We just raised a $30M Series A: Read our story

Microsoft Endpoint Configuration Manager OverviewUNIXBusinessApplication

Microsoft Endpoint Configuration Manager is the #1 ranked solution in our list of top Configuration Management tools. It is most often compared to Ansible: Microsoft Endpoint Configuration Manager vs Ansible

What is Microsoft Endpoint Configuration Manager?

Microsoft Endpoint Configuration Manager (MECM, formerly SCCM or System Center Configuration Manager) is a software management suite that allows users to manage large numbers of Windows-based computers and servers.

Configuration Manager features software distribution, operating system deployment, remote control, network protection, security management, patch management, and hardware and software inventory, among other services. It allows you to set configuration and security policies, keep your software up-to-date, and monitor your system status while giving your employees access to corporate applications on whatever devices they choose.

Configuration Manager allows you to manage computers using macOS, Windows UNIX, or Linux, and mobile devices running iOS, Windows, or Android operating systems. It can be integrated with Microsoft Intune, allowing you to manage computers connected to a corporate network.

With Configuration Manager, you can manage PCs and servers, keeping software up-to-date, setting configuration and security policies, and monitoring system status while giving your employees access to corporate applications on the devices that they choose.

Benefits and Features

  • Proactively manage all device life cycles, starting from purchase all the way to retirement.
  • Automatically deploy software as well as printers to devices, using a common software library.
  • Deploy upgrades and patches to your operating system.
  • Ensure that all devices are patched, encrypted, and secured in compliance with security best practices.
  • Provide mobile device management functionality, which includes the ability to reboot and/or lock devices remotely.
  • Provide end users with “self-service” so that they can update machines when it is convenient for them.

Reviews from Real Users:

Users of MECM like that it is stable and flexible. Patching is one of its most useful features, although users cite many other features as useful as well. One user stated that "It does what you need it to do, and it's a one-stop-shop for the company and for all your deployments." Overall, “the entire solution, from end to end, is excellent.

Microsoft Endpoint Configuration Manager is also known as System Center Configuration Manager, SCCM .

Microsoft Endpoint Configuration Manager Buyer's Guide

Download the Microsoft Endpoint Configuration Manager Buyer's Guide including reviews and more. Updated: October 2021

Microsoft Endpoint Configuration Manager Customers

Bank Alfalah Ltd., Wªrth Handelsges.m.b.H, Dimension Data, Japan Business Systems, St. Lucie County Public Schools, MISC Berhad

Microsoft Endpoint Configuration Manager Video

Archived Microsoft Endpoint Configuration Manager Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
LT
ITA at Tata Consultancy Services
Real User
Facilitates compliance through the simplification of OSD and Patching

What is our primary use case?

Our primary uses for this solution are packaging, imaging, and patching.

How has it helped my organization?

This solution has made life easy with respect to patching, compliance, and OSD. With SCCM 2012 and SCCM 2016, it allowed users to install non-licensed products when required.

What is most valuable?

The most valuable features of this solution are Package deployment, Software Center, OSD Creation with Task sequence, and Patching.

What needs improvement?

This solution needs to be supported on all Operating systems.

For how long have I used the solution?

We have been using this solution for five years.

What is our primary use case?

Our primary uses for this solution are packaging, imaging, and patching.

How has it helped my organization?

This solution has made life easy with respect to patching, compliance, and OSD.

With SCCM 2012 and SCCM 2016, it allowed users to install non-licensed products when required.

What is most valuable?

The most valuable features of this solution are Package deployment, Software Center, OSD Creation with Task sequence, and Patching.

What needs improvement?

This solution needs to be supported on all Operating systems.

For how long have I used the solution?

We have been using this solution for five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IB
User at Toyota Boshoku America
Real User
Helps us with deploying operating systems and applications in our organization

Pros and Cons

  • "This has made the management of our environment easier."
  • "Not everything is readily available, and there are a lot of commands that are only executable via PowerShell."

What is our primary use case?

We use this solution for implementing System CenterConfigMgr in our organization, and for standardization.

How has it helped my organization?

This has made the management of our environment easier.

What is most valuable?

The most valuable features of this solution are the OSD and application deployments, and it also automates updates.

What needs improvement?

Not everything is readily available, and there are a lot of commands that are only executable via PowerShell. In this regard, the user interface could be improved.

This is linked to how Microsoft designs the products: They release a product and a visual interface, but also provide PowerShell commandlets. This usually is in ratio of 30/70 (UI / PowerShell actions).

For how long have I used the solution?

Four years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Microsoft Endpoint Configuration Manager. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,823 professionals have used our research since 2012.
RD
Systems Admin, SCCM Admin at National Instruments
Real User
Imaging and automated patching help to maintain security and uniformity in our environment

Pros and Cons

  • "This solution helps us by automating the patching of our system."
  • "This solution should be simpler, and more consistent across modules/sections."

