Microsoft Endpoint Manager (Microsoft Intune + SCCM)

Microsoft Endpoint Manager (Microsoft Intune + SCCM)

About TrustRadius Scoring
Score 8.5 out of 100
Microsoft Endpoint Manager (Microsoft Intune + SCCM)


Recent Reviews

Microsoft Intune Review

9 out of 10
January 17, 2020
We use it for mobile device management, mobile application management, Mac OS management, and Windows 10 management. I have also converted …
Continue reading


Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Microsoft Endpoint Manager (Microsoft Intune + SCCM), and make your voice heard!


View all pricing

Microsoft 365 Business Basic


On Premise
per user/per month

Microsoft 365 For Individuals


On Premise
per month

Microsoft 365 Apps


On Premise
per user/per month

Entry-level set up fee?

  • No setup fee


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Features Scorecard

No scorecards have been submitted for this product yet..

Product Details

What is Microsoft Endpoint Manager (Microsoft Intune + SCCM)?

Microsoft Endpoint Manager, combining the capabilities of the former Microsoft System Center Configuration Manager, SCCM or ConfigMgr with the mobile device management application Microsoft Intune, is presented as a unified endpoint management option.

The former Microsoft Intune is an endpoint management solution for mobile devices, an MDM solution that allows the user to securely manage iOS, Android, Windows, and macOS devices with a single endpoint management solution.

The component Endpoint Configuration Manager (the former SCCM) is a system monitoring and management platform that can be deployed as an agent, via the cloud, or on-premises. It can manage systems across OS types (Windows, Mac, Linux), as well as multiple environments, including servers, virtual environments, and mobile devices from a single management console, and supports scaling capabilities, such as future application delivery.

The platform includes a customizable reporting tool to inform future business software decisions. It also enables endpoint protection from malware and vulnerability identification within the monitored systems and infrastructure.

Microsoft Endpoint Manager (Microsoft Intune + SCCM) Video

Announcing Microsoft Endpoint Manager

Microsoft Endpoint Manager (Microsoft Intune + SCCM) Integrations

Microsoft Endpoint Manager (Microsoft Intune + SCCM) Technical Details

Deployment TypesOn-premise
Operating SystemsWindows
Mobile ApplicationNo


View all alternatives


(1-25 of 48)
Companies can't remove reviews or game the system. Here's why
Joe Aldeguer | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
First off let me clarify my product review only covers Microsoft Intune now called Microsoft Endpoint Manager. I used it to manage all of macOS and Windows 10 computers to deploy apps, compliance policies, configuration profiles, Windows autopilot, and to onboard my devices to Microsoft Defender for Endpoint.
  • Windows Autopilot
  • Integrates well with Apple devices
  • Good tech support
  • Runs in the cloud there is no need to put up an on-premises server
  • Deploying more apps besides Microsoft Edge and Microsoft Office 365 app
  • Microsoft needs to make it easier to deploy exe, pkg, and msi apps without having to go through the manual process of re-packaging these apps using tools from github like intuneapputil
  • Add a feature to push out software updates for 3rd party apps
Windows Autopilot makes provisioning user Windows PC laptops a breeze. A user only needs to turn on the laptop, join it to their local WiFi, login with their O365 account then sit back and let Windows Autopilot handle the app installations required for work, configure the laptop settings to meet my organization requirements. I have seen this all completed in less than 30 minutes depending on how fast the internet connection is.

