It needs to be able to load faster during deployment and the new release could include this ability. This will allow us to deploy critical collections with over 50,000 to 60,000 users simultaneously.
Vice President Technological Solutions and Security at a tech services company with 1,001-5,000 employees
Real User
2022-07-17T09:58:00Z
Jul 17, 2022
SCCM can improve on third-party application support. The next features are coming through their newer solution Microsoft Intune or Microsoft Endpoint Configuration Manager (MECM).
Microsoft Endpoint Configuration Manager can improve by allowing us to schedule the scripts, we don't have a script scheduling option and have to do it manually.
President/CEO at a computer software company with 11-50 employees
Real User
2022-04-05T10:17:01Z
Apr 5, 2022
I think the asset management component, the TSM piece, could be improved. That would allow them to compete with other products. It's currently very basic and rudimentary because there are no other connectors such as PeopleSoft that you can get.
Learn what your peers think about Microsoft Configuration Manager. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Senior Consultant at a tech services company with 501-1,000 employees
Consultant
2022-02-20T17:18:20Z
Feb 20, 2022
I'm looking for a single solution for all discovery needs. It fulfills about 40% of the requirements, and I'd like to see the other 60% so that I don't have to keep doing this.
Enterprise Systems Engineer at a mining and metals company with 10,001+ employees
Real User
2021-12-27T19:18:00Z
Dec 27, 2021
In terms of the monitoring, the timeframe it takes to actually report back on the compliance of a device after it has been patched is a bit too long. That could be better. Sometimes you could be looking at a screen and may take about five to 10 minutes before you get back the actual compliance status and that could be reduced. Having a cloud solution is better in a lot of ways. For the deployment of the operating system, with InTune and modern end-point management, you no longer have to image machines and waste a lot of hours. You no longer have your technicians spending four, five hours imaging machine sessions for drivers and things like that. You can make use of an autopilot, which reduces resources and can cut down the timeframe drastically. There's a lot of wins with the cloud technology that's coming forward, that enterprises and organizations can make use of.
IT End User Computing Expert at a manufacturing company with 5,001-10,000 employees
Real User
2021-11-16T14:22:28Z
Nov 16, 2021
One area of improvement is regarding the patching of Office 365 products. We have some difficulties on this side, and it can be improved. Their support should be improved. Mostly, when we are doing patches on Microsoft 365 clients, we need to escalate to Microsoft support. It takes a long time to get to someone in their support team who has good knowledge of the product. Their support at level one is not quite helpful and knowledgeable.
It would be better if reporting were more user-friendly. I would like to see an upgrade in the reporting structure in the next release. At the moment, you have to use an SQL query or configure it to pull reports through the graphical user interface. Their updates could be more regular. I think Mircosoft updates it every six months. They are also moving many things to Intune, and Microsoft decided to move the deployment solution there. I think SCCM is getting old, and Intune is new.
Director of Professional Services at a tech services company with 11-50 employees
Real User
2021-07-30T16:17:06Z
Jul 30, 2021
Because of the way SCCM is, we are moving to the Intune platform similarly to the way that everybody else is. Microsoft is slowly migrating SCCM to the new Intune product for management. There are so many issues with SCCM, but they are already working on migrating the desktop to the intune platform. They have already improved the management and the patch management. They are also looking at cloud integration and being able to deploy it in Azure properly and run the Azure infrastructure. The main or legacy issue is not being able to do remote management of devices without being on a VPN to get their updates. It didn't work well on non-corporate networks. This has been resolved by the new Intune platform. It's Microsoft, they have their issues, but they are getting better. They are integrating it with their office products, and their platforms. In the next releases, I would like to see them make it easier to do remote sessions into the boxes. It would be nice to have everything in one place. Now they have Intune for the desktops and SCCM to handle their servers.
While the solution is quite good, it can be difficult to understand the logic of this product when it comes to software inventory. Upon examination of the on-premise and Azure environments, I feel that SCCM could be more flexible. While the issue of documentation is not exclusive to SCCM, it can be improved. When it comes to Microsoft Office suite, it is not always clear to where the articles have been moved and the use of a built-in searching giant to find their whereabouts is not always a possibility. When the article is moved to a new location, it can make it challenging to find what I deem to be useful or interesting.
