Microsoft Configuration Manager Reviews

First off, to clarify some confusion, Microsoft recently changed the name of a previous on-premises tool called SCCM (Microsoft System Center Configuration Manager) to MECM (Microsoft Endpoint Configuration Manager).

In our company, we originally used SCCM with all our Microsoft products, but after a while, many companies including ours started to move their on-premises devices to the cloud, and MECM, along with Intune on an Azure tenant, became our preferred solution for managing devices that are both on-premises and in the cloud.

I worked with a team to complete the upgrade of our SCCM solution to the current version of MECM, which we now use exclusively to deploy software packages, scripts, updates, and operating systems via task sequences. Then, after buying an Azure AD tenant, we took out a license for Microsoft Intune (now part of MECM), in order to link our use of MECM for managing devices that exist on the internet, such as in the case of teleworkers.

MECM has given us many benefits, but the main benefit is that we no longer have to deploy software manually onto hard drives or with USB flash drives, and instead you can do everything over the network.

Our company is spread over several regions, with the headquarters located in Paris, France, and with two remote locations in Paris and two remote locations in Morocco, where I am based. With MECM, we can deploy distribution points (e.g. file servers) in different areas, such that we can deploy packages from any of the distribution points that are nearest to the intended location.

This is useful because when a device needs a package, it will trace the location of the nearest distribution point from which it can source the package, to speed up the transfers over the internet and not impact the overall bandwidth.

I manage software updates and operating systems for devices, and within seconds, we can remotely deploy a system for, say, 2,000 devices. Not only that, but we can also deploy scripts and create comprehensive compliance rules.

There are several challenges regarding MECM worth mentioning.

With MECM, you can't deploy packages remotely for end users who are working from home, unless you pass them through Intune with an Azure tenant. After initiating a VPN connection, the remote machine will contact Intune in order to retrieve packages, scripts, etc.

Intune is a great solution for managing devices but it is expensive because you also have to buy an Azure service called CMG (Cloud Management Gateway). CMG works as an intermediary between your on-premises MECM server and remote end users, via email authentication, but it can be difficult to integrate with MECM and costly.

There are also some limitations of Intune, such as the inability to deploy operating systems the traditional way via task sequences, making it such that we have to use Autopilot to deploy operating systems. Though, with Intune and Autopilot you can deploy what you have on-premises, including GPO strategies for local endpoints and general endpoint configurations. 

It is important to note that MECM by itself can only manage Microsoft devices, despite how Intune can be used alongside it to manage multiple platforms (e.g. Android / Apple devices).

Finally, there is a steep learning curve when it comes to administration. A lot of experience is needed in terms of troubleshooting, as this is one of the most difficult tasks in MECM. We were seven people in a group and I was the only one that had the patience to do the troubleshooting at times. If we have a problem with a certain feature in MECM, we need to observe the log, reading and analyzing, to discover the problem. 

I have worked with Microsoft Endpoint Configuration Manager for six years.

MECM is stable. However, whenever Microsoft makes changes or updates to the workstation operating system (Windows 10, for example), you also have to adapt your version in the server accordingly. So, in future, if you're going to be deploying Windows 11, you will also need to upgrade your version of Windows in MECM. This means that you are always thinking about which versions of operating systems you have in your workstations as well as which versions you have in MECM.

You have to do such maintenance every six months, where you need to consider the versions of operating systems while upgrading and testing to see if they are compatible with your MECM. On the whole, it ends up being a lot of work.

To improve scalability across on-premises and cloud environments, Microsoft introduced Intune which is a service implemented with MECM in the cloud in order to provide communication with devices in remote locations. So if you need to manage remote devices with MECM, you can do so by buying the Azure tenant service, and attach it to your MECM.

In total, we are using MECM and Intune to configure almost 2,000 devices across the company.

We haven't had many problems that have warranted the use of Microsoft support. Thankfully, there are a lot of people on the internet who are also working with MECM so we have a lot of documentation to work with. If you follow the documentation, you don't need the support of Microsoft.

Before using the original SCCM, we had never used anything similar.

It's not easy to implement MECM at first because you are required to have some experience on how to deploy the database for MECM. At our company we already have people working in the data center who have lots of experience in deploying with VMs and virtualization (e.g. Hyper-V and VMware), but for me, implementing MECM was difficult.

It took us around six months to complete the entire implementation because our company has several remote locations which have to be served by the remote distribution server and distribution point servers, and after implementing each server, you have to test it extensively before you put it into production.

We did the implementation by ourselves. We have staff in different areas who helped deploy MECM, including support staff and data center personnel. For example, one person takes care of the AD server, and another takes care of our use of Intune. Yet another group takes care of the IT, engineering, and system administration, of which three people might be there just to handle the load balancing. It all depends on the requirements at the time.

