Microsoft Configuration Manager Reviews

We primarily use the solution for patch management, application deployment and operating system deployment.

It has improved our ability to remediate against critical CVE's in a timely manner across the enterprise.

The patch management is great. The ability to be able to centrally purchase servers is quite useful.

The ability to monitor only after you have rebooted devices allows you to see if they have compliance or not.

The efficiency - as opposed to patching once you have the time - of having a central repository to manage everything you need is very helpful.

The solution is quite stable. 

It's perfect for enterprises.

We have found the scalability to be quite good.

In terms of the monitoring, the timeframe it takes to actually report back on the compliance of a device after it has been patched is a bit too long. That could be better. Sometimes you could be looking at a screen and may take about five to 10 minutes before you get back the actual compliance status and that could be reduced.

Having a cloud solution is better in a lot of ways. For the deployment of the operating system, with InTune and modern end-point management, you no longer have to image machines and waste a lot of hours. You no longer have your technicians spending four, five hours imaging machine sessions for drivers and things like that. You can make use of an autopilot, which reduces resources and can cut down the timeframe drastically. There's a lot of wins with the cloud technology that's coming forward, that enterprises and organizations can make use of.

I've used the solution over the three years. It's been in our organization for the past six years.

It's a very stable product. It is definitely an enterprise-grade patch management solution.

The product is very scalable. When we have migrations and we bring on additional devices, such as during an acquisition of companies, it's great. We can bring them right into our environment. It's very scalable in terms of deploying and adding a new division to the solution. 

Currently, we have it deployed to support over 20,000 PCs.

Likely, we will increase usage. There are also new tools that are modern tools that we are starting to make use of. As much as you're doing something for patch management, where you need to enter the discussion is you need to start looking at modern endpoints, which is InTune, for example. We will start making use of InTune for the patch of end-points. We could also do scheduling of those patches as well from the cloud to the client. We are using, a hybrid approach. Generally, our goal is to expand usage.

In terms of technical support, once you have a Microsoft agreement, the level of support would be the same across all our products. We have an enterprise-grade level of support. Therefore, once I create a critical case, I get support within the hour. We are quite satisfied.

We have had a deployment in our enterprise for more than five years. It's a relatively complex deployment due to the fact that we have a large organization.

I am one of the enterprise engineers. I make deployments happen at a new location and it may just be a matter of training the onsite technician at that new division on how to make use of it. We have an enterprise-grade deployment and we have divisional deployments where divisions can make use of it to still manage their in-house shops.

A consultant would've assisted in the initial deployment.

We do pay a licensing fee on a yearly basis. 

There is a license cost and it is licensed per deployment. We do pay licensing costs for all of the deployments that we have on our end, across the enterprise.

With the way everything is moving to the cloud, you need to have all of these licenses in place.

We're partners with Microsoft.

For people looking into implementing Configuration Manager at this point, I would recommend it. They should also look at InTune, which is more of an endpoint deployment. For the servers, you can still look at what we have, however, just the way, how things are developing, I can see the industry and patch management moving away from on-prem management to more like making use of the cloud and use of our Microsoft for business in terms of managing the updates, ease of updates and things like that. What is happening now is a paradigm shift.

I'd rate the solution at an eight out of ten. It's great for enterprises.

We use Microsoft Endpoint Configuration Manager for application deployment, patch deployment, and many other things. If you have any script that needs to be deployed to all the devices, you can do it with this solution. 

If you have this solution in your environment, it's a win-win situation. You can deliver anything that the customer requires. If the efficacy is somewhere around 80 to 90%, everything isn't well because some devices aren't coming online because of bandwidth issues or they aren't compliant. 

However, if we have 80% to 90% efficacy, we can achieve compliance. The compliance we reached was around 95%, but that 5% was probably due to a decommissioned device or one that wasn't in the environment. So, for efficacy, delivery, and reporting, this is one of the best tools.

The major features of this product are the reporting tools. The most valuable features are package deployment and application deployment. Security management is also good because any vulnerability will be identified, and you can fix it. It's the best tool because you never know what kind of client you will have. For example, you may have your offices in low bandwidth remote areas. But it's achievable because it accommodates the bandwidth that you have available.

Microsoft Endpoint Configuration Manager is an excellent reporting tool for your environment. If you want to know the details about the hardware configuration, software configuration, what is causing a problem, or when a new feature update comes in for Windows, even that goes on SCCM itself. A lot of deployment stuff.