What is our primary use case?

We use this solution because we need to manage patching and system provisioning.

How has it helped my organization?

This solution helps us by automating the patching of our system. We are able to standardize our Windows configuration, and models are supported through imaging.

What is most valuable?

The most valuable features of this solution are:

  • Imaging - standardized Windows builds
  • Software deployment - deploying updates and automating the installation of software
  • Patch deployment - increased security
  • Reporting - better view of our environment for decision making

What needs improvement?

This solution should be simpler, and more consistent across modules/sections.

Reporting and collection queries should be made easier to do.

For how long have I used the solution?

Five years
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PW
IT Assistant at a international affairs institute with 10,001+ employees
Real User
Graphical reporting is informative and easy to use, but an agentless version is needed

Pros and Cons

  • "The most valuable feature is the graphical-based reports of software updates that have been successful, the ones that have failed, and a summary of where the failures are what security breaches may occur."
  • "I would like to see an agentless version of the solution."

What is our primary use case?

This solution is used for vulnerability management. Our primary use case is for software updates, including ad-hoc and monthly updates, as well as security patches.

How has it helped my organization?

The whole purpose of vulnerability management is to help with mitigating any security threats that could be within the network. So this solution has helped because it is very valuable to have an overview of which devices and networks are not up to date, or have failed to update with a specific software update deployment.

A specific example is related to malware by the name of Coinminer. It is used by intruders to remotely mine cryptocurrency, using your computer resources. It consumes your computer's CPU and memory. By putting this solution in place and ensuring that the latest security patches are installed, you are no longer vulnerable to this virus. Your computer operates at an optimal speed.

In summary, you maintain security and the best performance of your systems.

What is most valuable?

The most valuable feature is the graphical-based status reports of software updates; showing successful and failed deployments. This gives you a quick overview of vulnerable computers that expose your network to risks of a security breach.

What needs improvement?

I would like to see an agentless version of the solution. An agent-based system is one where every computer on the network has to have a client installed in order to be able to report on it or deploy to it. In the case of this solution, you need to have the SCCM agent installed on every computer. To me, that is a weakness because if you don't have the agents installed in some computers, then you cannot reach them for the deployment of software updates.

An agentless system means that you don't need to have an agent installed on computers. You would simply sweep the network, see all live computers and deploy the updates be able to deploy updates. It is worth noting is that the installed agents open and run on specific ports in the computer. These may be used as launch pads for attacks; making your network more vulnerable to security breaches.

For how long have I used the solution?

More than ten years.

What do I think about the stability of the solution?

This is a stable solution. They release regular updates and upgrades, and they keep enhancing the features. I have not had any bugs that I would say were a challenge.

What do I think about the scalability of the solution?

This solution is very scalable. As your network becomes bigger, you're able to accommodate more computers in terms of deploying the updates that you need to.

How are customer service and technical support?

Microsoft technical support is fairly good, and I would rate them eight out of ten. They try to act promptly, but there are two issues that cause delays. The first is related to the difference in time zones, and the second comes about from the different levels of support licensing.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup for this solution is straightforward. It is a Microsoft-based product, and they usually have startup wizards. It is graphical, and the process of installation is self-explanatory. It is easy, even for a new user.

The initial setup, depending on whether it is a server and what tests have to be done, might take about two hours.

Once running, the time required for the deployment of updates varies depending on how many computers you are deploying to. If you have, say two thousand computers, then it will take approximately a week for all of them to be fully updated. This also depends on how regularly the computers are online. In cases where systems are frequently offline, it will take even longer. Once they come online, they get the deployment and update.

The first priority after installing the software is to gather all of the end-user devices. Make sure that they are all covered and up to date all of the time.

One IT administrator is enough to deploy and maintain this solution.

What about the implementation team?

We handled the implementation and deployment ourselves.

What's my experience with pricing, setup cost, and licensing?

The licensing is good because they have various options, depending on what you are looking for. There are one-year up-to three-year license contracts.

Which other solutions did I evaluate?

We did not evaluate options other than this one, from Microsoft. It is our company policy to run on Microsoft SCCM.

What other advice do I have?

Since this solution is agent-based, computers without the agent cannot be reached on the network. In addition, non-Microsoft products are not supported. So if you have a mix of platforms like Linux and Mac OS, you'd be better off looking for an agentless solution and not SCCM.

Security is one of the big problems with Microsoft products, but usability is equally good. 

I would rate this product a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
VA
Software Engineer at NathCorp
Real User
a good choice for deployment that performs very well

Pros and Cons

  • "It is a good choice for deployment that performs very well."
  • "The setup was complex and I faced a lot of problems initially because I was new to the solution."

