A close to perfect MDM solution
First off let me clarify my product review only covers Microsoft Intune now called Microsoft Endpoint Manager. I used it to manage all of …
Microsoft Endpoint Manager (Microsoft Intune + SCCM)
Top Rated
Microsoft Endpoint Manager (Microsoft Intune + SCCM)
Overview
Reviews
Reviewer Pros & Cons
View all pros & cons
Joe Aldeguer
IT Director
Society of American Florists (Non-profit Organization Management, 11-50 employees)
Mark McCully
Senior Network Administrator
University HealthSystem Consortium (Hospital & Health Care, 1001-5000 employees)Pricing
View all pricingMicrosoft 365 Business Basic
$5
On Premise
per user/per month
Microsoft 365 For Individuals
$6.99
On Premise
per month
Microsoft 365 Apps
$8.25
On Premise
per user/per month
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Features Scorecard
No scorecards have been submitted for this product yet.Start a Scorecard.
Product Details
What is Microsoft Endpoint Manager (Microsoft Intune + SCCM)?
Microsoft Endpoint Manager, combining the capabilities of the former Microsoft System Center Configuration Manager, SCCM or ConfigMgr with the mobile device management application Microsoft Intune, is presented as a unified endpoint management option.
The former Microsoft Intune is an endpoint management solution for mobile devices, an MDM solution that allows the user to securely manage iOS, Android, Windows, and macOS devices with a single endpoint management solution.
The component Endpoint Configuration Manager (the former SCCM) is a system monitoring and management platform that can be deployed as an agent, via the cloud, or on-premises. It can manage systems across OS types (Windows, Mac, Linux), as well as multiple environments, including servers, virtual environments, and mobile devices from a single management console, and supports scaling capabilities, such as future application delivery.
The former Microsoft Intune is an endpoint management solution for mobile devices, an MDM solution that allows the user to securely manage iOS, Android, Windows, and macOS devices with a single endpoint management solution.
The component Endpoint Configuration Manager (the former SCCM) is a system monitoring and management platform that can be deployed as an agent, via the cloud, or on-premises. It can manage systems across OS types (Windows, Mac, Linux), as well as multiple environments, including servers, virtual environments, and mobile devices from a single management console, and supports scaling capabilities, such as future application delivery.
The platform includes a customizable reporting tool to inform future business software decisions. It also enables endpoint protection from malware and vulnerability identification within the monitored systems and infrastructure.
Microsoft Endpoint Manager (Microsoft Intune + SCCM) Video
Announcing Microsoft Endpoint Manager
Microsoft Endpoint Manager (Microsoft Intune + SCCM) Integrations
Microsoft Endpoint Manager (Microsoft Intune + SCCM) Technical Details
| Deployment Types | On-premise |
|---|---|
| Operating Systems | Windows |
| Mobile Application | No |
Alternatives
View all alternatives
Reviews and Ratings
(218)
Ratings
Reviews
(1-25 of 218)- Popular Filters
Companies can't remove reviews or game the system. Here's why
September 04, 2021
A close to perfect MDM solution
First off let me clarify my product review only covers Microsoft Intune now called Microsoft Endpoint Manager. I used it to manage all of macOS and Windows 10 computers to deploy apps, compliance policies, configuration profiles, Windows autopilot, and to onboard my devices to Microsoft Defender for Endpoint.
- Windows Autopilot
- Integrates well with Apple devices
- Good tech support
- Runs in the cloud there is no need to put up an on-premises server
- Deploying more apps besides Microsoft Edge and Microsoft Office 365 app
- Microsoft needs to make it easier to deploy exe, pkg, and msi apps without having to go through the manual process of re-packaging these apps using tools from github like intuneapputil
- Add a feature to push out software updates for 3rd party apps
Microsoft Endpoint Manager (Microsoft Intune + SCCM) is used in various ways in my company and the companies I'm an MSP for. Mostly it is used in Microsoft 365 Business Premium environments and it does a great job of gathering end point information as well as give us the ability to push out Microsoft Desktop apps and Microsoft Edge as well as other apps. It's also nice that I can setup specific configurations and settings for Windows, 365 desktop apps, and Edge just like when using Group Policy for on premise servers and PCs. But using Microsoft Endpoint Manager (Microsoft Intune + SCCM) is much easier to use and implement.