It would be better if reporting were more user-friendly. I would like to see an upgrade in the reporting structure in the next release. At the moment, you have to use an SQL query or configure it to pull reports through the graphical user interface. 

Their updates could be more regular. I think Mircosoft updates it every six months. They are also moving many things to Intune, and Microsoft decided to move the deployment solution there. I think SCCM is getting old, and Intune is new. 

I have been working with Microsoft Endpoint Configuration Manager for about seven years.

Microsoft Endpoint Configuration Manager is very stable. It's very reliable, and it's a proven product.

Scalability is difficult for the inexperienced. But if you know how to use these tools, scalability is also good. When Intune matures, you can also use it together with Microsoft Endpoint Configuration Manager to scale and co-manage the environment.

Microsoft support is good, but it does take time. There are two types of support provided by Microsoft, paid and unpaid. The paid option offers a real-time system, and they help because we have to pay in dollars. Sometimes it takes two or three days to get to the submission. I cannot comment much because we only had a few cases and had to connect with them. Usually, these issues are related to some upgrades and some tool-related issues. Although it's good, I think Microsoft support could be better because they still take too much time.

The deployment process is very simple. It's not difficult because it gives you a variety of features. You have to create a collection or a group, and you deploy it. It's very slow and dependent on the network. 

A single person can install and deploy this solution. If you have an application already created and tested, that's fine. If you do not have one, then you have to build the application and test it. If everything goes fine, you can simply deploy it to the list of people you want to target. I wouldn't say that you need many people, but it depends on your operation and how you manage your environment.

The deployment time depends on the location it's going to, the bandwidth, and more. You can configure a time for the application to replace the policy or when the machine will replace its policies in the configuration settings. Suppose I'm an administrator and deploying something on your device; your machine will not get turned on. I will go ahead and update the application evolution cycle and machine policies so that it happens automatically. Once the 30 minutes clock starts, it'll update, and once it refreshes, it will see something I sent, and it'll start downloading it. 

Downloading is always completely dependent on how fast your internet is. Once the package is downloaded, you can simply go ahead and install it. Small packages will take about an hour at most to deploy. For bigger packages, it's completely dependent on the internet because this tool does only one job. It's like a postman as it takes one thing from you and gives it to the other person.

There are periodic updates, and the maintenance is also done. The patch update service is critical and has a significant impact.

Microsoft Endpoint Configuration Manager is suitable for small businesses. If you have fewer offices and fewer users, then the efficacy of this product is very high. If the company doesn't have a system for a long time or doesn't have many employees or environmental issues, they can open Intune and have a cloud-based solution and get all the features together there.

You can stage your content, and you can share where you have no connectivity. You can go ahead and do the whole deployment and a lot of things. Intune is still improving, but SCCM has a feature of all this deployment and all other things.

So I would say that SCCM has a stronghold and is still relevant. It's an excellent product, but Intune will take it over in a few years. But not entirely because they will coexist. They are working in an environment simultaneously, hand in hand, but I think the market will move more toward Intune (if it's not moving already).

I would advise potential users to take a structural approach. They should know the customer's requirements, the number of users, and the locations. They need to have the setup, create a cache, and then binary and secondary options for these deployments. But if you're using a cloud-based solution, you don't have too much worry about it because everything will come from the internet. 

On a scale from one to ten, I would give Microsoft Endpoint Configuration Manager an eight.

Microsoft Endpoint Configuration Manager, formerly known as SCCM, is used for patching machine servers and application deployments. It also stores an inventory of machine hardware. We are customers and I'm a consultant. 

Patching is an important feature in the solution. Because it's console-based we can create one application or patch in the console. It will download and from the console base we can deploy to all machines. If your company has around 1,000-2,000 machines we're able to patch and deploy to all concurrently. We're also able to check, report and troubleshoot if there are any issues or errors that occur during deployment. We currently have 500 plus servers which are managed automatically on cloud.

Cloud-based improvements need to be better managed than is currently the case. 

I've been using this solution for nine years.

The solution is quite stable because it's a Microsoft product. Even though it's cloud-based it's quite stable. We have two engineers that deal with maintenance. 

The solution is quite scalable, although there is a lot of competition from products such as AWS and IBM BigFix.

We've had good experience with Microsoft technical support. 

The initial setup was straightforward. It's a matter of downloading from Microsoft, updating on the console and deploying. The amount of staff required for deployment depends on the level of infrastructure. Before the deployment, you need to test the machines to check whether a particular patch is installed and updated properly on that machine and whether there are any bugs. Installation is a step-by-step process. We can do about 20,000 per week, so within five weeks the job can be done. If there are only 10,000 machines, deployment can be completed within a week. 