Where Microsoft Intune needs to improve I think is the part where it can push out software updates to 3rd party apps. Right now I have to use Automox to fill in this gap.
Whenever I get stuck implementing Microsoft Intune I found it easy to get the support I needed from Microsoft.
Mark McCully | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source
Our company is using Microsoft EndPoint Manager \ Intune to manage all our our mobile devices across the enterprise - tablets, mobile phones, and laptops. We apply security policies and administer all of these devices via Intune in the cloud. It is great to have a centralized, SaaS based solution so that we don't have to manage any infrastructure in our data centers. Intune makes sure that company data and emails stay secure even on employee owned assets. It is very easy to remotely and securely wipe an application or device that gets lost or stolen as well.
  • Centralized administration of mobile devices - updates, security, reporting
  • Seamless integration with SCCM
  • ability to wipe devices remotely if lost or stolen
  • built in reports aren't very useful.
  • could be more cost effective.
Microsoft Endpoint Manager is a very power application for managing remote users and mobile devices at scale. I don't think it would make much sense for a smaller company that doesn't have that many mobile assets to use, but for mid to enterprise size companies Microsoft Intune is definitely a life saver to cut down on the TCO of mobile device management.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Used to deploy, manage and monitor mobile devices (mostly mobile phones) and client computers. Great for mobile phones which are usually very hard to manage, especially when you have a mixture of Android and IOs devices that need to manage and protect.
  • Mobile device management
  • Device policies
  • DLP
  • Managing different OSes on mobile devices.
  • Customization of end user portal.
It does everything you need in an MDM solution and if you are already paying for Microsoft Office 365 it's already there and takes almost no time to setup.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Our organization uses Microsoft endpoint manager on our campus to supply updates , security patches , install applications and inventory devices seamlessly to 1500 users. SCCM addresses the issue of having technicians touch each individual device across our campus. We are able to isolate different graduating years and install necessary applications pertaining to each individual group with in the console. Each year we have to reimage each individual device and also add devices for incoming students, Microsoft Endpoint manager has simplified this process by being able to create a golden image than can be applied to different make and model of devices.
  • Simplify rollout of devices
  • Inventory thousands of devices and users
  • Apply patches and applications to multiple devices at once
  • Perhaps a more intuitive GUI
  • A built in database with specific queries
When dealing with a large number of users and devices SCCM has become the right hand of the department in regards to deploying, monitoring and rolling out devices. Making sure all devices are patched and have the latest malware revisions updated and applied has become much easier than before where each individual user was responsible.