If you have a small company and you have a simple need to install operating systems remotely, you can install WDS (Windows Deployment Service) on a server, which can help with the task of deploying operating systems and software remotely. But if your company has a lot of applications and devices that need monthly updates, it is better to buy a license for MECM.

I don't have the figures for the licensing because it's another group that manages the accounts and licensing for all the servers, but I believe it's quite expensive. The reason I say it's expensive is because we have a lot of products in our company, especially Microsoft products such as Microsoft Office and Microsoft System Center Orchestrator. 

Along with buying a license for MECM, we also have to buy a service called CMG (Cloud Management Gateway) which is a virtual machine in the cloud with which you can link your MECM to the Azure tenant so as to manage teleworkers. To explain a bit further, the teleworkers' machines communicate with the CMG as a tenant service in Azure, which then communicates with your MECM and on-premises policies, which then communicates back to the teleworker client.

This is a necessary process, but at least it is only a small feature and it is not difficult to add this relationship to your MECM as long as you have people experienced in the Azure tenant service.

MECM is a solution that needs a team that is well-experienced in implementation, administration, troubleshooting, and more, but the reward is worth the effort. My biggest piece of advice is that before you integrate it into your company, make sure you have the required skills.

I would rate MECM an eight out of ten.

I am using Microsoft Endpoint Configuration Manager for patch management and asset inventory.

The most valuable feature of Microsoft Endpoint Configuration Manager is it's incredibly simple to configure and execute changes in bulk, allowing for seamless deployment. With this solution, you can easily track the status of all modifications and send them with ease, making it a comprehensive and efficient solution for any necessary adjustments.

The assets have reached their end-of-life, and patching them is a complex and laborious task. It would be highly advantageous if there were an integrated solution that provided distinct options for each end-of-life asset, streamlining the process and facilitating comprehension.

I have been using Microsoft Endpoint Configuration Manager for approximately one and a half years.

I rate the stability of Microsoft Endpoint Configuration Manager an eight out of ten.

We have approximately 10,000 users using the solution.

I rate the scalability of Microsoft Endpoint Configuration Manager a ten out of ten.

I use Tanium in parallel with Microsoft Endpoint Configuration Manager. Tanium is a similar solution that has features, such as asset patching, and encryption, and can be configured around Microsoft assets.

The initial setup of Microsoft Endpoint Configuration Manager is simple.

There is an annual license needed to use the solution.

This tool is helpful for Microsoft assets but it is important to have clear visibility before implementation. It can be a complete solution but a plan.

I rate Microsoft Endpoint Configuration Manager an eight out of ten.

We mostly use Microsoft Endpoint Configuration Manager for patch management and application deployment. We will check and post a critical or supplement patch if there is a vulnerability.

I like Mircosoft's technical support. Microsoft has a few updates, like some of the critical KBs. They are published within the interval time, and in case of an escalation on the client missions, we will raise a ticket with the Microsoft team. They will create a hotfix or a critical update. They will chat with us, and that is one thing I like about Microsoft. Whenever any issues occur at my organization, they will help you out soon as possible within the SLA.

It would be better if automation options were available. For example, in Nexthink or SysTrack, there is an analytical tool. Creating dashboards would be very easy if you implement the same thing in Microsoft. That report will be a daily cost to the customers and good revenue for our organization. The price also could be better.

In the next release, we need to include some features like tables, dashboards, surveys, services, and metrics in the dashboard. Whatever we are implementing will be downloaded by a report. Apart from the report, we will telecast from the dashboard. It's very easy to compare, and it will be easy to telecast to the end-users.

I have been using Microsoft Endpoint Configuration Manager for five years.

Microsoft Endpoint Configuration Manager is a stable solution. There is nothing to worry about. When Microsoft pushes updates or patches, they will be in the W-Sync server. We have some people who will concentrate on Sync's parameters. Apart from that, everything is perfect.

Microsoft Endpoint Configuration Manager is a scalable solution.

From my point of view, I'm just giving 60% to 70% marks to those who support us with these issues. If there are any new issues, they will check in with the corresponding team, which takes some time. If there are issues with a single machine or server, or it affects the whole environment, they will analyze it from their end and provide a hotfix.

On a scale from one to five, I would give Microsoft technical support a four.

Positive

I would tell potential users that for 15,000 or 30,000 machines, you must go with Microsoft Endpoint Configuration Manager as it's the best tool. We can install the clients on all the end-user machines. All the data will be recorded in the Microsoft console itself. There's no need to worry if the patching activities will be hygienic, which will be very useful. 