What is our primary use case?

We use it for deployment purposes, for all managing all the devices and patching. It has performed very well.

How has it helped my organization?

The benefits of SCCM is that in the deployment, we can deploy one like machine with it without an alias, it also gets the management capability of all devices that are dispatched or not.

What is most valuable?

It deploys all the bare metals using PXE and it gathers all of the information of the device using a discovery, whatever it is in the domain and we can schedule the deployment according to our need. It's a flexible tool. 

It has many features. It generates our reports as well, provides compliance reports, monitors the dashboard and now it has the Cloud Management Gateway. It's awesome! 

In addition, there are improvements. There are new features like App-V and Core Management. The Core Management allows us to move to the cloud as well as with our own premises infrastructure. It can manage the Internet Appliance without exposing the infrastructure to the cloud.

What needs improvement?

Sometimes it does not update the log files. It gives an error code, rather than giving the actual problem.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

The stability is good. 

What do I think about the scalability of the solution?

The scalability is good.

Which solution did I use previously and why did I switch?

We only use SCCM and MDT. I really do not have experience with anything else.

How was the initial setup?

The setup was complex and I faced a lot of problems initially because I was new to the solution.

What other advice do I have?

If you need only deployment purposes, and no management capability, then use MDT also. And if you want to deploy many devices and manage those devices, then go for SCCM.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DA
Senior Systems Architect with 1,001-5,000 employees
Real User
It saves a lot of money when you can install things automatically and they are installed the exact same way on every computer

Pros and Cons

  • "It saves a lot of money when you can install things automatically and they are installed the exact same way on every computer."
  • "Our company would prefer not rebooting computers while people are using them. There seems to be no strategy behind it."
  • "Marketing: Our management doesn't understand that there is a piece of software which helps them automate and manage the entire network, as far as operating systems on computers."

What is our primary use case?

We primarily use it for deploying software and software updates, such as monthly Microsoft updates. We also deploy images and collect our computers' inventory (in regards to what software is being installed) along with their configuration. 

I have been using the product for approximately 22 years, when it was still called SMS. My first product version was SMS 1.1.

How has it helped my organization?

We have two different categories of software:

  1. The software for everybody.
  2. The limited license software upon request.

This product provides us with time savings during installation. Because of SCCM, the limited license software can be installed within four hours of request.

What is most valuable?

  • The inventory information
  • Ability to track configurations
  • Installing software
  • Automating a lot of tasks which would have been done manually.

It saves a lot of money when you can install things automatically and they are installed the exact same way on every computer. 

  1. It saves time because you don't have somebody sitting down and installing it.
  2. When they are all installed the exact same way, if there is a problem, the solution which works for one computer will work for all the computers. A lot of times you can use SCCM to fix the problem as long as you keep things consistent. This is the biggest cost saver which alleviates a lot of manual effort.

What needs improvement?

  • The hardest thing about the software is getting people to sit down and learn all of the different features.
  • There is a third-party software which makes Right-Click Tools where you can right click to make actions happen on groups of computers. This software needs better instructions and documentation. It also needs to be easier to customize.
  • Our company would prefer not rebooting computers while people are using them. There seems to be no strategy behind it.
  • I would like Microsoft to buy Adaptiva and combine it with SCCM, then keep all the same features. That would be cool.
  • Marketing: Our management doesn't understand that there is a piece of software which helps them automate and manage the entire network, as far as operating systems on computers.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The stability on SCCM is fine. However, we are still on Windows 7 with some computers on Windows 10, neither is better nor different with SCCM. 

It seems as if SCCM will only work if the WMI Database and its health on a computer is working properly. If it breaks, then the SCCM client doesn't work. It's not a function of SCCM because the WMI Database is part of the Windows operating system. The SCCM client relies on the Windows OS, but something will break on its own (anywhere from one to five percent of the computers), and we are always chasing this down.

What do I think about the scalability of the solution?

We have only one primary site server for the entire agency in all our different sites across all the computers. Adaptiva does all our heavy lifting as far as moving data across the network. Thus, our scalability is fine.

How are customer service and technical support?

Their tech support is usually good. The times when the problem was with the software, the tech support was good. They were able to figure out what the problem was. Then, sometimes the problem was on my end, and it might have taken a little longer to figure out what the problem was because they have this mind set of, “There is a problem with the software,” without realizing that the problem was on my end. However, it goes both ways. Sometimes they assume the problem was me when the problem was the software. That has happened a few times, but now-a-days, I can get through quickly and say, “I know what this is. I need to talk to a higher level person.”