Licensing is better than with other solutions because it's Microsoft-based. Microsoft offers multiple options which works for us. 

The solution is good for us because most of our users are using Microsoft-based products and the solution is compatible for anyone using Linux-based or AWS.

I rate the solution nine out of 10. 

We are using SCCM to manage the virtual machine configuration. We had around 100 or 200 virtual machines and wireless, and we need to configure different settings on all of the virtual machines. We need to handle patching, updating, and installing security updates. We prefer to use System Center instead of other solutions like GFI LanGuard that are already installed in other environments.

Previous to SCCM, the entire process was completely manual.

The solution is very flexible and very handy. It has helped us move past the process of manually updating.

It's helped us solve problems surrounding patching, installing, and reporting different patches, etc., on the virtual machines.

Based on my experience with SCCM 2016, the main, big issue is not having a good user-friendly environment. It needs much better GUI. 

We had some problems configuring Linux virtual machines. We needed to install agents. Microsoft should pay more attention to these Linux virtual machines in order to make implementation with them easier.

I've been working in the System Center on two projects for around two years. 

The solution is extremely stable. We've only really had to restart the solution twice in the first year. It's very reliable.

In terms of scalability, at that time I didn't need to scale the development. However, in the near future, it is possible. I don't have any idea of the timeline for our scaling the solution as I focus on VMware technology at this time.

Our company has around 60 users. However, we offer this solution to one of the enterprise customers that use it for bank data centers. They have around 3000 staff.

We are using the System Center to manage around 2000 virtual machines.

In my country, due to sanctions, we cannot use direct support. We just use third-party partners in different countries. Generally, we support the System Center and all their products directly and don't need outside support.

If a company migrates to a cloud environment, I prefer to use another solution. For example, in the Azure environment, I definitely use Intune instead of System Center. In other products, I use Jamf, which is a good product that is comparable with System Center in the cloud environment. 

In terms of the current initial setup, the new version is a little bit more complex as you need to design a great architecture for the enterprise environment when we use a lot of virtual machines. For example, when you have more than 1,000 virtual machines, there needs to be a high level of consideration for the design of different components of the System Center.

In terms of deployment, if you have a good design, the process may take about a week. You need, I would guess, one week for installing and preparing the environment. However, you need to relay different instructions in order to install it. In total, the process would take around one, or, at a maximum, two weeks.

Our team consists of five members; one senior and four support engineers. Their job is to configure and maintain the active directory environment and the SCCM platform.

I implemented the solution myself. I took a month to study the solution, and, after that, I was able to handle the process personally. I took only two days in terms of how long it took me to install it.

The solution is pretty expensive. A company really needs to consider their environment.

We're just a customer. In the past, we used System Center version 2012, and after one year we upgraded to System Center 2016.

Out of all the products in the market, the best solution is System Center, especially for Microsoft virtual machines and all services that are related to Microsoft Technologies.

If you are evolving in the Microsoft environment, I prefer to use the System Center due to the fact that it includes different solutions like System Center Configuration Manager, System Center Operation Manager, System Center Virtual Backup. It's a full solution and provides different services. It has great integration with other Microsoft products. 

I would recommend the solution to an engineer or administrator. And first, a new user will have to study different best practices and have a good overview of the architect of System Center and the functionality of the different components. After that, they would have to go in through the details about the Linux machines. The biggest problems we had at the time of implementation was related to Linux virtual machines, not Microsoft virtual machines. With the licensing and the price, it's a tricky point that the engineers should consider when they need to set up a license

Overall, I would rate the solution eight out of ten.

Systems management, inventory, pushing out deployment, and patching. It has multiple purposes.

It helped our internal IT get ahold of all the applications that we are actually running out there. With the SCCM inventory, we found a lot of rogue applications. We were able to identify them, find out who was running them, and either put them on our application list or remove them.

One of our goals with the patching of systems was to automate it so we wouldn't have to manually push out patches anymore. It gave us the ability to set up schedules, set up all the groups and collections and, according to what our security requirements are, to automate the patching of our servers and desktops. Everybody knows now exactly what days it will happen and what is going to get patched, on a schedule. That was a huge culture shift.

What's valuable is the basic management of the systems, being able to control who can access the systems.

