What needs improvement with Microsoft Endpoint Configuration Manager?

The solution should incorporate AI. It should also incorporate real-time capabilities. If we could get real-time information about challenges or issues, it would allow us to take immediate action. For example, with the recent outage caused by the Windows issue, having a real-time warning system could have helped us avoid or reduce the downtime we experienced.

The solution is crowded with information. It is complicated to search for things.

While SCCM offers robust features for application management, we don't currently use it for device inventory and asset management purposes. For these tasks, we rely on a separate inventory management system.

The tool's deployment is complex and depends on the architecture you want to implement.

Regarding this, I'd like to mention the agent situation. When the agent on an end-user device is not functioning correctly, it can be quite problematic. It would be highly beneficial if there were a self-healing mechanism in place. Essentially, if the agent becomes corrupted or encounters issues, it should be able to rectify itself autonomously. This is particularly critical because, in order to utilize a tool like MECM (assuming you're referring to Microsoft System Center Configuration Manager), we need to deploy agents, known as AsMs, on all the devices we use, such as Windows 10 or Windows Server. Sometimes, when we deploy configurations or updates, they don't apply properly due to agent issues. This issue has been present since we began using MECM around 23 years ago. Unfortunately, there is currently no built-in mechanism for the agent to detect its own problems and initiate self-repair. Microsoft doesn’t have any feature to scan vulnerabilities and hence, they could include those.

The assets have reached their end-of-life, and patching them is a complex and laborious task. It would be highly advantageous if there were an integrated solution that provided distinct options for each end-of-life asset, streamlining the process and facilitating comprehension.

We'd like additional data related to security and the configurations of the hardware. On some hardware, we'd like an easier way to get peripherals attached.

SCCM should strive to enhance the accuracy of its reporting functions in order to avoid any issues with incorrect or inaccurate data. Microsoft could supply an installation guide to make setup easier.

The reports are too busy. They could be simpler. I'm a technician, so I don't care how pretty the reports look. They should be easy to read. I'm designing this for production folks. They need to read the reports quickly when they're patching in the middle of the night.

Microsoft Endpoint Manager has incompatibility issues with some Linux versions and most of our programmers are using Linux operating systems. This creates a challenge for administrators in terms of managing the Linux operating system. For example, Fedora and Kali Linux are two of the most popular Linux distributions among developers, and so policies need to be fine-tuned to work properly on these systems. The solution should be more compatible with different versions of Linux.

The solution can be improved by speeding up the synchronizing of the policies on the devices. Technical support can benefit from shortened response times and making sure all of the support team are at par with their knowledge regarding the solution.

The solution does not support remote devices so CMG is still required.

There are several challenges regarding MECM worth mentioning. With MECM, you can't deploy packages remotely for end users who are working from home, unless you pass them through Intune with an Azure tenant. After initiating a VPN connection, the remote machine will contact Intune in order to retrieve packages, scripts, etc. Intune is a great solution for managing devices but it is expensive because you also have to buy an Azure service called CMG (Cloud Management Gateway). CMG works as an intermediary between your on-premises MECM server and remote end users, via email authentication, but it can be difficult to integrate with MECM and costly. There are also some limitations of Intune, such as the inability to deploy operating systems the traditional way via task sequences, making it such that we have to use Autopilot to deploy operating systems. Though, with Intune and Autopilot you can deploy what you have on-premises, including GPO strategies for local endpoints and general endpoint configurations. It is important to note that MECM by itself can only manage Microsoft devices, despite how Intune can be used alongside it to manage multiple platforms (e.g. Android / Apple devices). Finally, there is a steep learning curve when it comes to administration. A lot of experience is needed in terms of troubleshooting, as this is one of the most difficult tasks in MECM. We were seven people in a group and I was the only one that had the patience to do the troubleshooting at times. If we have a problem with a certain feature in MECM, we need to observe the log, reading and analyzing, to discover the problem.

The solution can be improved with the addition of a mobile device manager.

It needs to be able to load faster during deployment and the new release could include this ability. This will allow us to deploy critical collections with over 50,000 to 60,000 users simultaneously.

SCCM can improve on third-party application support. The next features are coming through their newer solution Microsoft Intune or Microsoft Endpoint Configuration Manager (MECM).

