The time the solution takes for updating systems could be quicker. For example, the system information status is not updating as it should. Additionally, the database synchronization querying is slow and could be improved. 

We'd like additional data related to security and the configurations of the hardware. 

On some hardware, we'd like an easier way to get peripherals attached. 

Regarding this, I'd like to mention the agent situation. When the agent on an end-user device is not functioning correctly, it can be quite problematic. It would be highly beneficial if there were a self-healing mechanism in place. Essentially, if the agent becomes corrupted or encounters issues, it should be able to rectify itself autonomously. This is particularly critical because, in order to utilize a tool like MECM (assuming you're referring to Microsoft System Center Configuration Manager), we need to deploy agents, known as AsMs, on all the devices we use, such as Windows 10 or Windows Server. Sometimes, when we deploy configurations or updates, they don't apply properly due to agent issues. This issue has been present since we began using MECM around 23 years ago. Unfortunately, there is currently no built-in mechanism for the agent to detect its own problems and initiate self-repair.

Microsoft doesn’t have any feature to scan vulnerabilities and hence, they could include those.

• The hardest thing about the software is getting people to sit down and learn all of the different features.
• There is a third-party software which makes Right-Click Tools where you can right click to make actions happen on groups of computers. This software needs better instructions and documentation. It also needs to be easier to customize.
• Our company would prefer not rebooting computers while people are using them. There seems to be no strategy behind it.
• I would like Microsoft to buy Adaptiva and combine it with SCCM, then keep all the same features. That would be cool.
• Marketing: Our management doesn't understand that there is a piece of software which helps them automate and manage the entire network, as far as operating systems on computers.

Microsoft Endpoint Manager has incompatibility issues with some Linux versions and most of our programmers are using Linux operating systems. This creates a challenge for administrators in terms of managing the Linux operating system. For example, Fedora and Kali Linux are two of the most popular Linux distributions among developers, and so policies need to be fine-tuned to work properly on these systems. The solution should be more compatible with different versions of Linux. 

Microsoft is already pushing users towards Intune, as opposed to SCCM. It's on the roadmap for them. It's inevitable. SCCM will be on Endpoint Manager in the future. I would say nothing needs to be changed.

The solution is on-premises. The cloud version of the product, if a person needs to be on the cloud, would be InTune, which already exists as an option. SCCM doesn't need to offer cloud features for this reason.

While SCCM offers robust features for application management, we don't currently use it for device inventory and asset management purposes. For these tasks, we rely on a separate inventory management system.

There is room for improvement in one of the areas. Sometimes there are different compartments and problems with the web server, which makes it difficult to identify performance issues. Here, more tools configuration may be needed to address this. However, there are manual logs available for all modules and configuration actions.

There is one feature that is not present, which is antivirus monitoring. I would like to see this feature in the next release and also the integration of the module of monitoring of configuration directly into the configuration concept, to avoid having separate scopes for communication and configuration engineering. This would eliminate the need for multiple dashboards available for managers on the platform.

The reports are too busy. They could be simpler. I'm a technician, so I don't care how pretty the reports look. They should be easy to read. I'm designing this for production folks. They need to read the reports quickly when they're patching in the middle of the night.

Some of the capabilities aren't fully developed yet. It's an ongoing work in progress. I think they are making some steps in the right direction as far as managing workstations centrally, like Intune. 

The solution can be improved with the addition of a mobile device manager.

The tool's deployment is complex and depends on the architecture you want to implement. 

The assets have reached their end-of-life, and patching them is a complex and laborious task. It would be highly advantageous if there were an integrated solution that provided distinct options for each end-of-life asset, streamlining the process and facilitating comprehension.

Microsoft Endpoint Configuration Manager could improve the integration.

One area of improvement is regarding the patching of Office 365 products. We have some difficulties on this side, and it can be improved.

Their support should be improved. Mostly, when we are doing patches on Microsoft 365 clients, we need to escalate to Microsoft support. It takes a long time to get to someone in their support team who has good knowledge of the product. Their support at level one is not quite helpful and knowledgeable.

I think the asset management component, the TSM piece, could be improved. That would allow them to compete with other products. It's currently very basic and rudimentary because there are no other connectors such as PeopleSoft that you can get.