Due to the time it takes to apply updates and changes, SCCM would be less appropriate when dealing with a smaller size of users
Score 10 out of 10
Vetted Review
Review Source
Microsoft Endpoint Manager (Microsoft Intune + SCCM) is used in various ways in my company and the companies I'm an MSP for. Mostly it is used in Microsoft 365 Business Premium environments and it does a great job of gathering end point information as well as give us the ability to push out Microsoft Desktop apps and Microsoft Edge as well as other apps. It's also nice that I can setup specific configurations and settings for Windows, 365 desktop apps, and Edge just like when using Group Policy for on premise servers and PCs. But using Microsoft Endpoint Manager (Microsoft Intune + SCCM) is much easier to use and implement.
  • Able to create Compliance Policies and Configuration Profiles
  • Configure Windows Update settings
  • Configure Endpoint security settings and Windows Defender Antivirus
  • Create App Protection and Configuration Policies
  • More hardware details of devices such as drives, memory, etc.
  • Ability to remotely connect to a PC without 3rd party software
  • Not really any other cons that stand out
Microsoft Endpoint Manager (Microsoft Intune + SCCM) is well suited for any organization or company size. Probably is used more in depth in organizations or companies that have 20 or more PCs. Being that Microsoft Endpoint Manager (Microsoft Intune + SCCM) comes with Microsoft 365 Business Premium is a huge plus which makes it very well suited for any size business, especially small businesses.
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use [Microsoft] Endpoint Manager [(Microsoft Intune + SCCM)] for all of our workstations that are either hybrid Azure AD joined or simply Azure joined devices. We also use it to manage iDevices. We have used SCCM for several years now, and when Intune announced the co-management capability, we made the transition very quickly. There are certain elements that Intune does not handle, such as bare metal imaging, but otherwise we have moved all workloads to Intune while maintaining our SCCM on prem. This covers device compliance, WSUS, application deployment, configuration profiles, etc.
  • SCCM imaging can't be beat
  • Intune application deployment and WSUS ensures that devices are getting updates and applications, especially in WFH scenarios
  • The upgraded interface is much easier to work with than older SCCM iterations (2007 and below)
  • The ADMX templates are still lacking in some areas
  • Like SCCM, Endpoint Manager requires patience
  • It would be nice if there was better integration for remote connectivity
For any enterprise environment, it will be hard to go wrong with [Microsoft Endpoint Manager (Microsoft Intune + SCCM)]. Is it the perfect solution? No...but when considering integration across the M365/Azure front, it has significant advantage. It is probably overkill for smaller organizations, or for small businesses with limited technology staff. That said, it is not the most complicated product offered by Microsoft :)
Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Endpoint manager to manage all the windows devices in the organization, both shared and 1:1 from a central IT department over 100 different sites. It allows us to consistently apply policies, maintain security and track inventory at a distance. It allows us to control our onboarding of new devices, imaging said devices, and deliver software, updates in a consistent manner.
  • Inventory management.
  • Policy enforcement
  • Device Tracking
  • Imaging
  • Continuous updates add new functionality
  • Update delays in the subsystems
  • Artificial limits on number of items displayed in lists, different on each page.
  • Continous updates means that the location to find features moves.
Large, centralized IT department with responsibility for, and control over large portions of an organization's IT assets, policies, and security work well with SCCM. The addition of Intune allows for a distributed workforce to receive updates, policies, and security over the internet. Smaller organizations, or groups of smaller departments in a large organization that manage their own IT assets would not be a good fit for the investment in MEM.
Score 8 out of 10
Vetted Review
Verified User
Review Source
We currently utilize [Microsoft Endpoint Manager (Microsoft Intune + SCCM)] across most of our organization. We recently acquired a different business and are in the process of trying to get SCCM deployed to that side. We primarily utilize this to help ensure patching/updates are pushed out on a timely basis for our systems.
  • [Microsoft Endpoint Manager (Microsoft Intune + SCCM)] helps to speed up the deployment of patches/software throughout our environment. I can easily build a package and then deploy across all endpoints.
  • The ability to supercede software is also quite handy. This automates the removal of old versions and replacing them with newer versions.
  • The Intune Autopilot option is very useful if you want to deploy software to devices straight out of the box. You can configure them to download software when a user opens a new PC and turns it on for the first time.
  • The one major drawback to SCCM is the delays or inability to deploy software if the device doesn't stay online long enough. This is particularly an issue in our environment for those users who work remotely and don't connect to our VPN client. If you can deploy via Cloud agent, this issue should go away
  • There is a steep learning curve in getting SCCM configured and creating packages created, but it works great once configured.
If you have a knowledgeable and decent sized server team, this is a fantastic product. However, trying to configure and maintain [Microsoft Endpoint Manager (Microsoft Intune + SCCM)] with only 1 or 2 server engineers, it is quite a handful. Since it is a Microsoft product, you can rely on the stability as well as the security of the application.
Ericson Aragoza | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
MS Endpoint Manager is currently being used at our organization as a standard way of deploying applications across multiple departments. It lessens the burden of deploying multiple applications to multiple departments that have different software needs and such. From an admin perspective, it's easier to manage the applications that are deployed in a specific group (Finance, HR, Administrative Roles, IT Admins, Support, etc) instead of manually provisioning each endpoint with a specific old-school "Check-list" style approach.
  • Ease of Management
  • East of Deployment
  • Quick Overview
  • Reliability
  • Lack of further updates.
It is well suited to organizations that have numerous deployments or yearly refreshes of systems. Especially now that we do work from home (mostly), it's easier for IT administrators and end-users to actually rely on this software to provide the specific application that they do require. From an admin point of view, it's as simple as adding the new or updated application to the available apps for users to install. From an end-user perspective, it's as simple as checking the SCCM client for the available app and installing it.
Sam Othman | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Review Source
We are in the process of transitioning from Group Policy over to Microsoft Endpoint Manager. We are using it for controlling our policies and setting up our standard operating environment. as well as application deployment. It allows us to standardize what we are doing and automate IT functions, freeing up valuable resources to be better spent elsewhere.
  • Policy Management
  • Application Deployment
  • Cloud Management
  • Pricing
  • Steep Learning Curve
I would implement Microsoft Endpoint Manager without a doubt in a new startup. Between this and Azure Active Directory, there is limited need for on-prem Group Policy & Active Directory. This would allow full cloud management of the enterprise and less need for on-prem services.