IT Technical Support Manager at a financial services firm with 10,001+ employees
Real User
2021-03-26T14:09:13Z
Mar 26, 2021
I currently need to increase my compliance level in the patching processes which this solution could improve on. For this purpose, I am looking for another solution to perform more efficiently and to work faster to cover this part specifically. There should be more visibility to integrate more products other than Microsoft products. For example, Adobe and Google Chrome. You need to do a lot of manual intervention to cover all non-Microsoft products for patching at the moment. There are third parties working on these gaps in this solution.
The interface needs to be a little bit simpler. Right now, it's a bit hard to navigate with ease. The integration capabilities could be better. They need to expand this aspect of their product. The solution is a bit heavy on the sources such as RAM or CPU and the software needs to be a bit lighter. SCCM does not support Linux and Unix. That has been deprecated and is no longer there. It would be ideal if the solution came with more features supporting Mac, then it would be a better product.
It should provide the ability to remotely connect to mobile devices. There are some solutions that are doing that, but with Microsoft Intune, the only way to remotely connect to devices outside the organization and mobile devices is by using TeamViewer. It is pretty strange for a big company like Microsoft to not have something for that.
Sometimes the time it takes to find the fault is a bit too long. The resolution time needs to be shortened quite a bit. There are just some analysis errors that need to be cleared up quicker in general. Otherwise, data blocks and the firewall can be affected unnecessarily. The analysis is something that can be integrated. Their report analysis can be improved a little bit due to the fact that most of the time complaints policies are saved by the admins. It's something that we need to look into and search for. It would be nice if there was just a cohesive report of what was saved, etc.
Sr. System Admin at a manufacturing company with 501-1,000 employees
Real User
2020-12-16T09:44:04Z
Dec 16, 2020
Its client interface should be more accessible, and the notifications should be more customizable from the console. It should be more user friendly and have some kind of customized notifications so that we can use it on the client side. These are the reasons why we restricted its use only for the server environment and didn't use it on the client side.
System Engineer at a tech services company with 201-500 employees
MSP
2020-12-14T14:40:00Z
Dec 14, 2020
SCCM supports the Windows operating system well: however, there is minimal support for Mac and none for mobile devices. Organizations that do not just go with a single operating system, having the flexibility to support more operating systems and devices would be an added advantage. This would allow them to stand out from other products on the market.
Based on my experience with SCCM 2016, the main, big issue is not having a good user-friendly environment. It needs much better GUI. We had some problems configuring Linux virtual machines. We needed to install agents. Microsoft should pay more attention to these Linux virtual machines in order to make implementation with them easier.
Infrastructure, Technical Computing Applications at EQF Solutions
Real User
2020-10-30T19:55:28Z
Oct 30, 2020
There is no asset management package included. You have to buy that separately so we need to use another system to manage that. This is one of the biggest things that makes SCCM not as competitive as some other systems. If they had this functionality then their help desk software would be much better and much more useful. It is a little bit fat on the client-side, in terms of the stuff it leaves in place after the management is complete. It would be nice if they could pay attention to that, although we have a separate way of dealing with it.
Information Technology Lead at a construction company with 10,001+ employees
Real User
2020-10-06T06:57:43Z
Oct 6, 2020
The main SCCM lacks some things, which they incorporated into Microsoft Intune. When I evaluated these two products, one from VMware Workspace One and one from Microsoft, I found that there is something missing in SCCM, which is available and works very well in VMware Workspace One. SCCM should work to add these features into their service offering. For example, devices like smartphones and tablets are managed very well on VMware Workspace One, however, they are absent in SCCM. I could configure the iPad from the VMware Workspace One cloud and it was done very easily. It should be just as possible on SCCM.
Systems engineer - IT infrastructure management at a tech services company with 51-200 employees
Real User
2020-08-23T08:17:26Z
Aug 23, 2020
I can't think of any features that are lacking in the solution. It's quite complete, and a rather standard setup. If you want the best support, you need to pay for it. Otherwise, you may get less technical help.
We are okay with all the available features. In the future, we're looking for tighter integration with cloud solutions like Windows Intune. It is already there, however, it's still in need of some improvements. It's not straightforward in terms of the administration on offer. We'd like the solution to make it easier to manage remote users. It offers a very difficult cloud gateway when it comes to cloud management. The solution does need a lot of configuration and fine-tuning, so a company will need a dedicated person who's knowledgeable in the product to manage it. A few people complained that SCCM is very complex without CPS, depending on the SQL database, and when using SQL as a backend service. Sometimes updating the dashboard and getting the reports, can be slow. They're not getting an instant update on the database. That is where most of the customers tend to complain.