There are several challenges regarding MECM worth mentioning.

With MECM, you can't deploy packages remotely for end users who are working from home, unless you pass them through Intune with an Azure tenant. After initiating a VPN connection, the remote machine will contact Intune in order to retrieve packages, scripts, etc.

Intune is a great solution for managing devices but it is expensive because you also have to buy an Azure service called CMG (Cloud Management Gateway). CMG works as an intermediary between your on-premises MECM server and remote end users, via email authentication, but it can be difficult to integrate with MECM and costly.

There are also some limitations of Intune, such as the inability to deploy operating systems the traditional way via task sequences, making it such that we have to use Autopilot to deploy operating systems. Though, with Intune and Autopilot you can deploy what you have on-premises, including GPO strategies for local endpoints and general endpoint configurations. 

It is important to note that MECM by itself can only manage Microsoft devices, despite how Intune can be used alongside it to manage multiple platforms (e.g. Android / Apple devices).

Finally, there is a steep learning curve when it comes to administration. A lot of experience is needed in terms of troubleshooting, as this is one of the most difficult tasks in MECM. We were seven people in a group and I was the only one that had the patience to do the troubleshooting at times. If we have a problem with a certain feature in MECM, we need to observe the log, reading and analyzing, to discover the problem. 

I think managing Linux devices could be improved. It would help our colleagues and other departments like the dev opps, who only use Linux machines to quickly patch their VMs.

It would be better if automation options were available. For example, in Nexthink or SysTrack, there is an analytical tool. Creating dashboards would be very easy if you implement the same thing in Microsoft. That report will be a daily cost to the customers and good revenue for our organization. The price also could be better.

In the next release, we need to include some features like tables, dashboards, surveys, services, and metrics in the dashboard. Whatever we are implementing will be downloaded by a report. Apart from the report, we will telecast from the dashboard. It's very easy to compare, and it will be easy to telecast to the end-users.

SCCM can improve on third-party application support.

The next features are coming through their newer solution Microsoft Intune or Microsoft Endpoint Configuration Manager (MECM).

SCCM is a pretty great product already. It has benefited greatly from having been around since its original incarnation as Small Business Server 2003. It would be cool if the SCCM client had some PowerShell cmdlets built into it, as managing clients remotely can be a pain without knowing the WMI calls to run remotely. Also, continued development PowerShell integration with the console (which they have already started developing).

The tool's deployment is difficult. Microsoft needs to improve documentation with videos. 

The product needs to improve scalability. 

SCCM should strive to enhance the accuracy of its reporting functions in order to avoid any issues with incorrect or inaccurate data.

Microsoft could supply an installation guide to make setup easier.

The support could improve.

I'm looking for a single solution for all discovery needs. It fulfills about 40% of the requirements, and I'd like to see the other 60% so that I don't have to keep doing this.

I currently need to increase my compliance level in the patching processes which this solution could improve on. For this purpose, I am looking for another solution to perform more efficiently and to work faster to cover this part specifically.

There should be more visibility to integrate more products other than Microsoft products. For example, Adobe and Google Chrome. You need to do a lot of manual intervention to cover all non-Microsoft products for patching at the moment. There are third parties working on these gaps in this solution. 

There should probably be better remote support. They should also continue to improve on patch management, patching, and creating or turning products in software into deployable apps.

We are okay with all the available features.

In the future, we're looking for tighter integration with cloud solutions like Windows Intune. It is already there, however, it's still in need of some improvements. It's not straightforward in terms of the administration on offer. 

We'd like the solution to make it easier to manage remote users.

It offers a very difficult cloud gateway when it comes to cloud management.

The solution does need a lot of configuration and fine-tuning, so a company will need a dedicated person who's knowledgeable in the product to manage it.

A few people complained that SCCM is very complex without CPS, depending on the SQL database, and when using SQL as a backend service. Sometimes updating the dashboard and getting the reports, can be slow. They're not getting an instant update on the database. That is where most of the customers tend to complain. 

The solution can be improved by speeding up the synchronizing of the policies on the devices. Technical support can benefit from shortened response times and making sure all of the support team are at par with their knowledge regarding the solution.