You can go with another third-party software if you're just a small organization with 50-odd machines. The Microsoft license cost is relatively high, but everything will be perfect, stable, and reliable.

The initial setup is straightforward because Microsoft is always user-friendly. They will share the parameters, like troubleshooting steps and the pre-request. They will send the database knowledge-base document to us. It will be a step-by-step procedure. There won't be any worrying or alarming issues with Microsoft. If we have any problems, we will raise a ticket with Microsoft, and the team from Microsoft will help us. We can implement this solution within two or three hours, depending on the bandwidth speed.

On a scale from one to five, I will give the initial setup a four.

We implemented this solution.

The price could be better.

On a scale from one to ten, I would give Microsoft Endpoint Configuration Manager a nine.

The primary use case of the solution is to deploy the computers and servers.

The most valuable feature is that it integrates well with other Microsoft solutions.

The solution can be improved with the addition of a mobile device manager.

I have been using the solution for three years.

The solution is stable.

The solution is scalable.

The initial setup is straightforward.

The implementation was completed in-house.

I give the solution a nine out of ten.

I recommend the solution because it functions as advertised. The solution is user-friendly and easy to learn. The solution has a nice-looking interface, unlike others out there.

The primary use case of the solution is to deploy patches, and applications, and upgrade our client operating systems.

Without the solution, we would have to manually install all patches and software and upgrade our operating system with the help of our support team, which would take a long time. With SCCM, this process is automated, making it a highly valuable feature.

The most valuable feature of this solution is its ability to deploy patches to nearly all applications.

SCCM should strive to enhance the accuracy of its reporting functions in order to avoid any issues with incorrect or inaccurate data.

Microsoft could supply an installation guide to make setup easier.

I have been using the solution for ten years.

The solution is stable and we have not had any issues.

The solution is scalable.

We have 100,000 people using the solution.

The technical support is good. We can call the hotline or use the website to generate the tickets.

Positive

The initial setup is straightforward.

I give the solution a nine out of ten.

Maintenance for the solution is easy.

I recommend the solution to others.

It is used only for endpoints. We are trying to decide if it is useful for server-based evaluation as well. Like everybody else, we want to track what software is deployed. We have a one-half deployment of this product now, and I'm not sure if it's useful for what we want to do, which is server-based. It is designed to detect any PC. Thousands of people are using it this way, and it's not a new thing, but some people also seem to use the product for server-based detection, and it looks like there are modules you can download for Linux and other things to make it work beyond just the endpoint, which is what I am after.

It works well for the endpoints for the customer I'm consulting. It has a bunch of knobs, and you can tune it to do lots of things. 

It is designed to detect any PC. You can do it agent-based, or you can do it by some other method. If it is agent-based, then as long as the PC has the Endpoint Manager agent on it at the time when the batch job runs, it detects the hardware and software and puts it in the database. 

I'm looking for a single solution for all discovery needs. It fulfills about 40% of the requirements, and I'd like to see the other 60% so that I don't have to keep doing this.

I've been consulting in this space for five years. It has been used by the customer for years.

I don't have enough data on that. While I've been observing it, it has been stable.

When you buy it, you license it with a total number of devices to be managed, and that's a wall. When you hit the wall, you're going to need more licenses. So, you can scale right up to the spot where you have hit your boundary on licensing. To that boundary, it scales just fine.

I don't have any experience with their support.

This client uses seven or eight different things to perform this function of discovery. They use two different things for networks, and they use a hodgepodge of things to track VMware and Virtual Data Images (VDIs) and basically back of the envelope to track things that are on servers.

As far as I know, it is an annual operating expense license.

You may need complementary products to handle the holes not envisioned by SCCM.

For what it was designed to do, I would rate it a nine out of 10.

We are using SCCM to manage the virtual machine configuration. We had around 100 or 200 virtual machines and wireless, and we need to configure different settings on all of the virtual machines. We need to handle patching, updating, and installing security updates. We prefer to use System Center instead of other solutions like GFI LanGuard that are already installed in other environments.

Previous to SCCM, the entire process was completely manual.

The solution is very flexible and very handy. It has helped us move past the process of manually updating.

It's helped us solve problems surrounding patching, installing, and reporting different patches, etc., on the virtual machines.

Based on my experience with SCCM 2016, the main, big issue is not having a good user-friendly environment. It needs much better GUI. 

We had some problems configuring Linux virtual machines. We needed to install agents. Microsoft should pay more attention to these Linux virtual machines in order to make implementation with them easier.

I've been working in the System Center on two projects for around two years. 

The solution is extremely stable. We've only really had to restart the solution twice in the first year. It's very reliable.

