Microsoft Configuration Manager Reviews

The primary use case of the solution is to deploy patches, and applications, and upgrade our client operating systems.

Without the solution, we would have to manually install all patches and software and upgrade our operating system with the help of our support team, which would take a long time. With SCCM, this process is automated, making it a highly valuable feature.

The most valuable feature of this solution is its ability to deploy patches to nearly all applications.

SCCM should strive to enhance the accuracy of its reporting functions in order to avoid any issues with incorrect or inaccurate data.

Microsoft could supply an installation guide to make setup easier.

I have been using the solution for ten years.

The solution is stable and we have not had any issues.

The solution is scalable.

We have 100,000 people using the solution.

The technical support is good. We can call the hotline or use the website to generate the tickets.

Positive

The initial setup is straightforward.

I give the solution a nine out of ten.

Maintenance for the solution is easy.

I recommend the solution to others.

We use MECM for intelligent logic automation. About 400,000 users are impacted by the solution, but there are around 20 admins who work with it directly. We have multiple automation tools and use the one that makes sense as needed.

We're designing PowerShell scripts to automate patching the boot process. The ROI is there.

I like the data collection. 

The reports are too busy. They could be simpler. I'm a technician, so I don't care how pretty the reports look. They should be easy to read. I'm designing this for production folks. They need to read the reports quickly when they're patching in the middle of the night.

I have used MECM for about four or five months.

I rate MECM nine out of 10 for stability. 

I rate MECM eight out of 10 for scalability.

I haven't gotten support from Microsoft for MECM, but I've contacted them in the past for various tickets. They're professional.

I work in the lab. I design a solution before it's deployed in production. I wasn't involved in the actual deployment. Deploying things in the lab is different. It's a much smaller footprint.

So far, the ROI is pretty decent.

MECM is more expensive than Ansible, which is open and free. That's why we'll use other tools as needed for automation. 

I rate Microsoft Endpoint Configuration Manager seven out of 10. You need to have the right mindset to use it. The first question should always be: Can this be automated? From there, you'll see if the product will satisfy their automation requirements.

We use this solution to apply new group policies.

The solution was particularly helpful for patching the OS, and for the VM in our environment. With 10 branches, we have a huge number of VMs. Using ECM, we can download the new patches one by one, apply and then restore them. It saves us a lot of time. 

The valuable feature is the ability to gain all the data you need. We can collect data and get insight into the functionalities of their scope. As system administrators, we get a summarized report for each site with the installed version of the OS for all PCs in our environment. We know which meet the requirements and which don't. For those that don't, we can mitigate any potential vulnerabilities or threats.

I think managing Linux devices could be improved. It would help our colleagues and other departments like the dev opps, who only use Linux machines to quickly patch their VMs.

I've been using this solution for two years. 

The solution is stable. 

The solution is scalable. 

The technical support could be improved. 

The initial setup is very straightforward. We have six users. 

It's important to keep the database going at all times to avoid any interruption of the service. The implementation must be very well designed because you have to know the scope of your workload and that should be addressed in the action plan before proceeding with the deployment. 

I rate this solution eight out of 10. 

First off, to clarify some confusion, Microsoft recently changed the name of a previous on-premises tool called SCCM (Microsoft System Center Configuration Manager) to MECM (Microsoft Endpoint Configuration Manager).

In our company, we originally used SCCM with all our Microsoft products, but after a while, many companies including ours started to move their on-premises devices to the cloud, and MECM, along with Intune on an Azure tenant, became our preferred solution for managing devices that are both on-premises and in the cloud.

I worked with a team to complete the upgrade of our SCCM solution to the current version of MECM, which we now use exclusively to deploy software packages, scripts, updates, and operating systems via task sequences. Then, after buying an Azure AD tenant, we took out a license for Microsoft Intune (now part of MECM), in order to link our use of MECM for managing devices that exist on the internet, such as in the case of teleworkers.