The downside of Microsoft Endpoint Configuration Manager is it's an on-premise-based solution. With the pandemic coming on board the need to support users across the globe has increased. For a while, we would use the in-built Microsoft Teams screen sharing feature but the disadvantage of that is you cannot perform privileged access. Microsoft does not give you access to that. That's where you need cloud-based tools, such as BeyondTrust or Freshservice.

There are many aspects of this solution that can be improved, such as security.

The integration could be better with other software packages.

In terms of the monitoring, the timeframe it takes to actually report back on the compliance of a device after it has been patched is a bit too long. That could be better. Sometimes you could be looking at a screen and may take about five to 10 minutes before you get back the actual compliance status and that could be reduced.

Having a cloud solution is better in a lot of ways. For the deployment of the operating system, with InTune and modern end-point management, you no longer have to image machines and waste a lot of hours. You no longer have your technicians spending four, five hours imaging machine sessions for drivers and things like that. You can make use of an autopilot, which reduces resources and can cut down the timeframe drastically. There's a lot of wins with the cloud technology that's coming forward, that enterprises and organizations can make use of.

It needs to be able to load faster during deployment and the new release could include this ability. This will allow us to deploy critical collections with over 50,000 to 60,000 users simultaneously.

It would be better if reporting were more user-friendly. I would like to see an upgrade in the reporting structure in the next release. At the moment, you have to use an SQL query or configure it to pull reports through the graphical user interface. 

Their updates could be more regular. I think Mircosoft updates it every six months. They are also moving many things to Intune, and Microsoft decided to move the deployment solution there. I think SCCM is getting old, and Intune is new. 

Cloud-based improvements need to be better managed than is currently the case. 

The ability to integrate MDM would be great.

Based on my experience with SCCM 2016, the main, big issue is not having a good user-friendly environment. It needs much better GUI. 

We had some problems configuring Linux virtual machines. We needed to install agents. Microsoft should pay more attention to these Linux virtual machines in order to make implementation with them easier.

We run into little stuff all the time. There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. At least that tells us which ones didn't reboot, but before that got put in the 2018 version, it was really tough because management wanted a report of what patched and what wasn't, we couldn't give it to them.

We went into the feedback site and added our feedback and voted on it. The reboot pending was a big step forward, but we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now.

I would also love to be able to patch Linux servers. I would love that ability to be on one console and patch my environment. I know they're doing it with the Azure piece right. I saw that at Ignite last year, where they're looking to almost have SCCM as part of the cloud, and they will supposedly let you patch your Linux boxes from the cloud. Being a law firm, that is not going to happen for us. We are not cloud-friendly.

Finally, their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. Our security really liked the idea of being able to get compliance reports themselves, on patching etc. However, it is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it or anything like that. That's all they said, "It's a known issue."

I would like to see some improvements in WSUS and control of other, non-Microsoft, product updates.

The tool's deployment can be cumbersome. 

The solution does not support remote devices so CMG is still required. 

They should improve their anti-malware policies like the SCEP policies. For instance, you can't have different policies for different servers, there is only one policy in all the servers, and everything is covered under that. 

For example, say you want to scan one group of servers on Saturday, and then you want to scan another group of servers on Sunday, you can't do that. You have to scan all your servers, a regular scan or a full scan, on the same day and at the same time. That's definitely one thing they need to resolve. 

In the next release, it would actually be nice if they included Apple products. It will also help if you can use Intune again. Their compliance reporting feature could also be better. They can maybe work a bit on that for patching now.

It would be better if SCCM came with the functions of Right Click Tools built-in. If SCCM would have all those functions already built-in, we won't have to go and spend $5,000, just as an add-in from another company to get those functions.

It is a bit of an old and outdated product.

The cloud would have been the best improvement and already Microsoft is looking into it. They are moving into the cloud and all it will make the product better. There's a roadmap in place, from what I understand. We'll move ahead toward whatever Microsoft decided to deploy.

The solution is mainly used for client management and software deployment. However, there maybe should be a more self-service experience. Microsoft may be addressing it in their cloud-native solutions, as currently a lot of administrative tasks are still needed. Automation would be helpful in those cases. If they could add more automation, that would be ideal.