The main room for improvement is the on-screen display. I think it would be good if some improvements were made. Overall, as of now, it's sufficient for us. I don't have any scope of what new features would be needed for our company. I'm not sure if we require anything more. We are good with this product. If our companies move to the cloud or something, maybe we'll need additional features.
Not everything is readily available, and there are a lot of commands that are only executable via PowerShell. In this regard, the user interface could be improved. This is linked to how Microsoft designs the products: They release a product and a visual interface, but also provide PowerShell commandlets. This usually is in ratio of 30/70 (UI / PowerShell actions).
IT Assistant at a international affairs institute with 10,001+ employees
Real User
2019-05-30T08:12:00Z
May 30, 2019
I would like to see an agentless version of the solution. An agent-based system is one where every computer on the network has to have a client installed in order to be able to report on it or deploy to it. In the case of this solution, you need to have the SCCM agent installed on every computer. To me, that is a weakness because if you don't have the agents installed in some computers, then you cannot reach them for the deployment of software updates. An agentless system means that you don't need to have an agent installed on computers. You would simply sweep the network, see all live computers and deploy the updates be able to deploy updates. It is worth noting is that the installed agents open and run on specific ports in the computer. These may be used as launch pads for attacks; making your network more vulnerable to security breaches.
Senior Systems Engineer at a tech services company with 201-500 employees
MSP
2018-10-04T17:27:00Z
Oct 4, 2018
Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult.
Senior Systems Architect with 1,001-5,000 employees
Real User
2018-08-14T07:42:00Z
Aug 14, 2018
* The hardest thing about the software is getting people to sit down and learn all of the different features. * There is a third-party software which makes Right-Click Tools where you can right click to make actions happen on groups of computers. This software needs better instructions and documentation. It also needs to be easier to customize. * Our company would prefer not rebooting computers while people are using them. There seems to be no strategy behind it. * I would like Microsoft to buy Adaptiva and combine it with SCCM, then keep all the same features. That would be cool. * Marketing: Our management doesn't understand that there is a piece of software which helps them automate and manage the entire network, as far as operating systems on computers.
We run into little stuff all the time. There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. At least that tells us which ones didn't reboot, but before that got put in the 2018 version, it was really tough because management wanted a report of what patched and what wasn't, we couldn't give it to them. We went into the feedback site and added our feedback and voted on it. The reboot pending was a big step forward, but we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now. I would also love to be able to patch Linux servers. I would love that ability to be on one console and patch my environment. I know they're doing it with the Azure piece right. I saw that at Ignite last year, where they're looking to almost have SCCM as part of the cloud, and they will supposedly let you patch your Linux boxes from the cloud. Being a law firm, that is not going to happen for us. We are not cloud-friendly. Finally, their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. Our security really liked the idea of being able to get compliance reports themselves, on patching etc. However, it is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it or anything like that. That's all they said, "It's a known issue."
Principal Consultant at a tech services company with 11-50 employees
Real User
2018-08-09T06:47:00Z
Aug 9, 2018
The main thing is that SCCM has to become an appliance instead of a server. When I say appliance, it has to come preconfigured so that it is drop-shipped into the enterprise and then you activate the feature sets that you want. It should pull down all the latest binaries. Once that is all there, it should have a discovery tool which goes out and discovers the assets within an enterprise. If the server, workstation, and applications are all coming from the same vendor, why not have the vendor do this work for us and automate it as much as it possibly can? SCCM has the same DNA, it is coming from the same vendor. It does exactly what every other tool does, but since it is from Microsoft they should have thought about these things. SCCM should be an automated solution, an appliance. Drop-shipped into the organization, discovery should be automated. Inclusion should be automated. Portals should be within the product itself. And it must have a cloud component to it. It should automatically upload the metadata to the cloud so we can monitor it in the cloud at a very high security level.
Infrastructure Architect at a tech services company with 5,001-10,000 employees
Real User
2018-07-18T06:44:00Z
Jul 18, 2018
It would be of benefit if Configuration Manager could be connected/integrated with multiple Microsoft Intune subscriptions rather than just one (the current limit). I cannot think of any other improvements, as the product has been full-featured for any use we need to put it to, especially since the Current Branch releases.