There are a lot of resources on the internet, like mailing lists, forums, Facebook groups, etc. For any other product, there is very little community support.

Which solution did I use previously and why did I switch?

Before 1996, I wrote my own management program out of scripts.

How was the initial setup?

You need to have a database and have your server and drives configured in a certain way. You should know what your WAN links are, if you have WAN links, and the number of computers which will be used. In this sense, it is complex to set up because you need to know a lot of stuff going into it, and gathering that information can sometimes be difficult. If you are just talking about running the installer and typing in that information, that part of the process has always been easy.

What's my experience with pricing, setup cost, and licensing?

SCCM comes with its own version of SQL Server. If you use that SQL Server with SCCM and don't use it for another applications than you get an SQL Server for free. This option was available a few years ago, I assume it still is around.

Which other solutions did I evaluate?

Over the years, I have used BigFix and WinINSTALL. I have also used Unix and package managers, like Chocolatey.

What other advice do I have?

If an organization is more than 95% Windows, then SCCM is the best choice because Microsoft makes the best software to manage their own software.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
BK
Senior Systems Engineer at a tech services company with 201-500 employees
Real User
There is a faster time to rollout. If we get a new PC, it can be ready for productivity right away.

Pros and Cons

  • "There is a faster time to rollout. If we get a new PC, it can be ready for productivity right away."
  • "Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult."

What is our primary use case?

It's mainly end-point management, right imaging, patching,and third-party application.

How has it helped my organization?

There is a faster time to rollout. If we get a new PC, they can get in there and be ready to be productive right away, so I would say that would be the biggest improvement.

What is most valuable?

They have built-in Windows 10 servicing model, and all that, so it makes it easier to bring in upgrades.

What needs improvement?

Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult.

For how long have I used the solution?

One to three years.

Which solution did I use previously and why did I switch?

One quarter of our company still uses BigFix, and we are currently trying to determine whether we should switch everyone to SCCM.

How was the initial setup?

It is straightforward. I am currently setting up a new version, and it is easy because we have the existing infrastructure.

What was our ROI?

Do your research, make sure you know what you're getting into with it, and make sure that it fits your needs.

What's my experience with pricing, setup cost, and licensing?

Overall, I think it's fine. It's pretty much in-line because there are ways to offset it with the Office 365 licensing.

What other advice do I have?

They are very aggressive with the feature steps that they're adding right, so every 6 months they come out with a bunch of new features, so I like that.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RT
Solutions Architect with 1,001-5,000 employees
Real User
Enables us to set up schedules, according to security needs, to automate server and desktop patching

Pros and Cons

  • "With the SCCM inventory, we found a lot of rogue applications. We were able to identify them, find out who was running them, and either put them on our application list or remove them."
  • "It gives us the ability to set up schedules, according to what our security requirements are, to automate the patching of our servers and desktops."
  • "What's valuable is the basic management of the systems, being able to control who can access the systems."
  • "You can remote control or RDP. That has been the most valuable because we can go into one console and can get to anything we want. Instead of going to all these different consoles, we centralized everything."
  • "There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. But we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now."
  • "Their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. It is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it."
  • "There's no way to say, "I want this maintenance window to be on the second Tuesday of the month." It's strict. This window is this and that's it. You can't fluctuate."
  • "As far as load balancing across, they don't have that support yet, so that you can actually build multiple primaries and have it load balance across. They don't have any of that functionality yet. That would be a nice feature, to scale that way."

What is our primary use case?

Systems management, inventory, pushing out deployment, and patching. It has multiple purposes.

How has it helped my organization?

It helped our internal IT get ahold of all the applications that we are actually running out there. With the SCCM inventory, we found a lot of rogue applications. We were able to identify them, find out who was running them, and either put them on our application list or remove them.

One of our goals with the patching of systems was to automate it so we wouldn't have to manually push out patches anymore. It gave us the ability to set up schedules, set up all the groups and collections and, according to what our security requirements are, to automate the patching of our servers and desktops. Everybody knows now exactly what days it will happen and what is going to get patched, on a schedule. That was a huge culture shift.

What is most valuable?

What's valuable is the basic management of the systems, being able to control who can access the systems.

You can remote control or RDP. That has been the most valuable because we can go into one console and can get to anything we want. Instead of going to all these different consoles, we centralized everything. That's the big one that we really are enjoying, that we have a central console for everything.

What needs improvement?

We run into little stuff all the time. There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. At least that tells us which ones didn't reboot, but before that got put in the 2018 version, it was really tough because management wanted a report of what patched and what wasn't, we couldn't give it to them.

We went into the feedback site and added our feedback and voted on it. The reboot pending was a big step forward, but we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now.