While the solution is quite good, it can be difficult to understand the logic of this product when it comes to software inventory.

Upon examination of the on-premise and Azure environments, I feel that SCCM could be more flexible.

While the issue of documentation is not exclusive to SCCM, it can be improved. When it comes to Microsoft Office suite, it is not always clear to where the articles have been moved and the use of a built-in searching giant to find their whereabouts is not always a possibility. When the article is moved to a new location, it can make it challenging to find what I deem to be useful or interesting. 

The interface needs to be a little bit simpler. Right now, it's a bit hard to navigate with ease.

The integration capabilities could be better. They need to expand this aspect of their product.

The solution is a bit heavy on the sources such as RAM or CPU and the software needs to be a bit lighter.

SCCM does not support Linux and Unix. That has been deprecated and is no longer there. 

It would be ideal if the solution came with more features supporting Mac, then it would be a better product.

There is no asset management package included. You have to buy that separately so we need  to use another system to manage that. This is one of the biggest things that makes SCCM not as competitive as some other systems. If they had this functionality then their help desk software would be much better and much more useful.

It is a little bit fat on the client-side, in terms of the stuff it leaves in place after the management is complete. It would be nice if they could pay attention to that, although we have a separate way of dealing with it.

Microsoft Endpoint Configuration Manager can improve by allowing us to schedule the scripts, we don't have a script scheduling option and have to do it manually. 

The solution could improve the functionality for automating, license management. Additionally, more and better-looking reports are needed.

The App to upgrades to the server needs to be improved.

I'd like to see some cosmetic improvements on the user interface. 

This solution needs to be supported on all Operating systems.

I would like to see an agentless version of the solution. An agent-based system is one where every computer on the network has to have a client installed in order to be able to report on it or deploy to it. In the case of this solution, you need to have the SCCM agent installed on every computer. To me, that is a weakness because if you don't have the agents installed in some computers, then you cannot reach them for the deployment of software updates.

An agentless system means that you don't need to have an agent installed on computers. You would simply sweep the network, see all live computers and deploy the updates be able to deploy updates. It is worth noting is that the installed agents open and run on specific ports in the computer. These may be used as launch pads for attacks; making your network more vulnerable to security breaches.

Because of the way SCCM is, we are moving to the Intune platform similarly to the way that everybody else is. Microsoft is slowly migrating SCCM to the new Intune product for management.

There are so many issues with SCCM, but they are already working on migrating the desktop to the intune platform. They have already improved the management and the patch management. They are also looking at cloud integration and being able to deploy it in Azure properly and run the Azure infrastructure.

The main or legacy issue is not being able to do remote management of devices without being on a VPN to get their updates. It didn't work well on non-corporate networks. This has been resolved by the new Intune platform.

It's Microsoft, they have their issues, but they are getting better. They are integrating it with their office products, and their platforms.

In the next releases, I would like to see them make it easier to do remote sessions into the boxes.

It would be nice to have everything in one place. Now they have Intune for the desktops and SCCM to handle their servers.

I think that some improvements would be appreciated on application package deployment for whom that has not a deep scripting ability like me.

SCCM is an high CPU/memory conuming application and so it would be fine that Microsoft could improve performances.

I would like to see more automation.

I think SCCM can improve whatever details they shared with the integration partner. There was a lot of junk software and data. There should be flexibility to allow us to extract the data we require. In other words, the flexibility of accepting the specific data that we are looking for.

I want the system to provide some dependency relations. For example, you have a laptop, and you start working on it. If I can be informed that you're using the laptop at work, other machines that are dependent on this laptop will be able to provide that dependency relationship. I would like to see the relationship between different machines.

For a small-scale industry, the storage capacity is good. However, the performance and storage capacity could be better.

The database should be made to be more stable and robust, but not so much the configuration.

I am not sure if it is just bad administration and maintenance, but it fails quite a lot.

For me, it's the database, or maybe it's the maintenance overhead. It could be that it requires a lot of maintenance. If you don't maintain it, things could go wrong, this is my assumption.