- Able to create Compliance Policies and Configuration Profiles
- Configure Windows Update settings
- Configure Endpoint security settings and Windows Defender Antivirus
- Create App Protection and Configuration Policies
- More hardware details of devices such as drives, memory, etc.
- Ability to remotely connect to a PC without 3rd party software
- Not really any other cons that stand out
We use [Microsoft] Endpoint Manager [(Microsoft Intune + SCCM)] for all of our workstations that are either hybrid Azure AD joined or simply Azure joined devices. We also use it to manage iDevices. We have used SCCM for several years now, and when Intune announced the co-management capability, we made the transition very quickly. There are certain elements that Intune does not handle, such as bare metal imaging, but otherwise we have moved all workloads to Intune while maintaining our SCCM on prem. This covers device compliance, WSUS, application deployment, configuration profiles, etc.
- SCCM imaging can't be beat
- Intune application deployment and WSUS ensures that devices are getting updates and applications, especially in WFH scenarios
- The upgraded interface is much easier to work with than older SCCM iterations (2007 and below)
- The ADMX templates are still lacking in some areas
- Like SCCM, Endpoint Manager requires patience
- It would be nice if there was better integration for remote connectivity
June 30, 2021
Microsoft Endpoint Manager takes the headaches out of enterprise mobile device management
Our company is using Microsoft EndPoint Manager \ Intune to manage all our our mobile devices across the enterprise - tablets, mobile phones, and laptops. We apply security policies and administer all of these devices via Intune in the cloud. It is great to have a centralized, SaaS based solution so that we don't have to manage any infrastructure in our data centers. Intune makes sure that company data and emails stay secure even on employee owned assets. It is very easy to remotely and securely wipe an application or device that gets lost or stolen as well.
- Centralized administration of mobile devices - updates, security, reporting
- Seamless integration with SCCM
- ability to wipe devices remotely if lost or stolen
- built in reports aren't very useful.
- could be more cost effective.
Our organization uses Microsoft endpoint manager on our campus to supply updates , security patches , install applications and inventory devices seamlessly to 1500 users. SCCM addresses the issue of having technicians touch each individual device across our campus. We are able to isolate different graduating years and install necessary applications pertaining to each individual group with in the console. Each year we have to reimage each individual device and also add devices for incoming students, Microsoft Endpoint manager has simplified this process by being able to create a golden image than can be applied to different make and model of devices.
- Simplify rollout of devices
- Inventory thousands of devices and users
- Apply patches and applications to multiple devices at once
- Perhaps a more intuitive GUI
- A built in database with specific queries
We currently utilize [Microsoft Endpoint Manager (Microsoft Intune + SCCM)] across most of our organization. We recently acquired a different business and are in the process of trying to get SCCM deployed to that side. We primarily utilize this to help ensure patching/updates are pushed out on a timely basis for our systems.
- [Microsoft Endpoint Manager (Microsoft Intune + SCCM)] helps to speed up the deployment of patches/software throughout our environment. I can easily build a package and then deploy across all endpoints.
- The ability to supercede software is also quite handy. This automates the removal of old versions and replacing them with newer versions.
- The Intune Autopilot option is very useful if you want to deploy software to devices straight out of the box. You can configure them to download software when a user opens a new PC and turns it on for the first time.
- The one major drawback to SCCM is the delays or inability to deploy software if the device doesn't stay online long enough. This is particularly an issue in our environment for those users who work remotely and don't connect to our VPN client. If you can deploy via Cloud agent, this issue should go away
- There is a steep learning curve in getting SCCM configured and creating packages created, but it works great once configured.
We use Endpoint manager to manage all the windows devices in the organization, both shared and 1:1 from a central IT department over 100 different sites. It allows us to consistently apply policies, maintain security and track inventory at a distance. It allows us to control our onboarding of new devices, imaging said devices, and deliver software, updates in a consistent manner.