I would also love to be able to patch Linux servers. I would love that ability to be on one console and patch my environment. I know they're doing it with the Azure piece right. I saw that at Ignite last year, where they're looking to almost have SCCM as part of the cloud, and they will supposedly let you patch your Linux boxes from the cloud. Being a law firm, that is not going to happen for us. We are not cloud-friendly.

Finally, their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. Our security really liked the idea of being able to get compliance reports themselves, on patching etc. However, it is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it or anything like that. That's all they said, "It's a known issue."

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We've had no stability problems at all. Things have been running great for a year, we haven't had any real issues with the system itself. We've had to tweak some things like everybody does, some registry keys here and there, but there has not been a stability problem at all.

What do I think about the scalability of the solution?

It scales, but it gets expensive. If you're looking to do - and this is something I hear they're changing in one of the future versions - built-in HA, high-availability, right now you have to use Microsoft clustering. So you have to buy Microsoft clustering to make it highly available. 

As far as load balancing across, they don't have that support yet, so that you can actually build multiple primaries and have it load balance across. They don't have any of that functionality yet. That would be a nice feature, to scale that way. The way they have designed SCCM is to put the load in the offices. You put secondary sites out there where you put DPs on the sites and they pull from the local site, not from across the LAN. That helps with the load, it doesn't really hit the primary server.

How are customer service and technical support?

We had to escalate our issue because you always get that person at first-level support who reads off a script. Then, after a couple hours, you say, "Escalate this." Once we got to the second person, we were able to figure our issues out. I would rate tech support at seven out of 10, based on our experience.

Which solution did I use previously and why did I switch?

We used ZENworks for years. I used to work for Novell, so I was biased toward it too. We switched because we weren't sure where they were going. With Novell going away, Micro Focus taking over, and somebody taking over the whole umbrella corporation, we had no idea. They couldn't give us a real roadmap out for a long period of time. We were a little worried about being on a product that might not be around in five years.

We had no problems with ZENworks. It was fine, we loved it, but we were worried about the future.

How was the initial setup?

I did a lot of research before I set it up. I watched a lot of YouTube videos, talked to Microsoft, demos, etc. I did enough homework so that when we set it up it was pretty simple. You just have to understand the SCCM infrastructure and how it works. If you don't understand that it might be confusing when you first install it. You have to understand your primary site, your secondary site, your distribution points and how they work, so you know how to set it up correctly.

After that, installing it was easy. Just understanding what connects to what. What has to go first, what has to go second, what services you need installed and set up, and how to set them up. Once you do your research on that it is pretty simple. But if you go in blind, I can see how it could be rather difficult.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing are a downside of SCCM. It's expensive. I'd have to confirm this, but I think they changed the licensing to core-based instead of socket-based. It's not cheap, because you have to buy the software, you have to buy SQL. Another thing we learned from talking to Microsoft is that they provide you a license for SQL if you run it on the same box as the primary server. If you run it outside that box, you have to buy SQL. Microsoft does recommend you running it on the same box because of performance. But then, in order to run SQL, SCCM, and everything on the same box, you better have some resources.

It's an expensive solution. There's no doubt about it.

Which other solutions did I evaluate?

We looked at some small-time vendors, third-party stuff. No major names. There was one that we looked at that was really small and it actually seemed pretty powerful. It was called PDQ. But it turned out to be more for small business than enterprise-ready. 

The only enterprise solutions we came across were SCCM, ZENworks, and BigFix from IBM. Even though BigFix did Linux, it did everything, the price point was really expensive. It was something that wasn't even in our ballpark, and they didn't seem to want to deal with us.

We were already on ZENworks and we knew how it worked. We knew everything about it, but again, we didn't know its future. When it came down to having discussions with our team, myself, and other architects, we decided the more we keep with a single solution - we are mainly a Microsoft shop, Windows on the desktop, and mostly Microsoft servers - the more we keep the stack together. That's why we went with SCCM.

What other advice do I have?

Do your homework. Understand the basics of it, how it works between services. When you go to install it's going to ask you specific questions, and you might not know what the question is unless you did your homework ahead of time.

Microsoft offers architectural sessions. Right before we installed it, we went to Microsoft and they sat down with us and did a session with us to understand how to architect it, how do design it. I would definitely advise doing that. I don't know who they offer it to, but that was very helpful. We met with their architects at Microsoft and they helped us understand how to architect it.

