECM as long as you have people experienced in the Azure tenant service.

MECM is a solution that needs a team that is well-experienced in implementation, administration, troubleshooting, and more, but the reward is worth the effort. My biggest piece of advice is that before you integrate it into your company, make sure you have the required skills.

I would rate MECM an eight out of ten.

I am using Microsoft Endpoint Configuration Manager for patch management and asset inventory.

The most valuable feature of Microsoft Endpoint Configuration Manager is it's incredibly simple to configure and execute changes in bulk, allowing for seamless deployment. With this solution, you can easily track the status of all modifications and send them with ease, making it a comprehensive and efficient solution for any necessary adjustments.

The assets have reached their end-of-life, and patching them is a complex and laborious task. It would be highly advantageous if there were an integrated solution that provided distinct options for each end-of-life asset, streamlining the process and facilitating comprehension.

I have been using Microsoft Endpoint Configuration Manager for approximately one and a half years.

I rate the stability of Microsoft Endpoint Configuration Manager an eight out of ten.

We have approximately 10,000 users using the solution.

I rate the scalability of Microsoft Endpoint Configuration Manager a ten out of ten.

I use Tanium in parallel with Microsoft Endpoint Configuration Manager. Tanium is a similar solution that has features, such as asset patching, and encryption, and can be configured around Microsoft assets.

The initial setup of Microsoft Endpoint Configuration Manager is simple.

There is an annual license needed to use the solution.

This tool is helpful for Microsoft assets but it is important to have clear visibility before implementation. It can be a complete solution but a plan.

I rate Microsoft Endpoint Configuration Manager an eight out of ten.