Microsoft Intune (formerly Microsoft Endpoint Manager), combining the capabilities of the former Microsoft System Center Configuration Manager, SCCM or ConfigMgr, is presented as a unified endpoint management option. Microsoft Intune is an endpoint management solution for mobile devices, an MDM solution that allows the user to securely manage iOS, Android, Windows, and macOS devices with a single endpoint management solution. The component Endpoint Configuration Manager (the…
Microsoft Intune is more robust as far as fine-tuning security controls. It also allows for software installs, folder access controls, updating PCs, and other features simply not found in previous products we have used. Because it is rolled into MS 365 it's very cost …
GFI Lan Guard system is not user-friendly. GFI Lan Guard does not produce laptop/computer images in one place and its asset management is not very good. System Center Configuration Manager was built for asset management and therefore able to provide robust inventory management. S…
I inherited an already existing environment system center. My previous experience was using WSUS. Microsoft System Center Configuration Manager does still use WSUS but it is a far more robust and complete solution for managing and reporting on all your PCs. Our Microsoft …
Microsoft System Center Configuration manager was always selected because it combines several standalone solutions provided by other vendors. Has great integration with all Microsoft services including Azure. Being an enterprise standard level product, you can expect that your …
There are plenty of other server solutions out there which may be better suited for certain tasks, but Windows Server is the way to get a Windows environment going. For simple setups, there are many alternatives, but often there are key features lacking, or a restriction on …
Windows Server has become one of the industry standards for providing file and directory services for the majority of users because of the ease with which it interacts with the common desktop OS, as opposed to needing to provide esoteric support for users to be able to work …
Microsoft Intune is well suited for the larger end of the small business segment to the enterprise. The ability to configure and remotely deploy computer configurations, control mobile devices, and fine tune security controls of each device or device group is a major win for this product. Smaller and mid-sized businesses may balk at having to increase their license level to unlock the better updating features.
Windows Server and Active Directory is very robust and stable, it has been a staple in every IT environment I have worked in during my career. Junior to Intermediate admins can learn Windows Server easily, the user interfaces make administration tasks very easy as well as the documentation available through a vast amount of resources. There are other Operating Systems available with no GUI which has a smaller attack surface, faster update installation and reboot time. Windows Server does have the ability to remove the desktop experience, however it is not something I have had experience with and I believe most administrators choose not to remove it.
[Microsoft Endpoint Manager (Microsoft Intune + SCCM)] helps to speed up the deployment of patches/software throughout our environment. I can easily build a package and then deploy across all endpoints.
The ability to supercede software is also quite handy. This automates the removal of old versions and replacing them with newer versions.
The Intune Autopilot option is very useful if you want to deploy software to devices straight out of the box. You can configure them to download software when a user opens a new PC and turns it on for the first time.
Deploying more apps besides Microsoft Edge and Microsoft Office 365 app
Microsoft needs to make it easier to deploy exe, pkg, and msi apps without having to go through the manual process of re-packaging these apps using tools from github like intuneapputil
Add a feature to push out software updates for 3rd party apps
Microsoft needs to minimize the update frequency by making the product more secure. It can become very exhausting trying to keep updated if you don't have a dedicated support team. It can become challenging where the business is unable to allow downtime for reboots as part of the update process.
Prone to security and audit vulnerabilities.
The operating system needs more CPU and memory resources compared to other options such as Linux.
Understanding the licensing model can be abit confusing.
Comes with a standard firewall, but not the most secured one available. Would suggest using a more secured firewall as part of your antivirus software.
Due to the number of vulnerabilities and the operating system being a target for hackers, anti-virus software is a must.
Mascom Wireless is a Microsoft shop and SCCM has proved to be helpful in keeping our Microsoft products up to date every month without fail. We also have a Microsoft Enterprise Agreement which we renewed for three years ending 2022. The remote access utility works wonders for the organisation and have saved travel bills including subsistance allowance. We have been able to fulfill security audits both internal and external. We have been able to keep a robust inventory of our computer assets and nothing falls of the cracks
I've carefully reviewed the servers and services currently running on Windows Server 2012, and given the opportunity would renew them as is going forward. There are two systems I currently have in place, one is a very large Linux implementation for a large ecommerce site, and one is a very large backup solution front ended by FTP servers running Linux. Neither are well suited for Windows, but the overall network infrastructure is and will be Windows Server for the foreseeable future.
The console is not intuitive and does not work well often. Due to the complexity of the product, documentation can be confusing. When properly configured, routine tasks like OS deployment, remote control, and software deployment are easy to do. Troubleshooting of System Center Configuration Manager issues is hard, as there are various logs, and their content can be hard to understand.
Anyone new to IT could easily use the familiar Desktop Experience (GUI) version because we all know how to use Windows, whether a client or server version. Once an IT user is more comfortable with the operating system, they can move on to the Core version, which is the way to go in almost all situations.
It's a 'heavy' system, which demands a lot of resources form the datacenter perspective. So, make sure you followed the requirements to avoid frustration in the future. From the 'client' perspective, it's fine. I've never had any issue with that.
We have not needed to seek support for this product in the time that we have used it thus far. It's been working really well, and have not had any major issues. Being that it's a Microsoft product, it goes without saying that there will be many support options available if needed. This includes phone, web, forums, KB articles, etc. There is even comprehensive documentation that is available on the web through Microsoft's website for use of the product.
Microsoft's support is hugely wide-ranging from articles online to having to contact them directly for the more serious issues. In recent years when I have contacted them directly, I have found the support o be excellent as I have found myself connected to very knowledgeable people in the field in which I needed the support. The online support available is vast and I tend to find most of the time that there is always someone out there who has had the same issue as me in the past and knows something about how to resolve it! This is the advantage of using industry standard and long-established systems such as Windows Server.
Work with a "test group" of users who you have a good relationship with so that when things don't work properly they understand! Work with your partner nicely without forcing things especially timelines as you are bound to make mistakes and create oversights in the project Management can also interfere with the implementation (which can cause delays) if you make too many mistakes which takes me back to having a "test group" where you have good relations
Make sure that you have detailed processes in place for every server instance you plan to install/upgrade, if possible get the base OS loaded and Windows Updates applied ahead of time, and if using a VM take a snapshot prior to installing each role, as well as along the way.
We did not evaluate or use other products like Microsoft Endpoint Manager (Microsoft Intune + SCCM). The main reason we did not evaluate or use other products is because Microsoft Endpoint Manager (Microsoft Intune + SCCM) integrates seamlessly with Microsoft 365 and Windows PCs. Expenses would have increased as well if we had purchased another similar product.
They are different experiences, and while the other solutions offer enterprise-grade stability and, in some cases, address Windows server shortcomings (such as patching), they all do the trick, but the other solutions require a deeper technical background/configuration of items at the command line, which some people are not fully comfortable with.
In our current environment, this System Center Configuration Manager had replaced several standalone solutions for patching, imaging, remote assistance, reporting, etc. That saved a lot of time and resulted in money to manage the IT infrastructure.
Once SCCM is deployed and fully configured, all agents are deployed and it is easy to automate a lot of processes and just control them from time to time to make sure that everything is working as supposed to be.
SCCM + Windows 10: great built-in endpoint protection solution. As a result, there is no need to buy additional software for that purpose.
The imaging process is better compared to WDS because you can modify deployment packages and apply patches to a newly imaged machine. This saves tons of time for new employees deployment.