I give SCCM an eight out of 10. It's powerful. It's not a 10 because it has little bugs here and there. It has little issues that are annoying. For example, you may want to do something on a maintenance window. There's no way to say, "I want this maintenance window to be on the second Tuesday of the month." It's strict. This window is this and that's it. You can't fluctuate. There are little intricacies that are a little annoying. Sometimes we find the flexibility is not there in certain circumstances.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JS
Principal Consultant at a tech services company with 11-50 employees
Real User
It should be a much more automated solution, although the application deployment can do wonders

Pros and Cons

  • "With the right administrator, application deployment can do wonders."
  • "The main thing is that SCCM has to become an appliance instead of a server. When I say appliance, it has to come preconfigured so that it is drop-shipped into the enterprise and then you activate the feature sets that you want. It should pull down all the latest binaries. Once that is all there, it should have a discovery tool which goes out and discovers the assets within an enterprise. If the server, workstation, and applications are all coming from the same vendor, why not have the vendor do this work for us and automate it as much as it possibly can?"

What is our primary use case?

  • Application deployment
  • Software metering
  • Batching

How has it helped my organization?

There tons of ways it has improved our organization, especially when you tie SCCM in with cloud-based tools like Intune. You can have global 24/7 coverage and purview off your workloads. When you are outside of the network, it still is covered by Intune's policies and procedures. That's the main value that we see now.

What is most valuable?

Application deployment is the most congenial tool we have seen. With the right administrator, it can do wonders.

What needs improvement?

The main thing is that SCCM has to become an appliance instead of a server.

When I say appliance, it has to come preconfigured so that it is drop-shipped into the enterprise and then you activate the feature sets that you want. It should pull down all the latest binaries. Once that is all there, it should have a discovery tool which goes out and discovers the assets within an enterprise. If the server, workstation, and applications are all coming from the same vendor, why not have the vendor do this work for us and automate it as much as it possibly can?

SCCM has the same DNA, it is coming from the same vendor. It does exactly what every other tool does, but since it is from Microsoft they should have thought about these things.

SCCM should be an automated solution, an appliance. Drop-shipped into the organization, discovery should be automated. Inclusion should be automated. Portals should be within the product itself. And it must have a cloud component to it. It should automatically upload the metadata to the cloud so we can monitor it in the cloud at a very high security level.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It is stable. We haven't experienced crashes for the last four or five years. Since Windows Server 2012, crashes are literally nonexistent.

What do I think about the scalability of the solution?

No issues with scalability.

How are customer service and technical support?

Tech support is horrible, but that's expected from any big-box company.

Which solution did I use previously and why did I switch?

We used to use a third-party company which, unfortunately, went out of business. The solution was beautiful. But that was something like 10 or 15 years back. It was gobbled up by BigFix and they completely reduced it to garbage. Literally, there was nothing to look at.

How was the initial setup?

We are very knowledgeable about SCCM so for us it takes an hour or two, at the most, to set up. For other people, it may be complicated, but for us, setup is the least of our concerns.

What about the implementation team?

We evaluated BigFix. Again, I'm talking about 10 years back. It was garbage. We evaluated NetIQ at the time but it was complete fluff.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing are horrible. You have to not look at dollar value to use SCCM. It's super-duper expensive but it works. The acquisition cost is expensive, it's labor-intensive. But it works.

What other advice do I have?

There is no advice anybody can give on SCCM. Everybody has to go through their journey. It's like giving birth. There's no advice. It works. But you have to deliver yourself.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Keith Williams
Infrastructure Architect at a tech services company with 5,001-10,000 employees
Real User
Automates operating system, application, and update deployments

Pros and Cons

  • "Automation of operating system, application, and update deployments massively reduces IT operations effort."
  • "It would be of benefit if Configuration Manager could be connected/integrated with multiple Microsoft Intune subscriptions rather than just one (the current limit)."

What is our primary use case?

Primary use case is for Windows Desktop Operating System configuration management, primarily for fully automated operating system deployment. We use it for additional Microsoft operating system and application update delivery and malware reporting for 300 laptops/desktops distributed across eight international locations. We also use it for configuration management and update management for Windows Server operating systems.

How has it helped my organization?

Configuration Manager has standardised updating and application delivery across the organisation.

What is most valuable?

  • Automation of operating system, application, and update deployments - Massively reduces IT operations effort.
  • Desired configuration management – Enables identifying undesirable changes to corporate computer equipment and desktop applications.
  • Configuration reporting - Reduces the effort involved in annual software inventory and meets any ad-hoc computer reporting needs.

What needs improvement?

It would be of benefit if Configuration Manager could be connected/integrated with multiple Microsoft Intune subscriptions rather than just one (the current limit).

I cannot think of any other improvements, as the product has been full-featured for any use we need to put it to, especially since the Current Branch releases.

For how long have I used the solution?

More than five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Head of Department for IT Services at a government with 201-500 employees
Real User
Streamlines migration of existing desktop computers and user profiles to new machines

What is our primary use case?