In terms of scalability, at that time I didn't need to scale the development. However, in the near future, it is possible. I don't have any idea of the timeline for our scaling the solution as I focus on VMware technology at this time.

Our company has around 60 users. However, we offer this solution to one of the enterprise customers that use it for bank data centers. They have around 3000 staff.

We are using the System Center to manage around 2000 virtual machines.

In my country, due to sanctions, we cannot use direct support. We just use third-party partners in different countries. Generally, we support the System Center and all their products directly and don't need outside support.

If a company migrates to a cloud environment, I prefer to use another solution. For example, in the Azure environment, I definitely use Intune instead of System Center. In other products, I use Jamf, which is a good product that is comparable with System Center in the cloud environment. 

In terms of the current initial setup, the new version is a little bit more complex as you need to design a great architecture for the enterprise environment when we use a lot of virtual machines. For example, when you have more than 1,000 virtual machines, there needs to be a high level of consideration for the design of different components of the System Center.

In terms of deployment, if you have a good design, the process may take about a week. You need, I would guess, one week for installing and preparing the environment. However, you need to relay different instructions in order to install it. In total, the process would take around one, or, at a maximum, two weeks.

Our team consists of five members; one senior and four support engineers. Their job is to configure and maintain the active directory environment and the SCCM platform.

I implemented the solution myself. I took a month to study the solution, and, after that, I was able to handle the process personally. I took only two days in terms of how long it took me to install it.

The solution is pretty expensive. A company really needs to consider their environment.

We're just a customer. In the past, we used System Center version 2012, and after one year we upgraded to System Center 2016.

Out of all the products in the market, the best solution is System Center, especially for Microsoft virtual machines and all services that are related to Microsoft Technologies.

If you are evolving in the Microsoft environment, I prefer to use the System Center due to the fact that it includes different solutions like System Center Configuration Manager, System Center Operation Manager, System Center Virtual Backup. It's a full solution and provides different services. It has great integration with other Microsoft products. 

I would recommend the solution to an engineer or administrator. And first, a new user will have to study different best practices and have a good overview of the architect of System Center and the functionality of the different components. After that, they would have to go in through the details about the Linux machines. The biggest problems we had at the time of implementation was related to Linux virtual machines, not Microsoft virtual machines. With the licensing and the price, it's a tricky point that the engineers should consider when they need to set up a license

Overall, I would rate the solution eight out of ten.

The primary use case for SCCM is for managing workstations.

All of the software that runs on our workstations is packaged and distributed and managed. Along with that, some of our security software is managed a little bit differently, but is accounted for in that way.

We also use it for keeping track of our patches.

We're a Microsoft-centric organization, so we are happy with the integration between products.

The interface, customization, and security are all pretty good.

There is no asset management package included. You have to buy that separately so we need  to use another system to manage that. This is one of the biggest things that makes SCCM not as competitive as some other systems. If they had this functionality then their help desk software would be much better and much more useful.

It is a little bit fat on the client-side, in terms of the stuff it leaves in place after the management is complete. It would be nice if they could pay attention to that, although we have a separate way of dealing with it.

I have been involved with using SCCM in four or five different places for a total of close to 15 years.

SCCM has no issue with stability.

This is a scalable product. The biggest group that I have been involved with was maybe 15,000 people. Typically, the sizes are in the 1,000-person area and it's not the type of product that you put together and configure for an office.

Their SCCM support is slightly better than their general support. Their general support, Microsoft is tiered so you have to fight your way through the tiers to get to the real people. There's no way around that, but that's just the way they are. I understand that because they're such a big company

I have not done the initial setup alone, and I wouldn't recommend doing it for anybody who didn't know what they were doing, or that hadn't done it before, because you have to go through a certain learning process.

I have seen that a base installation complete can be done in three days, and I have also seen an environment with 1,000 workstations deployed in two weeks.

I have always worked with somebody who is well-versed in the solution to assist with deployment. I rely on a Microsoft MVP-level person to get the install done properly for me.

One person is enough for maintenance.

Pricing is negotiable with Microsoft, depending upon which of their packages you choose. They're changing their packages, and I don't know how they're changing them yet. It's been a few years since I have worked in that capacity.

We continually look at and evaluate everything.

Microsoft has Intune, as well. However, Intune is a choice if you're in a smaller-scale situation. Typically, I don't get called into things unless it is large, where I interact with clients on technical computing and solving network problems that are related to workstation issues. For these types of larger things, SCCM is a logical choice.

I haven't been in a Unix environment beyond having to do database-engine-related work.

My advice for anybody looking into implementing SCCM is that it has to be on a larger scale, and you have to be committed to Microsoft.

I would rate this solution an eight out of ten.