IT System Administrator at Frank, Rimerman & Co
Real User
Top 20
2018-07-05T19:00:00Z
Jul 5, 2018
SCCM is a pretty great product already. It has benefited greatly from having been around since its original incarnation as Small Business Server 2003. It would be cool if the SCCM client had some PowerShell cmdlets built into it, as managing clients remotely can be a pain without knowing the WMI calls to run remotely. Also, continued development PowerShell integration with the console (which they have already started developing).
Microsoft Configuration Manager helps IT manage PCs and servers, keeping software up-to-date, setting configuration and security policies, and monitoring system status while giving employees access to corporate applications on the devices that they choose. When Configuration Manager is integrated with Microsoft Intune, you can manage corporate-connected PCs and Macs along with cloud-based mobile devices running Windows, iOS, and Android, all from a single management console.
New features of...
The solution does not support remote devices so CMG is still required.
It needs to be able to load faster during deployment and the new release could include this ability. This will allow us to deploy critical collections with over 50,000 to 60,000 users simultaneously.
SCCM can improve on third-party application support. The next features are coming through their newer solution Microsoft Intune or Microsoft Endpoint Configuration Manager (MECM).
Microsoft Endpoint Configuration Manager can improve by allowing us to schedule the scripts, we don't have a script scheduling option and have to do it manually.
Microsoft Endpoint Configuration Manager could improve the integration.
I think the asset management component, the TSM piece, could be improved. That would allow them to compete with other products. It's currently very basic and rudimentary because there are no other connectors such as PeopleSoft that you can get.
The configuration of Microsoft Endpoint Configuration Manager could be improved, it is a bit complicated.
I'm looking for a single solution for all discovery needs. It fulfills about 40% of the requirements, and I'd like to see the other 60% so that I don't have to keep doing this.
In terms of the monitoring, the timeframe it takes to actually report back on the compliance of a device after it has been patched is a bit too long. That could be better. Sometimes you could be looking at a screen and may take about five to 10 minutes before you get back the actual compliance status and that could be reduced. Having a cloud solution is better in a lot of ways. For the deployment of the operating system, with InTune and modern end-point management, you no longer have to image machines and waste a lot of hours. You no longer have your technicians spending four, five hours imaging machine sessions for drivers and things like that. You can make use of an autopilot, which reduces resources and can cut down the timeframe drastically. There's a lot of wins with the cloud technology that's coming forward, that enterprises and organizations can make use of.
One area of improvement is regarding the patching of Office 365 products. We have some difficulties on this side, and it can be improved. Their support should be improved. Mostly, when we are doing patches on Microsoft 365 clients, we need to escalate to Microsoft support. It takes a long time to get to someone in their support team who has good knowledge of the product. Their support at level one is not quite helpful and knowledgeable.
It would be better if reporting were more user-friendly. I would like to see an upgrade in the reporting structure in the next release. At the moment, you have to use an SQL query or configure it to pull reports through the graphical user interface. Their updates could be more regular. I think Mircosoft updates it every six months. They are also moving many things to Intune, and Microsoft decided to move the deployment solution there. I think SCCM is getting old, and Intune is new.
Cloud-based improvements need to be better managed than is currently the case.
I would like to see more automation.
Because of the way SCCM is, we are moving to the Intune platform similarly to the way that everybody else is. Microsoft is slowly migrating SCCM to the new Intune product for management. There are so many issues with SCCM, but they are already working on migrating the desktop to the intune platform. They have already improved the management and the patch management. They are also looking at cloud integration and being able to deploy it in Azure properly and run the Azure infrastructure. The main or legacy issue is not being able to do remote management of devices without being on a VPN to get their updates. It didn't work well on non-corporate networks. This has been resolved by the new Intune platform. It's Microsoft, they have their issues, but they are getting better. They are integrating it with their office products, and their platforms. In the next releases, I would like to see them make it easier to do remote sessions into the boxes. It would be nice to have everything in one place. Now they have Intune for the desktops and SCCM to handle their servers.
It wasn't very user-friendly. The reporting is not very good. It was hard to effectively manage with one person.