It can be tricky to migrate from on-prem to Microsoft Endpoint Manager within a larger organisation as each individual policy item would need to be implemented one by one and tested thoroughly - but well worth the effort to do this.
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use MS Intune and SCCM with our Azure cloud solution for all of our offices.
It is great tools to control and monitoring our security, servers and applications.
Manage mobile devices is highly important now days, so now we can manage our phones and tablets in modern way with modern approach.
  • We can add and assign mobile apps to user groups and devices
  • Manage access on personal devices by restricting actions users can do or not
  • Wipe or removing organization data from apps
  • Reporting should be improved
  • Better integration with AV software
  • AI integration with alert notification about unusual user behavior
It is good for mid or ent business. Good interfaces and integration with other MS applications and services.
Nowadays lots of companies use BYOD devices and try to manage them with Systems Center Configuration Manager, which bring some security issues and unconvinced. MS Intune may improve this situation and bring lots of benefits.
For small business it is less appropriate because require licenses and IT professionals to manage.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Microsoft Intune is used to provide corporate data access via email app and other mobile apps on the mobile device of an employee. Intune enables the use of a personal mobile device to access emails and other official data in a secure environment where the IT team has full control over the flow of information. It is used throughout the organization where employees are eligible for email access via mobile. The business does not have to worry about data leakage and it provide 24/7 access to emails to employees.
  • Device management.
  • Complete control over the flow of information on the mobile device.
  • Allows secure data access on BYOD.
  • Compliance and policy enforcement on the Office apps in mobile.
  • Dashboard customization can be improved.
  • Privacy between personal and office data as i don't want that my company control my phone.
  • Location service could be improved.
  • Enhanced security and integration with other apps.
Intune is suitable for scenarios to manage endpoints such as laptop, desktop, and mobile devices. It allows administrators to set up office email and other apps on the personal mobile device of the employees so that they access corporate data all the time. Administrators have full control of the information flow and they have the option to remotely wipe all the data in case of any compromise. Suitable for providing enterprise mobility and secure access to corporate resources. Not sure about less appropriate scenarios.
Being a Microsoft product, support was good. Out interaction was limited to our in-house IT team which was installing the Intune app in our mobile device. The installation was smooth and we haven't faced any difficulties with the app while using it. Provides a smooth and secure access to all Office 365 apps in mobile while separating the personal and professional data.
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use it for monthly Windows updates, image deployment to workstations, server and application deployment. It's being used in all departments to:
  • Quickly patch/deploy applications all laptops, desktops.
  • Push down new, updated Windows 10 OS versions.
  • OS imaging and deployment via BOOTP across various locations through North America
  • Patch management across various locations through North America
  • Easier to find where something is inside the application.
  • Faster results after patching has been completed, and it takes hours some time to see if a server was patched or something failed to install.
Big companies. Companies over different locations. For less, I would say for small companies it's overkill. A lot of initial setup, expense — Windows Server license, DB server license, Microsoft System Center Configuration Manager (SCCM) license.
I have never used Microsoft support. I took training, and if I can't get something to work, I Google for the error issue.
Kurt Ferguson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
We use SCCM for application and Windows desktop, laptop, and server patching. We accompany it with the PatchMyPC addons, so we can update the majority of applications we use for end-users. We also use it to deploy security software.
  • Windows and Office patching: SCCM does this really well. It is efficient, reliable, and easy to schedule. It's quite simple to keep machines updated once they've been registered.
  • Application Deployment: SCCM very effectively deploys application and application updates. We use it very effectively to reinstall our security software if it gets uninstalled or needs to be updated.
  • Reporting: The SQL Reporting Services oriented user-interface is really not particularly user-friendly.
  • Inventory: The inventory function is overly basic and difficult to search. If this were improved to be a legitimate asset management tool, it would tremendously increase the value of SCCM to organizations.
SCCM is awesome for patching and great for application deployment as well. If you use powerful add-ons like PatchMyPC and use Microsoft Azure integration to extend its reach to remote machines, it is truly indispensable. It may be less so if you don't have the money for those additions. If you already have an effective patching solution that also handles third-party and remote patching, SCCM may not be worth the effort.
Microsoft's support for SCCM is excellent. Premium support is worth it, especially if organizations are managing their SCCM installations with very limited staff.
January 17, 2020

