Please share with the community what you think needs improvement with SCCM.
What are its weaknesses? What would you like to see changed in a future version?
The operations could be faster and you need some patience with this tool. I wish that sending media to remote distribution points was faster.
The cost of the product can be improved.
This solution needs to be supported on all Operating systems.
Not everything is readily available, and there are a lot of commands that are only executable via PowerShell. In this regard, the user interface could be improved. This is linked to how Microsoft designs the products: They release a product and a visual interface, but also provide PowerShell commandlets. This usually is in ratio of 30/70 (UI / PowerShell actions).
This solution should be simpler, and more consistent across modules/sections. Reporting and collection queries should be made easier to do.
I would like to see an agentless version of the solution. An agent-based system is one where every computer on the network has to have a client installed in order to be able to report on it or deploy to it. In the case of this solution, you need to have the SCCM agent installed on every computer. To me, that is a weakness because if you don't have the agents installed in some computers, then you cannot reach them for the deployment of software updates. An agentless system means that you don't need to have an agent installed on computers. You would simply sweep the network, see all live computers and deploy the updates be able to deploy updates. It is worth noting is that the installed agents open and run on specific ports in the computer. These may be used as launch pads for attacks; making your network more vulnerable to security breaches.
Sometimes it does not update the log files. It gives an error code, rather than giving the actual problem.
Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult.
* The hardest thing about the software is getting people to sit down and learn all of the different features. * There is a third-party software which makes Right-Click Tools where you can right click to make actions happen on groups of computers. This software needs better instructions and documentation. It also needs to be easier to customize. * Our company would prefer not rebooting computers while people are using them. There seems to be no strategy behind it. * I would like Microsoft to buy Adaptiva and combine it with SCCM, then keep all the same features. That would be cool. * Marketing: Our management doesn't understand that there is a piece of software which helps them automate and manage the entire network, as far as operating systems on computers.
The main thing is that SCCM has to become an appliance instead of a server. When I say appliance, it has to come preconfigured so that it is drop-shipped into the enterprise and then you activate the feature sets that you want. It should pull down all the latest binaries. Once that is all there, it should have a discovery tool which goes out and discovers the assets within an enterprise. If the server, workstation, and applications are all coming from the same vendor, why not have the vendor do this work for us and automate it as much as it possibly can? SCCM has the same DNA, it is coming from the same vendor. It does exactly what every other tool does, but since it is from Microsoft they should have thought about these things. SCCM should be an automated solution, an appliance. Drop-shipped into the organization, discovery should be automated. Inclusion should be automated. Portals should be within the product itself. And it must have a cloud component to it. It should automatically upload the metadata to the cloud so we can monitor it in the cloud at a very high security level.
We run into little stuff all the time. There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. At least that tells us which ones didn't reboot, but before that got put in the 2018 version, it was really tough because management wanted a report of what patched and what wasn't, we couldn't give it to them. We went into the feedback site and added our feedback and voted on it. The reboot pending was a big step forward, but we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now. I would also love to be able to patch Linux servers. I would love that ability to be on one console and patch my environment. I know they're doing it with the Azure piece right. I saw that at Ignite last year, where they're looking to almost have SCCM as part of the cloud, and they will supposedly let you patch your Linux boxes from the cloud. Being a law firm, that is not going to happen for us. We are not cloud-friendly. Finally, their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. Our security really liked the idea of being able to get compliance reports themselves, on patching etc. However, it is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it or anything like that. That's all they said, "It's a known issue."
It would be of benefit if Configuration Manager could be connected/integrated with multiple Microsoft Intune subscriptions rather than just one (the current limit). I cannot think of any other improvements, as the product has been full-featured for any use we need to put it to, especially since the Current Branch releases.
I would like to see some improvements in WSUS and control of other, non-Microsoft, product updates.
SCCM is a pretty great product already. It has benefited greatly from having been around since its original incarnation as Small Business Server 2003. It would be cool if the SCCM client had some PowerShell cmdlets built into it, as managing clients remotely can be a pain without knowing the WMI calls to run remotely. Also, continued development PowerShell integration with the console (which they have already started developing).