MECM has given us many benefits, but the main benefit is that we no longer have to deploy software manually onto hard drives or with USB flash drives, and instead you can do everything over the network.

Our company is spread over several regions, with the headquarters located in Paris, France, and with two remote locations in Paris and two remote locations in Morocco, where I am based. With MECM, we can deploy distribution points (e.g. file servers) in different areas, such that we can deploy packages from any of the distribution points that are nearest to the intended location.

This is useful because when a device needs a package, it will trace the location of the nearest distribution point from which it can source the package, to speed up the transfers over the internet and not impact the overall bandwidth.

I manage software updates and operating systems for devices, and within seconds, we can remotely deploy a system for, say, 2,000 devices. Not only that, but we can also deploy scripts and create comprehensive compliance rules.

There are several challenges regarding MECM worth mentioning.

With MECM, you can't deploy packages remotely for end users who are working from home, unless you pass them through Intune with an Azure tenant. After initiating a VPN connection, the remote machine will contact Intune in order to retrieve packages, scripts, etc.

Intune is a great solution for managing devices but it is expensive because you also have to buy an Azure service called CMG (Cloud Management Gateway). CMG works as an intermediary between your on-premises MECM server and remote end users, via email authentication, but it can be difficult to integrate with MECM and costly.

There are also some limitations of Intune, such as the inability to deploy operating systems the traditional way via task sequences, making it such that we have to use Autopilot to deploy operating systems. Though, with Intune and Autopilot you can deploy what you have on-premises, including GPO strategies for local endpoints and general endpoint configurations. 

It is important to note that MECM by itself can only manage Microsoft devices, despite how Intune can be used alongside it to manage multiple platforms (e.g. Android / Apple devices).

Finally, there is a steep learning curve when it comes to administration. A lot of experience is needed in terms of troubleshooting, as this is one of the most difficult tasks in MECM. We were seven people in a group and I was the only one that had the patience to do the troubleshooting at times. If we have a problem with a certain feature in MECM, we need to observe the log, reading and analyzing, to discover the problem. 

I have worked with Microsoft Endpoint Configuration Manager for six years.

MECM is stable. However, whenever Microsoft makes changes or updates to the workstation operating system (Windows 10, for example), you also have to adapt your version in the server accordingly. So, in future, if you're going to be deploying Windows 11, you will also need to upgrade your version of Windows in MECM. This means that you are always thinking about which versions of operating systems you have in your workstations as well as which versions you have in MECM.

You have to do such maintenance every six months, where you need to consider the versions of operating systems while upgrading and testing to see if they are compatible with your MECM. On the whole, it ends up being a lot of work.

To improve scalability across on-premises and cloud environments, Microsoft introduced Intune which is a service implemented with MECM in the cloud in order to provide communication with devices in remote locations. So if you need to manage remote devices with MECM, you can do so by buying the Azure tenant service, and attach it to your MECM.

In total, we are using MECM and Intune to configure almost 2,000 devices across the company.

We haven't had many problems that have warranted the use of Microsoft support. Thankfully, there are a lot of people on the internet who are also working with MECM so we have a lot of documentation to work with. If you follow the documentation, you don't need the support of Microsoft.

Before using the original SCCM, we had never used anything similar.

It's not easy to implement MECM at first because you are required to have some experience on how to deploy the database for MECM. At our company we already have people working in the data center who have lots of experience in deploying with VMs and virtualization (e.g. Hyper-V and VMware), but for me, implementing MECM was difficult.

It took us around six months to complete the entire implementation because our company has several remote locations which have to be served by the remote distribution server and distribution point servers, and after implementing each server, you have to test it extensively before you put it into production.

We did the implementation by ourselves. We have staff in different areas who helped deploy MECM, including support staff and data center personnel. For example, one person takes care of the AD server, and another takes care of our use of Intune. Yet another group takes care of the IT, engineering, and system administration, of which three people might be there just to handle the load balancing. It all depends on the requirements at the time.