While the solution is quite good, it can be difficult to understand the logic of this product when it comes to software inventory. Upon examination of the on-premise and Azure environments, I feel that SCCM could be more flexible. While the issue of documentation is not exclusive to SCCM, it can be improved. When it comes to Microsoft Office suite, it is not always clear to where the articles have been moved and the use of a built-in searching giant to find their whereabouts is not always a possibility. When the article is moved to a new location, it can make it challenging to find what I deem to be useful or interesting.
I currently need to increase my compliance level in the patching processes which this solution could improve on. For this purpose, I am looking for another solution to perform more efficiently and to work faster to cover this part specifically. There should be more visibility to integrate more products other than Microsoft products. For example, Adobe and Google Chrome. You need to do a lot of manual intervention to cover all non-Microsoft products for patching at the moment. There are third parties working on these gaps in this solution.
The interface needs to be a little bit simpler. Right now, it's a bit hard to navigate with ease. The integration capabilities could be better. They need to expand this aspect of their product. The solution is a bit heavy on the sources such as RAM or CPU and the software needs to be a bit lighter. SCCM does not support Linux and Unix. That has been deprecated and is no longer there. It would be ideal if the solution came with more features supporting Mac, then it would be a better product.
It should provide the ability to remotely connect to mobile devices. There are some solutions that are doing that, but with Microsoft Intune, the only way to remotely connect to devices outside the organization and mobile devices is by using TeamViewer. It is pretty strange for a big company like Microsoft to not have something for that.
Sometimes the time it takes to find the fault is a bit too long. The resolution time needs to be shortened quite a bit. There are just some analysis errors that need to be cleared up quicker in general. Otherwise, data blocks and the firewall can be affected unnecessarily. The analysis is something that can be integrated. Their report analysis can be improved a little bit due to the fact that most of the time complaints policies are saved by the admins. It's something that we need to look into and search for. It would be nice if there was just a cohesive report of what was saved, etc.
Its client interface should be more accessible, and the notifications should be more customizable from the console. It should be more user friendly and have some kind of customized notifications so that we can use it on the client side. These are the reasons why we restricted its use only for the server environment and didn't use it on the client side.
SCCM supports the Windows operating system well: however, there is minimal support for Mac and none for mobile devices. Organizations that do not just go with a single operating system, having the flexibility to support more operating systems and devices would be an added advantage. This would allow them to stand out from other products on the market.
Based on my experience with SCCM 2016, the main, big issue is not having a good user-friendly environment. It needs much better GUI. We had some problems configuring Linux virtual machines. We needed to install agents. Microsoft should pay more attention to these Linux virtual machines in order to make implementation with them easier.
There is no asset management package included. You have to buy that separately so we need to use another system to manage that. This is one of the biggest things that makes SCCM not as competitive as some other systems. If they had this functionality then their help desk software would be much better and much more useful. It is a little bit fat on the client-side, in terms of the stuff it leaves in place after the management is complete. It would be nice if they could pay attention to that, although we have a separate way of dealing with it.
The main SCCM lacks some things, which they incorporated into Microsoft Intune. When I evaluated these two products, one from VMware Workspace One and one from Microsoft, I found that there is something missing in SCCM, which is available and works very well in VMware Workspace One. SCCM should work to add these features into their service offering. For example, devices like smartphones and tablets are managed very well on VMware Workspace One, however, they are absent in SCCM. I could configure the iPad from the VMware Workspace One cloud and it was done very easily. It should be just as possible on SCCM.
I'd like to see some cosmetic improvements on the user interface.
If you need to reboot the system during Windows Update, it can take a long time. The deployment process is lengthy and should be quicker to complete.
I would like to see Microsoft extend the coverage of the product to integrate better with other platforms beyond Windows.
I can't think of any features that are lacking in the solution. It's quite complete, and a rather standard setup. If you want the best support, you need to pay for it. Otherwise, you may get less technical help.
We are okay with all the available features. In the future, we're looking for tighter integration with cloud solutions like Windows Intune. It is already there, however, it's still in need of some improvements. It's not straightforward in terms of the administration on offer. We'd like the solution to make it easier to manage remote users. It offers a very difficult cloud gateway when it comes to cloud management. The solution does need a lot of configuration and fine-tuning, so a company will need a dedicated person who's knowledgeable in the product to manage it. A few people complained that SCCM is very complex without CPS, depending on the SQL database, and when using SQL as a backend service. Sometimes updating the dashboard and getting the reports, can be slow. They're not getting an instant update on the database. That is where most of the customers tend to complain.