You can remote control or RDP. That has been the most valuable because we can go into one console and can get to anything we want. Instead of going to all these different consoles, we centralized everything. That's the big one that we really are enjoying, that we have a central console for everything.

We run into little stuff all the time. There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. At least that tells us which ones didn't reboot, but before that got put in the 2018 version, it was really tough because management wanted a report of what patched and what wasn't, we couldn't give it to them.

We went into the feedback site and added our feedback and voted on it. The reboot pending was a big step forward, but we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now.

I would also love to be able to patch Linux servers. I would love that ability to be on one console and patch my environment. I know they're doing it with the Azure piece right. I saw that at Ignite last year, where they're looking to almost have SCCM as part of the cloud, and they will supposedly let you patch your Linux boxes from the cloud. Being a law firm, that is not going to happen for us. We are not cloud-friendly.

Finally, their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. Our security really liked the idea of being able to get compliance reports themselves, on patching etc. However, it is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it or anything like that. That's all they said, "It's a known issue."

We've had no stability problems at all. Things have been running great for a year, we haven't had any real issues with the system itself. We've had to tweak some things like everybody does, some registry keys here and there, but there has not been a stability problem at all.

It scales, but it gets expensive. If you're looking to do - and this is something I hear they're changing in one of the future versions - built-in HA, high-availability, right now you have to use Microsoft clustering. So you have to buy Microsoft clustering to make it highly available. 

As far as load balancing across, they don't have that support yet, so that you can actually build multiple primaries and have it load balance across. They don't have any of that functionality yet. That would be a nice feature, to scale that way. The way they have designed SCCM is to put the load in the offices. You put secondary sites out there where you put DPs on the sites and they pull from the local site, not from across the LAN. That helps with the load, it doesn't really hit the primary server.

We had to escalate our issue because you always get that person at first-level support who reads off a script. Then, after a couple hours, you say, "Escalate this." Once we got to the second person, we were able to figure our issues out. I would rate tech support at seven out of 10, based on our experience.

We used ZENworks for years. I used to work for Novell, so I was biased toward it too. We switched because we weren't sure where they were going. With Novell going away, Micro Focus taking over, and somebody taking over the whole umbrella corporation, we had no idea. They couldn't give us a real roadmap out for a long period of time. We were a little worried about being on a product that might not be around in five years.

We had no problems with ZENworks. It was fine, we loved it, but we were worried about the future.

I did a lot of research before I set it up. I watched a lot of YouTube videos, talked to Microsoft, demos, etc. I did enough homework so that when we set it up it was pretty simple. You just have to understand the SCCM infrastructure and how it works. If you don't understand that it might be confusing when you first install it. You have to understand your primary site, your secondary site, your distribution points and how they work, so you know how to set it up correctly.

After that, installing it was easy. Just understanding what connects to what. What has to go first, what has to go second, what services you need installed and set up, and how to set them up. Once you do your research on that it is pretty simple. But if you go in blind, I can see how it could be rather difficult.

Pricing and licensing are a downside of SCCM. It's expensive. I'd have to confirm this, but I think they changed the licensing to core-based instead of socket-based. It's not cheap, because you have to buy the software, you have to buy SQL. Another thing we learned from talking to Microsoft is that they provide you a license for SQL if you run it on the same box as the primary server. If you run it outside that box, you have to buy SQL. Microsoft does recommend you running it on the same box because of performance. But then, in order to run SQL, SCCM, and everything on the same box, you better have some resources.

It's an expensive solution. There's no doubt about it.

We looked at some small-time vendors, third-party stuff. No major names. There was one that we looked at that was really small and it actually seemed pretty powerful. It was called PDQ. But it turned out to be more for small business than enterprise-ready. 

The only enterprise solutions we came across were SCCM, ZENworks, and BigFix from IBM. Even though BigFix did Linux, it did everything, the price point was really expensive. It was something that wasn't even in our ballpark, and they didn't seem to want to deal with us.

We were already on ZENworks and we knew how it worked. We knew everything about it, but again, we didn't know its future. When it came down to having discussions with our team, myself, and other architects, we decided the more we keep with a single solution - we are mainly a Microsoft shop, Windows on the desktop, and mostly Microsoft servers - the more we keep the stack together. That's why we went with SCCM.

Do your homework. Understand the basics of it, how it works between services. When you go to install it's going to ask you specific questions, and you might not know what the question is unless you did your homework ahead of time.