Its client interface should be more accessible, and the notifications should be more customizable from the console. It should be more user friendly and have some kind of customized notifications so that we can use it on the client side. These are the reasons why we restricted its use only for the server environment and didn't use it on the client side.

The main SCCM lacks some things, which they incorporated into Microsoft Intune. When I evaluated these two products, one from VMware Workspace One and one from Microsoft, I found that there is something missing in SCCM, which is available and works very well in VMware Workspace One. SCCM should work to add these features into their service offering.

For example, devices like smartphones and tablets are managed very well on VMware Workspace One, however, they are absent in SCCM. I could configure the iPad from the VMware Workspace One cloud and it was done very easily. It should be just as possible on SCCM.

The main room for improvement is the on-screen display. I think it would be good if some improvements were made.

Overall, as of now, it's sufficient for us. I don't have any scope of what new features would be needed for our company. I'm not sure if we require anything more. We are good with this product. If our companies move to the cloud or something, maybe we'll need additional features.

Not everything is readily available, and there are a lot of commands that are only executable via PowerShell. In this regard, the user interface could be improved.

This is linked to how Microsoft designs the products: They release a product and a visual interface, but also provide PowerShell commandlets. This usually is in ratio of 30/70 (UI / PowerShell actions).

This solution should be simpler, and more consistent across modules/sections.

Reporting and collection queries should be made easier to do.

The main thing is that SCCM has to become an appliance instead of a server.

When I say appliance, it has to come preconfigured so that it is drop-shipped into the enterprise and then you activate the feature sets that you want. It should pull down all the latest binaries. Once that is all there, it should have a discovery tool which goes out and discovers the assets within an enterprise. If the server, workstation, and applications are all coming from the same vendor, why not have the vendor do this work for us and automate it as much as it possibly can?

SCCM has the same DNA, it is coming from the same vendor. It does exactly what every other tool does, but since it is from Microsoft they should have thought about these things.

SCCM should be an automated solution, an appliance. Drop-shipped into the organization, discovery should be automated. Inclusion should be automated. Portals should be within the product itself. And it must have a cloud component to it. It should automatically upload the metadata to the cloud so we can monitor it in the cloud at a very high security level.

The configuration of Microsoft Endpoint Configuration Manager could be improved, it is a bit complicated.

It wasn't very user-friendly.

The reporting is not very good.

It was hard to effectively manage with one person.

It should provide the ability to remotely connect to mobile devices. There are some solutions that are doing that, but with Microsoft Intune, the only way to remotely connect to devices outside the organization and mobile devices is by using TeamViewer. It is pretty strange for a big company like Microsoft to not have something for that.

Sometimes the time it takes to find the fault is a bit too long. The resolution time needs to be shortened quite a bit. There are just some analysis errors that need to be cleared up quicker in general. Otherwise, data blocks and the firewall can be affected unnecessarily.

The analysis is something that can be integrated. Their report analysis can be improved a little bit due to the fact that most of the time complaints policies are saved by the admins. It's something that we need to look into and search for. It would be nice if there was just a cohesive report of what was saved, etc. 

Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult.

I can't think of any features that are lacking in the solution. It's quite complete, and a rather standard setup.

If you want the best support, you need to pay for it. Otherwise, you may get less technical help.

Sometimes it does not update the log files. It gives an error code, rather than giving the actual problem.

If you need to reboot the system during Windows Update, it can take a long time.

The deployment process is lengthy and should be quicker to complete.

The operations could be faster and you need some patience with this tool. I  wish that sending media to remote distribution points was faster.

It would be of benefit if Configuration Manager could be connected/integrated with multiple Microsoft Intune subscriptions rather than just one (the current limit).

I cannot think of any other improvements, as the product has been full-featured for any use we need to put it to, especially since the Current Branch releases.

I would like to see Microsoft extend the coverage of the product to integrate better with other platforms beyond Windows.  

SCCM supports the Windows operating system well: however, there is minimal support for Mac and none for mobile devices. Organizations that do not just go with a single operating system, having the flexibility to support more operating systems and devices would be an added advantage. This would allow them to stand out from other products on the market.

The cost of the product can be improved.