The main room for improvement is the on-screen display. I think it would be good if some improvements were made. Overall, as of now, it's sufficient for us. I don't have any scope of what new features would be needed for our company. I'm not sure if we require anything more. We are good with this product. If our companies move to the cloud or something, maybe we'll need additional features.
The operations could be faster and you need some patience with this tool. I wish that sending media to remote distribution points was faster.
The cost of the product can be improved.
This solution needs to be supported on all Operating systems.
Not everything is readily available, and there are a lot of commands that are only executable via PowerShell. In this regard, the user interface could be improved. This is linked to how Microsoft designs the products: They release a product and a visual interface, but also provide PowerShell commandlets. This usually is in ratio of 30/70 (UI / PowerShell actions).
This solution should be simpler, and more consistent across modules/sections. Reporting and collection queries should be made easier to do.
I would like to see an agentless version of the solution. An agent-based system is one where every computer on the network has to have a client installed in order to be able to report on it or deploy to it. In the case of this solution, you need to have the SCCM agent installed on every computer. To me, that is a weakness because if you don't have the agents installed in some computers, then you cannot reach them for the deployment of software updates. An agentless system means that you don't need to have an agent installed on computers. You would simply sweep the network, see all live computers and deploy the updates be able to deploy updates. It is worth noting is that the installed agents open and run on specific ports in the computer. These may be used as launch pads for attacks; making your network more vulnerable to security breaches.
Sometimes it does not update the log files. It gives an error code, rather than giving the actual problem.
Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult.
* The hardest thing about the software is getting people to sit down and learn all of the different features. * There is a third-party software which makes Right-Click Tools where you can right click to make actions happen on groups of computers. This software needs better instructions and documentation. It also needs to be easier to customize. * Our company would prefer not rebooting computers while people are using them. There seems to be no strategy behind it. * I would like Microsoft to buy Adaptiva and combine it with SCCM, then keep all the same features. That would be cool. * Marketing: Our management doesn't understand that there is a piece of software which helps them automate and manage the entire network, as far as operating systems on computers.
We run into little stuff all the time. There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. At least that tells us which ones didn't reboot, but before that got put in the 2018 version, it was really tough because management wanted a report of what patched and what wasn't, we couldn't give it to them. We went into the feedback site and added our feedback and voted on it. The reboot pending was a big step forward, but we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now. I would also love to be able to patch Linux servers. I would love that ability to be on one console and patch my environment. I know they're doing it with the Azure piece right. I saw that at Ignite last year, where they're looking to almost have SCCM as part of the cloud, and they will supposedly let you patch your Linux boxes from the cloud. Being a law firm, that is not going to happen for us. We are not cloud-friendly. Finally, their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. Our security really liked the idea of being able to get compliance reports themselves, on patching etc. However, it is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it or anything like that. That's all they said, "It's a known issue."
The main thing is that SCCM has to become an appliance instead of a server. When I say appliance, it has to come preconfigured so that it is drop-shipped into the enterprise and then you activate the feature sets that you want. It should pull down all the latest binaries. Once that is all there, it should have a discovery tool which goes out and discovers the assets within an enterprise. If the server, workstation, and applications are all coming from the same vendor, why not have the vendor do this work for us and automate it as much as it possibly can? SCCM has the same DNA, it is coming from the same vendor. It does exactly what every other tool does, but since it is from Microsoft they should have thought about these things. SCCM should be an automated solution, an appliance. Drop-shipped into the organization, discovery should be automated. Inclusion should be automated. Portals should be within the product itself. And it must have a cloud component to it. It should automatically upload the metadata to the cloud so we can monitor it in the cloud at a very high security level.
It would be of benefit if Configuration Manager could be connected/integrated with multiple Microsoft Intune subscriptions rather than just one (the current limit). I cannot think of any other improvements, as the product has been full-featured for any use we need to put it to, especially since the Current Branch releases.
I would like to see some improvements in WSUS and control of other, non-Microsoft, product updates.
SCCM is a pretty great product already. It has benefited greatly from having been around since its original incarnation as Small Business Server 2003. It would be cool if the SCCM client had some PowerShell cmdlets built into it, as managing clients remotely can be a pain without knowing the WMI calls to run remotely. Also, continued development PowerShell integration with the console (which they have already started developing).