Microsoft Intune Review

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use it for mobile device management, mobile application management, Mac OS management, and Windows 10 management. I have also converted GPO to Intune Policies for Windows 10 devices. The Bitlocker key is also being managed by Intune. I set up the company portal for self-services application installs.
  • Software deployment.
  • Device wipe.
  • Reporting.
  • User notification for patching/rebooting.
It is well suited if you are an Office 365 shop. The ecosystem and security cannot be matched. Securing data and DLP is built-in or works together. It is a really cost-effective solution for MDM, MAM, and endpoint management.
It is easy to support as an admin, and Microsoft support is very helpful. Also, there is plenty of 3rd party vendors that have support knowledge.
Score 9 out of 10
Vetted Review
Verified User
Review Source
It is being used both across the whole organization and at the department levels. It is centrally managed by the main IT group in the organization, and then individual departments have their own instance of SCCM to be able to use to manage resources/deploy software, etc. It addresses the business problem of having a central Systems Management solution that can pretty much do most everything, including managing all hardware endpoints, managing software, monitoring, asset management, managing antimalware and firewall policies, etc. in an organization.
  • It has nice GUI's built-in for many of the functions throughout the program. This helps to make it easier for the IT Administrator to be able to utilize certain features/functions when using SCCM.
  • It doesn't use a lot of system resources when running, or even if left open on the server. This is good, as it enables those that work with the program to still be productive with being able to run other programs/software on the server.
  • It has really good remote assistance options built-in. This is particularly helpful for the IT Admin being able to assist end-users over a remote session or to remotely connect to computers. This is also a benefit for organizations that don't have a commercial remote assistance product in place.
  • The program itself can be challenging to use, especially if there hasn't been any formal training on the use of the product. Either training/reviewing documentation is recommended prior to using SCCM.
  • At times, it can be difficult to try and find out why a certain machine that's listed in SCCM says that the endpoint has the SCCM client and shows as Active, but in fact, it's not. It's also difficult at times to try and figure out why the client can't be pushed down to the endpoint.
  • Even though the remote assistance features in SCCM are really good, it can be challenging at times when the remote options don't work for a particular endpoint, even though the machine is active, online, etc.
It is well suited in organizations that are looking for an all-in-one Systems Management solution, that is well-known in the industry, and comes from a vendor that is also well-known, and that offers good support for this kind of product. It is less suited for organizations that want to use something right away, without a whole lot of setup/management on the back-end. This also wouldn't be suited for organizations that don't have funding for their IT folks to get formal training in the use of the product or have the time to read through the documentation, etc.
We have not needed to seek support for this product in the time that we have used it thus far. It's been working really well, and have not had any major issues. Being that it's a Microsoft product, it goes without saying that there will be many support options available if needed. This includes phone, web, forums, KB articles, etc. There is even comprehensive documentation that is available on the web through Microsoft's website for use of the product.
Score 9 out of 10
Vetted Review
Verified User
Review Source
We needed to deploy a point of sale on mobile devices and we wanted to have a clear control over what the device could do, so we looked for an MDM.
  • Enrollment process.
  • Application deployment.
  • Many security features.
  • VPN deployment.
  • Device searches.
  • In the tagging of devices by project.
If you need to have control of your mobile or desktop devices to comply with compliance policies and facilitate mass management, this product is for you.
It is an excellent tool that allows you to facilitate the management and raise the level of security, it is great.
Score 8 out of 10
Vetted Review
Verified User
Review Source
It is used by two departments, enterprise services (e.g Infrastructure Administration, Email, Sharepoint, etc) and Help Desk.
  • Patching lots of computers (in my case 400+) without leaving your seat!! Less administrative overheads.
  • Deploying new machines with a standard image that is the same across the organisation and no one has a different set of image and therefore consistancy within the organsation.
  • Provide a comprehensive inventory of the organisation's computer assets.
  • Provide security auditors with patching compliance reports within the organisation.
  • Driver portals for different PC/Laptop manufactures.
  • There is no dashboard for the executive summary of the organisation's patch levels.
  • Being able to see the downloaded patches (labeled with KB numbers) according to their names on the SCCM server.
Well suited where you have a vulnerability and just push the needed patch without going around each and every computer and addresses issues where the patch was released out of band. This saves valuable time and definitely frees administrators to do other tasks. You can push applications to users without them requiring administrators privileges and therefore still not having to be present!