Microsoft Endpoint Configuration Manager can improve by allowing us to schedule the scripts, we don't have a script scheduling option and have to do it manually.

Microsoft Endpoint Configuration Manager could improve the integration.

I think the asset management component, the TSM piece, could be improved. That would allow them to compete with other products. It's currently very basic and rudimentary because there are no other connectors such as PeopleSoft that you can get.

The configuration of Microsoft Endpoint Configuration Manager could be improved, it is a bit complicated.

The downside of Microsoft Endpoint Configuration Manager is it's an on-premise-based solution. With the pandemic coming on board the need to support users across the globe has increased. For a while, we would use the in-built Microsoft Teams screen sharing feature but the disadvantage of that is you cannot perform privileged access. Microsoft does not give you access to that. That's where you need cloud-based tools, such as BeyondTrust or Freshservice. There are many aspects of this solution that can be improved, such as security. The integration could be better with other software packages.

The solution could improve the functionality for automating, license management. Additionally, more and better-looking reports are needed.

I'm looking for a single solution for all discovery needs. It fulfills about 40% of the requirements, and I'd like to see the other 60% so that I don't have to keep doing this.

In terms of the monitoring, the timeframe it takes to actually report back on the compliance of a device after it has been patched is a bit too long. That could be better. Sometimes you could be looking at a screen and may take about five to 10 minutes before you get back the actual compliance status and that could be reduced. Having a cloud solution is better in a lot of ways. For the deployment of the operating system, with InTune and modern end-point management, you no longer have to image machines and waste a lot of hours. You no longer have your technicians spending four, five hours imaging machine sessions for drivers and things like that. You can make use of an autopilot, which reduces resources and can cut down the timeframe drastically. There's a lot of wins with the cloud technology that's coming forward, that enterprises and organizations can make use of.

One area of improvement is regarding the patching of Office 365 products. We have some difficulties on this side, and it can be improved. Their support should be improved. Mostly, when we are doing patches on Microsoft 365 clients, we need to escalate to Microsoft support. It takes a long time to get to someone in their support team who has good knowledge of the product. Their support at level one is not quite helpful and knowledgeable.

It would be better if reporting were more user-friendly. I would like to see an upgrade in the reporting structure in the next release. At the moment, you have to use an SQL query or configure it to pull reports through the graphical user interface. Their updates could be more regular. I think Mircosoft updates it every six months. They are also moving many things to Intune, and Microsoft decided to move the deployment solution there. I think SCCM is getting old, and Intune is new.

Cloud-based improvements need to be better managed than is currently the case.

I would like to see more automation.

Microsoft is already pushing users towards Intune, as opposed to SCCM. It's on the roadmap for them. It's inevitable. SCCM will be on Endpoint Manager in the future. I would say nothing needs to be changed. The solution is on-premises. The cloud version of the product, if a person needs to be on the cloud, would be InTune, which already exists as an option. SCCM doesn't need to offer cloud features for this reason.

Because of the way SCCM is, we are moving to the Intune platform similarly to the way that everybody else is. Microsoft is slowly migrating SCCM to the new Intune product for management. There are so many issues with SCCM, but they are already working on migrating the desktop to the intune platform. They have already improved the management and the patch management. They are also looking at cloud integration and being able to deploy it in Azure properly and run the Azure infrastructure. The main or legacy issue is not being able to do remote management of devices without being on a VPN to get their updates. It didn't work well on non-corporate networks. This has been resolved by the new Intune platform. It's Microsoft, they have their issues, but they are getting better. They are integrating it with their office products, and their platforms. In the next releases, I would like to see them make it easier to do remote sessions into the boxes. It would be nice to have everything in one place. Now they have Intune for the desktops and SCCM to handle their servers.

They should improve their anti-malware policies like the SCEP policies. For instance, you can't have different policies for different servers, there is only one policy in all the servers, and everything is covered under that. For example, say you want to scan one group of servers on Saturday, and then you want to scan another group of servers on Sunday, you can't do that. You have to scan all your servers, a regular scan or a full scan, on the same day and at the same time. That's definitely one thing they need to resolve. In the next release, it would actually be nice if they included Apple products. It will also help if you can use Intune again. Their compliance reporting feature could also be better. They can maybe work a bit on that for patching now. It would be better if SCCM came with the functions of Right Click Tools built-in. If SCCM would have all those functions already built-in, we won't have to go and spend $5,000, just as an add-in from another company to get those functions.