- Inventory management.
- Policy enforcement
- Device Tracking
- Imaging
- Continuous updates add new functionality
- Update delays in the subsystems
- Artificial limits on number of items displayed in lists, different on each page.
- Continous updates means that the location to find features moves.
Used to deploy, manage and monitor mobile devices (mostly mobile phones) and client computers. Great for mobile phones which are usually very hard to manage, especially when you have a mixture of Android and IOs devices that need to manage and protect.
- Mobile device management
- Device policies
- DLP
- Managing different OSes on mobile devices.
- Customization of end user portal.
January 22, 2021
Great for Cloud Management
We are in the process of transitioning from Group Policy over to Microsoft Endpoint Manager. We are using it for controlling our policies and setting up our standard operating environment. as well as application deployment. It allows us to standardize what we are doing and automate IT functions, freeing up valuable resources to be better spent elsewhere.
- Policy Management
- Application Deployment
- Cloud Management
- Pricing
- Steep Learning Curve
January 22, 2021
Microsoft Intune + SCCM Review
We use MS Intune and SCCM with our Azure cloud solution for all of our offices.
It is great tools to control and monitoring our security, servers and applications.
Manage mobile devices is highly important now days, so now we can manage our phones and tablets in modern way with modern approach.
It is great tools to control and monitoring our security, servers and applications.
Manage mobile devices is highly important now days, so now we can manage our phones and tablets in modern way with modern approach.
- We can add and assign mobile apps to user groups and devices
- Manage access on personal devices by restricting actions users can do or not
- Wipe or removing organization data from apps
- Reporting should be improved
- Better integration with AV software
- AI integration with alert notification about unusual user behavior
January 28, 2021
SCCM in 2021 from an end user's perspective
MS Endpoint Manager is currently being used at our organization as a standard way of deploying applications across multiple departments. It lessens the burden of deploying multiple applications to multiple departments that have different software needs and such. From an admin perspective, it's easier to manage the applications that are deployed in a specific group (Finance, HR, Administrative Roles, IT Admins, Support, etc) instead of manually provisioning each endpoint with a specific old-school "Check-list" style approach.
- Ease of Management
- East of Deployment
- Quick Overview
- Reliability
- Lack of further updates.
September 24, 2020
Intune - A powerful MDM tool for Office 365 users
Microsoft Intune is used to provide corporate data access via email app and other mobile apps on the mobile device of an employee. Intune enables the use of a personal mobile device to access emails and other official data in a secure environment where the IT team has full control over the flow of information. It is used throughout the organization where employees are eligible for email access via mobile. The business does not have to worry about data leakage and it provide 24/7 access to emails to employees.
- Device management.
- Complete control over the flow of information on the mobile device.
- Allows secure data access on BYOD.
- Compliance and policy enforcement on the Office apps in mobile.
- Dashboard customization can be improved.
- Privacy between personal and office data as i don't want that my company control my phone.
- Location service could be improved.
- Enhanced security and integration with other apps.
February 18, 2020
Microsoft System Center Configuration Manager (SCCM) Review
We use it for monthly Windows updates, image deployment to workstations, server and application deployment. It's being used in all departments to:
- Quickly patch/deploy applications all laptops, desktops.
- Push down new, updated Windows 10 OS versions.
- OS imaging and deployment via BOOTP across various locations through North America
- Patch management across various locations through North America
- Easier to find where something is inside the application.
- Faster results after patching has been completed, and it takes hours some time to see if a server was patched or something failed to install.
January 25, 2020
The one to beat for Windows application deployment and patching
We use SCCM for application and Windows desktop, laptop, and server patching. We accompany it with the PatchMyPC addons, so we can update the majority of applications we use for end-users.
We also use it to deploy security software.
- Windows and Office patching: SCCM does this really well. It is efficient, reliable, and easy to schedule. It's quite simple to keep machines updated once they've been registered.