It's less appropriate when it comes to third-party software patching e.g Winrar, 7Zip, Google Chrome, Firefox and these are not covered by SCCM. I would love for them to be able to extend their patch management to other vendors.
It has made our lives easier and has reduced a substantial amount of time we spend on patching, new machine/laptop provisioning, out of band patches, manually having to go one by one counting our computer assets. It has reduced our travel bill and our remote users get remote assistance from the Help Desk team.
Adam Martin | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
SCCM is used across our entire organization. We use it for zero-day remediations, as well as large scale package deployments. It saves the company an immense amount of hours wasted for on-site support team members having to manually install packages. We can also pull reports of software versions across our environment and deploy patches accordingly for any PC that's out of compliance.
  • It allows users to install packages from a Self-servicing application via an app called Software Center.
  • It allows for fast remediation of vulnerabilities across your organization.
  • Provides reports for high-level visibility of your environment for upper management.
  • Building a collection and deployment takes some time to learn. It isn't very user intuitive.
  • Getting up to date reports on a deployment isn't a one-click process. It requires triggering multiple events and waiting about 10-15 minutes
  • I wish there was a dashboard feature built into SCCM. I manage the JAMF platform in my environment as well, and this is one of the key features I rely on every day. When I need to pull a report in System Center Configuration Manager it is just clunky.
Microsoft System Center Configuration Manager is needed for any business with 300 or more PCs. It helps maintain application and security patch compliance. I use it for app deployments mostly, but it is also used for monthly security patch deployments by others on my team. The Software Center app is a nice bonus for end-users.
Microsoft support is very quick in assisting with large scale or even smaller-scale issues. They are available 24/7/365 (depending on your support tier contract), which is really nice if your system goes sideways. I've used them a handful of times when something goes wrong. They are always friendly and helpful.
Score 7 out of 10
Vetted Review
Verified User
Review Source
System Center Configuration Manager was used as a solution for OS deployment, remote troubleshooting, and patch management for Windows PCs in our organization. The plan was to use it to manage close to a thousand PCs in total. As the product required an excessive number of man-hours to implement and support, its use was dropped after a year, and an alternative selected. The main goal was to improve OS deployment and replace WDS.
  • Remote Control works well and does not require a lot of configuration. It must be understood that the Remote Control feature of System Center Configuration Manager is different from RDP, as it does not establish a separate user session and allows a tech to troubleshoot issues in a way visible to a user.
  • It is easy to add client devices for management, and multiple options are available (push, Active Directory, etc.)
  • It's modular and extensible. For example, a third-party company, Parallels, makes a System Center Configuration Manager plugin to manage Macs from the same console.
  • Installation is very laborious and complicated. The number of things to manually configure during the installation is incredible.
  • OS deployment is hard to configure and troubleshoot. The Microsoft article on deploying Windows 10 via System Center Configuration Manager in a test environment takes 44 minutes to read (Microsoft's estimate, not mine -- check here: If something goes wrong, there are multiple log locations to check on both the server and client, making troubleshooting difficult.
  • The management console looks old, and its performance isn't great. It is often hard to find settings in the console, and it refreshes slowly. The old name for System Center Configuration Manager, SMS, comes to mind often. "Slowly Moving Software."
I know many people have a great experience with System Center Configuration Manager, but it is not suitable for organizations that cannot commit a significant amount of time to configuration and deployment. For example, my organization uses Jamf Pro for Mac management. It took me a couple of days to configure every setting needed for an adequate Mac deployment. System Center Configuration Manager took way longer. Most MSPs in our area do not want to deal with it due to its complexity either. A big organization will find the product more suitable, as configuration tasks are the same whether an organization has 1000 or 10,000 computers, the installation will be more useful with scale. In my case, trying to deploy System Center Configuration Manager as a personal project while doing other tasks was not a success.
Our organization does not pay for Microsoft support, so it was not used in regards to System Center Configuration Manager. Microsoft documentation for the product is good, but there is a lot to read, as it has a large number of features. Organizations with access to Microsoft support will have a better experience with the product than I did.