Microsoft offers architectural sessions. Right before we installed it, we went to Microsoft and they sat down with us and did a session with us to understand how to architect it, how do design it. I would definitely advise doing that. I don't know who they offer it to, but that was very helpful. We met with their architects at Microsoft and they helped us understand how to architect it.

I give SCCM an eight out of 10. It's powerful. It's not a 10 because it has little bugs here and there. It has little issues that are annoying. For example, you may want to do something on a maintenance window. There's no way to say, "I want this maintenance window to be on the second Tuesday of the month." It's strict. This window is this and that's it. You can't fluctuate. There are little intricacies that are a little annoying. Sometimes we find the flexibility is not there in certain circumstances.

Our Windows environment has about 100 servers, Windows 2012/2016, and more than 500 desktop and laptop computers with Windows 7/10.

We use SCCM 2012 mainly for installing and deployment of images for new operating systems on end-user computers, for application management, distribution of new applications, software and hardware inventory, remote assistance, application virtualization and, of course, for software updates on servers and workstations.

It has improved distribution and the migration of existing desktop computers and user profiles to new machines.

Excellent reports for compliance, status of updates, and software metering.

I would like to see some improvements in WSUS and control of other, non-Microsoft, product updates.

I use the solution to manage security and policies. 

The solution effectively handles inventory management, deployment, and reporting. 

The solution does not support remote devices so CMG is still required. 

I have been using the solution for six years. 

The solution is very stable. 

The solution is for ICCM so does not scale like a cloud application. It is intended for security, management, or device teams and not end users. 

Scaling is always available with a monetary investment. 

Technical support is pretty good. 

The complexity of setup depends many factors such as the number of sites or distribution points and whether they will be centrally administered. Proper planning and execution are important. 

Deployments of an ICCM server can take up to four weeks. 

The solution operates on a licensing model that can be expensive. 

Pricing is reasonable for small companies but large companies or enterprise environments require multiple licenses. 

The solution is very stable and robust with a longstanding reputation. It works well with Windows devices and offers good management for ICCM.

The cloud-based platform is a good option for managing only Android or iOS devices. 

I rate the solution an eight out of ten. 

The new CMD features are excellent. It is like a cloud environment gateway. 

The batch management is very helpful. The software deployment happens in there. 

There are many features relevant to many of our clients.

The initial setup is fairly straightforward.

The interface needs to be a little bit simpler. Right now, it's a bit hard to navigate with ease.

The integration capabilities could be better. They need to expand this aspect of their product.

The solution is a bit heavy on the sources such as RAM or CPU and the software needs to be a bit lighter.

SCCM does not support Linux and Unix. That has been deprecated and is no longer there. 

It would be ideal if the solution came with more features supporting Mac, then it would be a better product.

The solution is quite stable. We haven't really dealt with bugs or glitches. It doesn't crash or freeze. It's reliable.

You can scale it up if you need to. You can add the client servers, for example. I've had multiple primary sites that I get as I go. A company that needs to scale can do so with relative ease.

We deal with companies that are often medium-sized or enterprise-level.

The technical support is good. It's provided by Microsoft and we have lots of cases with Microsoft. They have been able to support us effectively so far. We're satisfied with the support so far.

SCCM has been the only product that we have worked on. We haven't used anything else. We haven't worked with BigFix or anything like that.

The initial setup is easy. It's not overly complex. That said, anyone who's doing it needs to be a bit clever. It's not for people with little technological background. There is a bit of research required. You need to learn a bit about the product for effective deployment.

We handle the deployments for clients.

I don't deal with the pricing. I'm not aware of the costs in general. I can't say if it's reasonable or expensive. It's not my area of expertise.

I haven't really evaluated other solutions. However, I just received a proposal from one of our sales associates, and the company had BigFix. They were trying to move on to SCCM. They had some questions regarding whether the same features would be available in SCCM or not. That's the reason I went to do some comparisons.

We are Microsoft partners. I'm a consultant. This solution is being used by my client's companies.

We are using the latest version of the solution, which is 2010.

I would recommend SCCM based on the requirement of the customers. However, if they are looking for Unix and Linux support, which is no longer in SCCM, I'd recommend BigFix. That solution is better for Unix and Linux.

Anybody who wants to implement SCCM should do some research online, depending upon what features they want. Once they see that SCCM will be able to manage, will be able to resolve their issues, they should choose it. However, they need to look for a partner, a Microsoft partner, that can take help from them for deployment purposes.

I would rate the solution eight out of ten. If the product used less resources, I would rate it higher