- Application Deployment: SCCM very effectively deploys application and application updates. We use it very effectively to reinstall our security software if it gets uninstalled or needs to be updated.
- Reporting: The SQL Reporting Services oriented user-interface is really not particularly user-friendly.
- Inventory: The inventory function is overly basic and difficult to search. If this were improved to be a legitimate asset management tool, it would tremendously increase the value of SCCM to organizations.
Currently, we're using Microsoft System Center Configuration Manager to manage all our Windows assets, from PCs to laptops. Considering we use it across all organization, and we have a dozen of remote sites, some of them with distribution points, I can safely say that we solve basically 2 big business problem: We can manage all of those assets from a single pane of glass, delivering software with software-central feature, managing and keeping a eye on the status of those updates and also saving bandwidth at the same time, because we can deploy those software and updates from that distribution point, avoiding to have every single PC/laptop to download from the Internet itself.
- You can run an inventory of your assets, from PCs to laptops, grouping them by location, type, department, all tight to your own Active Directory. That saves a lot of time when you need to report the status of hardware and software. You can even manage alerts to inform you when some hardware change has happened, which could possibly lead to a robbery.
- You can centralize software distribution, controlling what kind of software is available for your organization, and here's the most important part: you can give end-users the power to install/remove that software by themselves. That way, you can avoid a ticket to your service desk and potentially save money on those tickets too.
- Also, due to the distributed architecture of the product, you can deploy a component of the system in each remote site you have. Thanks to that, you can avoid using the bandwidth of the remote site, which usually is already limited, to download software/updates to each PC locally. You just need to download once for the distribution point it will deliver locally. You can also avoid the risk of having your local WAN to be contested by some unexpected outdated PC that was just connected to your network.
- The licenses can be expensive if you are a small organization. Make sure you have a good deal with your Microsoft partner.
- Deal with collections can be a little hard sometimes. Collections are the say the product classify or organize the groups. As the concept is a little different from what we're used to, like Active Directory Organizational Units or Security Groups, etc., it's best if you spend some time studying this before you deploy the product in your organization, especially if your organization has severy business or business units and remote sites.
- You don't have as much product specialists as you have for other Microsoft products like MS Exchange, for example. So, make sure you hire a partner that have the skills needed to help you during the deploy of the product. Indeed, it is a complex product and it demands attention to details to avoid frustration in the future. People tend to save money on the implementation phase and that leads to frustration and, in some cases, projects cancellation due to underestimation of the requirements of the product.
October 18, 2019
Relax and let SCCM do the job for you to do other stuff
It is used by two departments, enterprise services (e.g Infrastructure Administration, Email, Sharepoint, etc) and Help Desk.
- Patching lots of computers (in my case 400+) without leaving your seat!! Less administrative overheads.
- Deploying new machines with a standard image that is the same across the organisation and no one has a different set of image and therefore consistancy within the organsation.
- Provide a comprehensive inventory of the organisation's computer assets.
- Provide security auditors with patching compliance reports within the organisation.
- Driver portals for different PC/Laptop manufactures.
- There is no dashboard for the executive summary of the organisation's patch levels.
- Being able to see the downloaded patches (labeled with KB numbers) according to their names on the SCCM server.
August 31, 2019
Microsoft System Center Configuration Manager does it all, but you need to know how to do it, which has a learning curve
SCCM is used across our entire organization. We use it for zero-day remediations, as well as large scale package deployments. It saves the company an immense amount of hours wasted for on-site support team members having to manually install packages. We can also pull reports of software versions across our environment and deploy patches accordingly for any PC that's out of compliance.
- It allows users to install packages from a Self-servicing application via an app called Software Center.
- It allows for fast remediation of vulnerabilities across your organization.
- Provides reports for high-level visibility of your environment for upper management.
- Building a collection and deployment takes some time to learn. It isn't very user intuitive.
- Getting up to date reports on a deployment isn't a one-click process. It requires triggering multiple events and waiting about 10-15 minutes
- I wish there was a dashboard feature built into SCCM. I manage the JAMF platform in my environment as well, and this is one of the key features I rely on every day. When I need to pull a report in System Center Configuration Manager it is just clunky.