Our Windows environment has about 100 servers, Windows 2012/2016, and more than 500 desktop and laptop computers with Windows 7/10. We use SCCM 2012 mainly for installing and deployment of images for new operating systems on end-user computers, for application management, distribution of new applications, software and hardware inventory, remote assistance, application virtualization and, of course, for software updates on servers and workstations.

How has it helped my organization?

It has improved distribution and the migration of existing desktop computers and user profiles to new machines.

What is most valuable?

Excellent reports for compliance, status of updates, and software metering.

What needs improvement?

I would like to see some…

What is our primary use case?

Our Windows environment has about 100 servers, Windows 2012/2016, and more than 500 desktop and laptop computers with Windows 7/10.

We use SCCM 2012 mainly for installing and deployment of images for new operating systems on end-user computers, for application management, distribution of new applications, software and hardware inventory, remote assistance, application virtualization and, of course, for software updates on servers and workstations.

How has it helped my organization?

It has improved distribution and the migration of existing desktop computers and user profiles to new machines.

What is most valuable?

Excellent reports for compliance, status of updates, and software metering.

What needs improvement?

I would like to see some improvements in WSUS and control of other, non-Microsoft, product updates.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Curtis Wright
IT System Administrator at Frank, Rimerman & Co
Real User
Top 20
Essential in maintaining WSUS updates, and allows our team to reimage a computer within an hour

Pros and Cons

  • "Valuable features include configurations enforcement, compliance data gathering, and deployment of a standardized OS."
  • "Built in PowerShell cmdlets would be a nice feature because managing clients remotely can be a pain without knowing the WMI calls to run."

What is our primary use case?

We use System Center Configuration Manager (SCCM) to manage workstations and servers in our Windows environment. We are primarily a Windows-only environment, which is what SCCM is designed to manage. It uses WMI underlying technology to ensure that it is compatible with all versions of Windows, from Windows XP to Windows 10. We use it to manage our Windows workstations and Servers. We use SCCM to do many things, like deploy operating systems, deploy applications, configure settings, gather compliance data, enforce software patching and run reports for software installations information.

We do not use it to do Mobile Device Management, though it does have that capability.

It does not manage products outside of Microsoft operating systems, so this product would be for Microsoft-heavy businesses.

How has it helped my organization?

Using SCCM allows our team to reimage a computer within an hour and have it ready to deploy to a user in less than a day. If we get a new workstation model, we can easily add drivers to the server and it will be compatible with our image. We can count on images and workstations having a specific configuration and having it enforced. It allows us to spend less time doing manual work and more time helping users. It also gives us good business intelligence through its reporting features.

What is most valuable?

  • Deployment of a standardized operating system
  • Application deployment to all domain machines
  • Configurations enforcement
  • Compliance data gathering

Ensuring configuration integrity across the domain is essential for maintaining an environment, so SCCM helps our company enforce a uniform configuration. SCCM’s ability to deploy applications to maintain updates and up-to-date software is also essential. Many vendors will not support end users if we are not on the latest software release, so this allows the IT department to control application versions and deployments. SCCM is also essential in maintaining WSUS updates, as those are a challenge to enforce as well.

What needs improvement?

SCCM is a pretty great product already. It has benefited greatly from having been around since its original incarnation as Small Business Server 2003. It would be cool if the SCCM client had some PowerShell cmdlets built into it, as managing clients remotely can be a pain without knowing the WMI calls to run remotely. Also, continued development PowerShell integration with the console (which they have already started developing).

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Improperly set security settings can lead to console performance issues. SCCM client issues are also inevitable. We recently had to diagnose and fix downloading issues caused by older BranchCache issues with the old client. Otherwise, the client and server are very stable.

What do I think about the scalability of the solution?

No. SCCM has the ability to be as big or as small as needed by the business. It can be used by businesses ranging from single office companies to massive international corporations.

How are customer service and technical support?

N/A. SCCM is one of the most popular products on the market, so there are LOTS of online help articles for almost any problem you will have. I have never contacted their support because it's expensive, and I am stubborn and like to figure out problems myself.

Which solution did I use previously and why did I switch?

N/A

How was the initial setup?

The initial setup takes planning and careful consideration. It will also take input from your networking team, as it will take some router configuration to get PXE booting working. The overall design of the SCCM servers needs to be considered as well, as you can't change the big picture structure later. You have to decide if you want only a primary site or if you want a central administration hub with primary sites reporting to it, so it will take planning to setup.

Configuring the groups, collections, boundaries, and server roles takes time as well. It will also take an understanding of the business's needs and will require IT helpdesk input to be most effective.

Configuring applications and settings takes a bit less time once you have the underlying infrastructure setup, but SCCM doesn't really help you discover install commands outside of MSI or APPX packages. To be fair, there's not much they can do, but a technician will need to be aware of that.