It wasn't very user-friendly. The reporting is not very good. It was hard to effectively manage with one person.

It is a bit of an old and outdated product. The cloud would have been the best improvement and already Microsoft is looking into it. They are moving into the cloud and all it will make the product better. There's a roadmap in place, from what I understand. We'll move ahead toward whatever Microsoft decided to deploy. The solution is mainly used for client management and software deployment. However, there maybe should be a more self-service experience. Microsoft may be addressing it in their cloud-native solutions, as currently a lot of administrative tasks are still needed. Automation would be helpful in those cases. If they could add more automation, that would be ideal.

There should probably be better remote support. They should also continue to improve on patch management, patching, and creating or turning products in software into deployable apps.

While the solution is quite good, it can be difficult to understand the logic of this product when it comes to software inventory. Upon examination of the on-premise and Azure environments, I feel that SCCM could be more flexible. While the issue of documentation is not exclusive to SCCM, it can be improved. When it comes to Microsoft Office suite, it is not always clear to where the articles have been moved and the use of a built-in searching giant to find their whereabouts is not always a possibility. When the article is moved to a new location, it can make it challenging to find what I deem to be useful or interesting.

I think SCCM can improve whatever details they shared with the integration partner. There was a lot of junk software and data. There should be flexibility to allow us to extract the data we require. In other words, the flexibility of accepting the specific data that we are looking for. I want the system to provide some dependency relations. For example, you have a laptop, and you start working on it. If I can be informed that you're using the laptop at work, other machines that are dependent on this laptop will be able to provide that dependency relationship. I would like to see the relationship between different machines. For a small-scale industry, the storage capacity is good. However, the performance and storage capacity could be better.

The App to upgrades to the server needs to be improved.

I currently need to increase my compliance level in the patching processes which this solution could improve on. For this purpose, I am looking for another solution to perform more efficiently and to work faster to cover this part specifically. There should be more visibility to integrate more products other than Microsoft products. For example, Adobe and Google Chrome. You need to do a lot of manual intervention to cover all non-Microsoft products for patching at the moment. There are third parties working on these gaps in this solution.

The ability to integrate MDM would be great.

The database should be made to be more stable and robust, but not so much the configuration. I am not sure if it is just bad administration and maintenance, but it fails quite a lot. For me, it's the database, or maybe it's the maintenance overhead. It could be that it requires a lot of maintenance. If you don't maintain it, things could go wrong, this is my assumption.

The interface needs to be a little bit simpler. Right now, it's a bit hard to navigate with ease. The integration capabilities could be better. They need to expand this aspect of their product. The solution is a bit heavy on the sources such as RAM or CPU and the software needs to be a bit lighter. SCCM does not support Linux and Unix. That has been deprecated and is no longer there. It would be ideal if the solution came with more features supporting Mac, then it would be a better product.

It should provide the ability to remotely connect to mobile devices. There are some solutions that are doing that, but with Microsoft Intune, the only way to remotely connect to devices outside the organization and mobile devices is by using TeamViewer. It is pretty strange for a big company like Microsoft to not have something for that.

Sometimes the time it takes to find the fault is a bit too long. The resolution time needs to be shortened quite a bit. There are just some analysis errors that need to be cleared up quicker in general. Otherwise, data blocks and the firewall can be affected unnecessarily. The analysis is something that can be integrated. Their report analysis can be improved a little bit due to the fact that most of the time complaints policies are saved by the admins. It's something that we need to look into and search for. It would be nice if there was just a cohesive report of what was saved, etc.

Its client interface should be more accessible, and the notifications should be more customizable from the console. It should be more user friendly and have some kind of customized notifications so that we can use it on the client side. These are the reasons why we restricted its use only for the server environment and didn't use it on the client side.

SCCM supports the Windows operating system well: however, there is minimal support for Mac and none for mobile devices. Organizations that do not just go with a single operating system, having the flexibility to support more operating systems and devices would be an added advantage. This would allow them to stand out from other products on the market.

Based on my experience with SCCM 2016, the main, big issue is not having a good user-friendly environment. It needs much better GUI. We had some problems configuring Linux virtual machines. We needed to install agents. Microsoft should pay more attention to these Linux virtual machines in order to make implementation with them easier.