We use SCCM for a number of different use cases including imaging, OS and software deployments, inventory and desktop management. Its primary function is to push new software to the fleet. The benefit is being able to time when and what gets deployed and make it done in an automated fashion. We also use it to manage to patch existing software packages (in conjunction with a product called Ninite).
- You are able to create queries to identify almost any combination of computers needed.
- Its direct tie to active directory.
- It fully leverages Windows functionality.
- Its mac integrations, though improving, are really not much more than inventory.
- It could benefit from an enterprise remote control solution more similar to Bomgar or LogMeIn.
- Its web interface for reporting is very dated.
March 14, 2019
Great tool for enterprise IT teams, must have usage experience for all IT specialists.
At my current and previous companies, I have used System Center Configuration Manager as one of the main tools to manage my IT infrastructure. From simple management of active directory users and computers to detailed inventorying of windows equipment (computers and server), software inventorying, software deployments and patch management. Also, it is used as a main endpoint protection solution that includes centrally managed Windows Defender and ATP. We use System Center Configuration Manager as one of the main monitoring tools to get reports of the Windows patching state, device availability and activity, to get information about what PCs users are using at a current time. Using as the only solution to capture and image new and existing workstations and servers. And, also SCCM is the main remote control/assistance tool for our help desk department.
- We have mostly Windows environments, so SCCM provides us tons of monitoring options for computers and servers.
- SCCM saves a lot of time and money for our Help Desk team to provide remote assistance to end users.
- In a Windows 10 environment, SCCM provides pretty decent endpoint protection.
- Patch management: tons of options of management, deployment, and monitoring.
- Systems Imaging: deploying images to new PCs or servers, reimaging existed environment.
- And of course, systems inventorying (hardware and software).
- Initial configuration is pretty much complex and requires some additional time for preparation and deployment.
- It would be awesome to have Patch management and endpoint security be moved to separate tabs in the SCCM management console.
- Imaging functionality is great but over-complicated, and sometimes simple processes take way longer compared to regular WDS services.
- Better reporting and monitoring services with customized charts.
- Better integration of SCCM patching services with Windows Updates services on Windows 10. Sometimes it is almost impossible to say if patches were installed on Windows 10 via SCCM deployment until you get that information within SCCM management console.
- Requires a lot of learning about the product for IT personnel.
March 08, 2019
Microsoft's Enterprise Management Software
My former company used System Center Configuration Manager for software deployment, Imaging, and Microsoft updates. It was used across the entire enterprise, but my department only used it for imaging and application deployment. Before SCCM we were using Landesk, which I preferred greatly. That being said, SCCM does work well, as long as it is configured correctly. I would recommend it, but it would not be my first choice for deployment or imaging software.
- Imaging from PXE boot, and it can be configured for remote imaging. Any IT department that has ever imaged 100 or more workstations with a CD and external drive knows that this is a strength.
- Application deployment. Sccm can be configured with a software store where end users can install the software they need.
- Update deployment, updates can be deployed on a set schedule with SCCM.
- Imaging. I know that I gave this as a plus, but this is also a drawback too. Images take much longer to deploy via SCCM than they do with FOG or Landesk.
- The system itself is a huge learning curve and takes a great deal of configuration to make it work correctly.
- Remote Desktop Tool -- Microsoft already has a remote desktop tool, so why include almost the exact same one in your VERY expensive management suite?
System Center Configuration Manager (SCCM)is being used across the whole organization on all of our Windows computers and our dual booted Mac computers. SCCM addresses the problem of having to have more employees to be available for hands on installing and updating any software that SCCM allows the user to do without another employee finding time to do it for them.
- SCCM allows our administrator to push updates remotely and does not require our staff to do anything to install software/updates etc.
- SCCM lets us control licenses to software by allowing our administrator to only push out software to staff members when requested instead of allowing all staff to choose software from a list. Prevents unauthorized usage of licenses to software.
- SCCM allows periodic software updates to be scheduled even when our staff are not at their computers, because it does not require staff actions.