If you have a small company and you have a simple need to install operating systems remotely, you can install WDS (Windows Deployment Service) on a server, which can help with the task of deploying operating systems and software remotely. But if your company has a lot of applications and devices that need monthly updates, it is better to buy a license for MECM.

I don't have the figures for the licensing because it's another group that manages the accounts and licensing for all the servers, but I believe it's quite expensive. The reason I say it's expensive is because we have a lot of products in our company, especially Microsoft products such as Microsoft Office and Microsoft System Center Orchestrator. 

Along with buying a license for MECM, we also have to buy a service called CMG (Cloud Management Gateway) which is a virtual machine in the cloud with which you can link your MECM to the Azure tenant so as to manage teleworkers. To explain a bit further, the teleworkers' machines communicate with the CMG as a tenant service in Azure, which then communicates with your MECM and on-premises policies, which then communicates back to the teleworker client.

This is a necessary process, but at least it is only a small feature and it is not difficult to add this relationship to your MECM as long as you have people experienced in the Azure tenant service.

MECM is a solution that needs a team that is well-experienced in implementation, administration, troubleshooting, and more, but the reward is worth the effort. My biggest piece of advice is that before you integrate it into your company, make sure you have the required skills.

I would rate MECM an eight out of ten.

The primary use case of the solution is to deploy the computers and servers.

The most valuable feature is that it integrates well with other Microsoft solutions.

The solution can be improved with the addition of a mobile device manager.

I have been using the solution for three years.

The solution is stable.

The solution is scalable.

The initial setup is straightforward.

The implementation was completed in-house.

I give the solution a nine out of ten.

I recommend the solution because it functions as advertised. The solution is user-friendly and easy to learn. The solution has a nice-looking interface, unlike others out there.

We are using Microsoft Endpoint Configuration Manager to manage our client's Microsoft estate. 

The most valuable feature of Microsoft Endpoint Configuration Manager is the availability of being able to manage the Microsoft estate. It handles many areas, such as asset management and tracking.

Microsoft Endpoint Configuration Manager could improve the integration.

I have been using Microsoft Endpoint Configuration Manager for approximately 10 years.

Microsoft Endpoint Configuration Manager is highly stable.

The scalability of Microsoft Endpoint Configuration Manager is good.

The support for Microsoft Endpoint Configuration Manager is good.

We did not face any challenges with the initial setup of Microsoft Endpoint Configuration Manager. The time it takes to do the deployment depends upon the size of the environment. Smaller deployments don't take more than a week and very large deployments can take up to three to six months.

The support staff needed for Microsoft Endpoint Configuration Manager depends upon the size of the deployment. However, we do not require a large number of people to support it. 

Microsoft comes with an end-to-end package that can include Office 365 and many other applications put together, it makes it a very integrated system for people to use.

We have a support license from Microsoft Endpoint Configuration Manager and the overall price of the solution is reasonable.

I rate Microsoft Endpoint Configuration Manager a nine out of ten.

It is used only for endpoints. We are trying to decide if it is useful for server-based evaluation as well. Like everybody else, we want to track what software is deployed. We have a one-half deployment of this product now, and I'm not sure if it's useful for what we want to do, which is server-based. It is designed to detect any PC. Thousands of people are using it this way, and it's not a new thing, but some people also seem to use the product for server-based detection, and it looks like there are modules you can download for Linux and other things to make it work beyond just the endpoint, which is what I am after.

It works well for the endpoints for the customer I'm consulting. It has a bunch of knobs, and you can tune it to do lots of things. 

It is designed to detect any PC. You can do it agent-based, or you can do it by some other method. If it is agent-based, then as long as the PC has the Endpoint Manager agent on it at the time when the batch job runs, it detects the hardware and software and puts it in the database. 

I'm looking for a single solution for all discovery needs. It fulfills about 40% of the requirements, and I'd like to see the other 60% so that I don't have to keep doing this.