What about the implementation team?

I implemented it, so in-house. 

What's my experience with pricing, setup cost, and licensing?

Microsoft has affordable pricing for Small to Medium Businesses, and it comes with many SMB packages already. It is worth investing in these, because the returns in automation and environmental integrity pay back the cost.

Which other solutions did I evaluate?

N/A

What other advice do I have?

SCCM is a fantastic solution whose use is only limited by your creativity. Since it allows you to use PowerShell or VBScript to configure settings or execute procedures, a technician can make the any system do what they would like, provided they know how to do it programmatically. It can be a bit of a challenge to setup, configure, and maintain, but once you do, it will benefit you greatly. It is a complicated, complex product, so there is a learning curve, but that complexity is intrinsically linked to its ability to be a powerful tool. If setup improperly, SCCM can wipe out entire environments (don’t make an OS a required task sequence to all computers, for instance), but that is difficult to do.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
IT Senior System Engineer, Data Integrity and IT Pharma Automation systems migration consultant at a tech services company with 51-200 employees
Real User
Top 20
SCCM 2012 R2 SP1 - Very good product

What is most valuable?

The best features that I really appreciated are software and application pushing, Microsoft patching with Wsus integration, O.S. deployment with PXE (with driver installation, latest patches and customization), mobile management with Intune Connector, file inventory on pcs, users statistic usage about applications, hardware and software inventory.

How has it helped my organization?

We had the opportunity to easily manage Microsoft patching deployment with Wsus role installed or maintaining Wsus infrastructure separated from SCCM.

In this latter case we created properly GPO and script to push patch centrally and with appropriate scheduling. At the same time mobile management with MDM ability and encrypting as well, software and application pushing and updating overriding security concerns and O.S. deployment was some of the top features that we really appreciated.
I appreciated Distribution points on the cloud and ability to publish on demandapplications for users groups.

In this case users could choose from software list to automatically install some missing application without asking directly to IT team.

What needs improvement?

I think that some improvements would be appreciated on application package deployment for whom that has not a deep scripting ability like me.

SCCM is an high CPU/memory conuming application and so it would be fine that Microsoft could improve performances.

For how long have I used the solution?

I started utilizing SMS 2003 since 9 years ago, since 4 years ago I managed and directed differentsmigration projects and zero installations on corporate companies with CAS, Primary and Secondary Sites.

At the same time I utilized this product during daily operations like reporting, software pushing, Microsoft patching, mobile managemen with satisfaction

What was my experience with deployment of the solution?

You should consider that this product is particularly complex and delicate at the same time and so, the most difficult thing, was related to find causes of any installation delay or misconfiguration

What do I think about the stability of the solution?

About stability I did not find any particular problem.

When I got some problems on internet is quite easy to find consistent answers.

What do I think about the scalability of the solution?

The only thing that I did not appreciated it was the case that, if you do not have CAS, you can install only one primary sites and all other sites could be only secondary sites.

This problem could be solved installing CAS later but about secondary site upgrade I am not aware that they can be automatically updated to primary site without uninstallation and re-installation.

How are customer service and technical support?

Customer Service:

Customer service is very good.

Technical Support:

Technical support is very good and there are a lot of documentation on internet to help you on deployment/usage too.

Which solution did I use previously and why did I switch?

I utilized for a while PDQ, spiceworks and psexec too but they are not caomparable with wide SCCM options/features.

How was the initial setup?

The first setup was quite complex but primarily due to wide capabilities of the product itself that need time to be customized.

What about the implementation team?

It was implemented by an in-house team coordinated and managed from me.

What was our ROI?

In my opinion SCCM SP1 is great.

What's my experience with pricing, setup cost, and licensing?

Setup and licensing was quite expensive as well at start up stage. When all procedures have been implemented like collections, application and packages, wsus automatically deployment, O.S preparation, mobile management policies, reporting day by day, time to be spent to manage it would be more limited but, considering the importance and quantity of activity done from SCCM it would be normal to have a lot of hours daily spent from a team to utilize this product (obviously it would depends on company too)

Which other solutions did I evaluate?

PDQ, Spiceworks, psexec, GPO, scripting…

What other advice do I have?

SCCM is really great but you must consider that you will take a lot of time to manage it entirely.

You should consider that this product would be, in the future, more and more strategic for companies about security concerns, task automation and for your CV too.

I have a lot of guide and screenshot as well:

http://www.alessandromazzanti.com/search/label/SCCM%202012

Here is my blog link:

http://www.alessandromazzanti.com/

https://www.linkedin.com/in/mazzanti

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Microsoft Endpoint Configuration Manager Report and get advice and tips from experienced pros sharing their opinions.