- SCCM takes a long time to install once a computer has been reimaged and sometimes it fails.
- When the SCCM server goes down, no one is able to install anything and causes staff to be frustrated.
- There isn't a communication tool that tells users that new software has finished installing. Staff have to keep checking for software they requested to be installed to verify it was installed.
February 02, 2019
The best tool to put things in order if you have a large company and use remote workers
I use this tool to connect with my team remotely, and it has allowed us to have all the necessary information in an organized way and to have the documents ready to share quickly and safely. This harnessing has allowed me to build a real and very useful database, and allows me to establish service level objectives, review them, and generate associated reports.
In general, it has allowed me to automate some processes associated with personnel management.
In general, it has allowed me to automate some processes associated with personnel management.
- It allows me to increase the response capacity to the requirements of the users to keep the information organized and accessible.
- It allows me to build a really reliable database.
- It allows me to automate processes and establish a single point of contact per user.
- It is a very good tool to generate follow-up reports.
- It is not an easy tool to use, it has many functions and tends to confuse the naked eye.
- The implementation is a bit slow.
We are a relatively small/medium company. I was fortunate enough to have enough influence to convince them to allow me to buy the Data Center version of both SCCM and SCOM. Having said that, we utilize SCCM within our IT Department to manage our IT inventory as well as push out critical updates and patches to our Microsoft Windows devices. Additionally, we utilize SCCM to track software licensing and usage across our organization. It has been a powerful tool for us as a company to enable not only the resource management functions, but leveraging the System Center Endpoint Protection (SCEP) product enables us to manage and take advantage Microsoft built in security products. The reporting is an extremely flexible and powerful tool that enables us to quickly visualize our inventory and assist with technology refreshes and forecasting our upgrades.
- System Center Endpoint Protection (SCEP) product enables you to manage and take advantage Microsoft built in security products. Very simple to configure and maintain.
- Track software licensing and usage across your organization.
- Managing the ageing of our equipment and plan technical refreshes. Through reporting you can easily visualize your inventory and see basically any information needed to make informed decisions.
- Configuration and setup of SCCM can be quite challenging if you have never performed this. Microsoft has very good documentation on this function and can guide a seasoned IT professional through the process.
- Keeping SCCM up to date can be challenging and I believe that this is a major opportunity for an area of improvement.
- There is a right-click tool kit that is separate that Microsoft should include in the console. Once you use them, you will understand why.
We use MS SCCM in our organization to deploy and manage System Center Endpoint Protection. We also use it to deploy known good configurations of operating systems and programs for new machines to our network. We use SCCM to report and alert on the health status of servers and endpoints. We also use it to manage Windows and third party applications.
- Patch Management
- OS Deployement
- Health Status Reporting
- Application Deployement
- It can be a house of cards at times. If one little thing fails it seems like the whole thing comes crashing down. SCCM is NOT for the faint of heart.
- Setup is quite a chore. The setup process it NOT straight forward and relying on a third party walk-through is essential.
- Diagnosing what is wrong with SCCM can be a daunting task. Again... not for the faint of heart.
January 29, 2018
SCCM - Essential for larger environments
Microsoft Systems Center Configuration Manager 2012 R2 is being used for:
- Deployment of Windows 7 and Windows 10 client desktop and laptop machines
- Deployment of Windows Server 2012 R2 and 2016 Server machines
- Management of Windows updates for Windows servers and clients
- Applying configuration and security baselines and ensuring compliance
- Reporting and asset management
- Client and server inventories
- Software deployment and updates
- Application deployment and compliance
- Windows deployment is probably the biggest strength in my opinion. You can build and capture an operating system image, deploy it using as complex a task sequence as you want. The functionality can be combined with that of Microsoft Deployment Toolkit. A deployment can be Zero-Touch all the way to a fully managed sequence.
- Update management is very good combined with WSUS.
- The distributed model of SCCM makes it good for ensuring WAN links aren't overutilized.
- Further work could be done on the software and application deployment side.
- The ability to view the logs from the same console would make a lot of sense.