I've been consulting in this space for five years. It has been used by the customer for years.

I don't have enough data on that. While I've been observing it, it has been stable.

When you buy it, you license it with a total number of devices to be managed, and that's a wall. When you hit the wall, you're going to need more licenses. So, you can scale right up to the spot where you have hit your boundary on licensing. To that boundary, it scales just fine.

I don't have any experience with their support.

This client uses seven or eight different things to perform this function of discovery. They use two different things for networks, and they use a hodgepodge of things to track VMware and Virtual Data Images (VDIs) and basically back of the envelope to track things that are on servers.

As far as I know, it is an annual operating expense license.

You may need complementary products to handle the holes not envisioned by SCCM.

For what it was designed to do, I would rate it a nine out of 10.

We primarily use the solution for patch management, application deployment and operating system deployment.

It has improved our ability to remediate against critical CVE's in a timely manner across the enterprise.

The patch management is great. The ability to be able to centrally purchase servers is quite useful.

The ability to monitor only after you have rebooted devices allows you to see if they have compliance or not.

The efficiency - as opposed to patching once you have the time - of having a central repository to manage everything you need is very helpful.

The solution is quite stable. 

It's perfect for enterprises.

We have found the scalability to be quite good.

In terms of the monitoring, the timeframe it takes to actually report back on the compliance of a device after it has been patched is a bit too long. That could be better. Sometimes you could be looking at a screen and may take about five to 10 minutes before you get back the actual compliance status and that could be reduced.

Having a cloud solution is better in a lot of ways. For the deployment of the operating system, with InTune and modern end-point management, you no longer have to image machines and waste a lot of hours. You no longer have your technicians spending four, five hours imaging machine sessions for drivers and things like that. You can make use of an autopilot, which reduces resources and can cut down the timeframe drastically. There's a lot of wins with the cloud technology that's coming forward, that enterprises and organizations can make use of.

I've used the solution over the three years. It's been in our organization for the past six years.

It's a very stable product. It is definitely an enterprise-grade patch management solution.

The product is very scalable. When we have migrations and we bring on additional devices, such as during an acquisition of companies, it's great. We can bring them right into our environment. It's very scalable in terms of deploying and adding a new division to the solution. 

Currently, we have it deployed to support over 20,000 PCs.

Likely, we will increase usage. There are also new tools that are modern tools that we are starting to make use of. As much as you're doing something for patch management, where you need to enter the discussion is you need to start looking at modern endpoints, which is InTune, for example. We will start making use of InTune for the patch of end-points. We could also do scheduling of those patches as well from the cloud to the client. We are using, a hybrid approach. Generally, our goal is to expand usage.

In terms of technical support, once you have a Microsoft agreement, the level of support would be the same across all our products. We have an enterprise-grade level of support. Therefore, once I create a critical case, I get support within the hour. We are quite satisfied.

We have had a deployment in our enterprise for more than five years. It's a relatively complex deployment due to the fact that we have a large organization.

I am one of the enterprise engineers. I make deployments happen at a new location and it may just be a matter of training the onsite technician at that new division on how to make use of it. We have an enterprise-grade deployment and we have divisional deployments where divisions can make use of it to still manage their in-house shops.

A consultant would've assisted in the initial deployment.

We do pay a licensing fee on a yearly basis. 

There is a license cost and it is licensed per deployment. We do pay licensing costs for all of the deployments that we have on our end, across the enterprise.

With the way everything is moving to the cloud, you need to have all of these licenses in place.

We're partners with Microsoft.

For people looking into implementing Configuration Manager at this point, I would recommend it. They should also look at InTune, which is more of an endpoint deployment. For the servers, you can still look at what we have, however, just the way, how things are developing, I can see the industry and patch management moving away from on-prem management to more like making use of the cloud and use of our Microsoft for business in terms of managing the updates, ease of updates and things like that. What is happening now is a paradigm shift.

I'd rate the solution at an eight out of ten. It's great for enterprises.