Mark Fitzgerald | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Review Source
We use SCCM for a number of different use cases including imaging, OS and software deployments, inventory and desktop management. Its primary function is to push new software to the fleet. The benefit is being able to time when and what gets deployed and make it done in an automated fashion. We also use it to manage to patch existing software packages (in conjunction with a product called Ninite).
  • You are able to create queries to identify almost any combination of computers needed.
  • Its direct tie to active directory.
  • It fully leverages Windows functionality.
  • Its mac integrations, though improving, are really not much more than inventory.
  • It could benefit from an enterprise remote control solution more similar to Bomgar or LogMeIn.
  • Its web interface for reporting is very dated.
It is an enterprise. You have to have some level of scale to make this product feasible. It isn't just something you throw into the environment to make your life easier. When you are managing thousands of computers, the equation changes and it is incredibly valuable. It is complex and if not done correctly, it potentially can cause a lot of damage, so make sure you fully understand what you are doing before you press the button.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Across all of IT, SCCM is used for deployment of software as well as Windows patching. It is used for both server patches as well as workstation patches—both laptop and desktop—on a monthly basis. It handles the patch process much more efficiently than its predecessor here—WSUS.
  • It's easy to group machines into separate categories, such as servers and workstations, or more in-depth categories, such as location X workstations and location Y servers, to easily target them for patches.
  • Sending software to a workstation through SCCM is simple!
  • Patching can be handled with bandwidth restrictions in mind, letting only X% of the wire be used for patching and even allowing the patches to go to a specific downstream server at a location to let all local workstations leech from there instead of the web or WAN.
  • It takes time to implement SCCM. Take advantage of an integration company whenever possible.
  • Its capabilities are broad and can go so deep that it takes a while to understand just a portion of it. Get training whenever possible.
  • Reporting is useful but could be expanded to more of a Power BI capability.
Microsoft System Center Configuration Manager is great for companies of all sizes, national or international. Its scalability and pinpoint accuracy can be used in all scenarios. However, use downstream servers as distribution points to save on bandwidth and ensure timely updates and easier deployment of individual software packages.
Score 9 out of 10
Vetted Review
Verified User
Review Source
Currently, we're using Microsoft System Center Configuration Manager to manage all our Windows assets, from PCs to laptops. Considering we use it across all organization, and we have a dozen of remote sites, some of them with distribution points, I can safely say that we solve basically 2 big business problem: We can manage all of those assets from a single pane of glass, delivering software with software-central feature, managing and keeping a eye on the status of those updates and also saving bandwidth at the same time, because we can deploy those software and updates from that distribution point, avoiding to have every single PC/laptop to download from the Internet itself.
  • You can run an inventory of your assets, from PCs to laptops, grouping them by location, type, department, all tight to your own Active Directory. That saves a lot of time when you need to report the status of hardware and software. You can even manage alerts to inform you when some hardware change has happened, which could possibly lead to a robbery.
  • You can centralize software distribution, controlling what kind of software is available for your organization, and here's the most important part: you can give end-users the power to install/remove that software by themselves. That way, you can avoid a ticket to your service desk and potentially save money on those tickets too.
  • Also, due to the distributed architecture of the product, you can deploy a component of the system in each remote site you have. Thanks to that, you can avoid using the bandwidth of the remote site, which usually is already limited, to download software/updates to each PC locally. You just need to download once for the distribution point it will deliver locally. You can also avoid the risk of having your local WAN to be contested by some unexpected outdated PC that was just connected to your network.
  • The licenses can be expensive if you are a small organization. Make sure you have a good deal with your Microsoft partner.
  • Deal with collections can be a little hard sometimes. Collections are the say the product classify or organize the groups. As the concept is a little different from what we're used to, like Active Directory Organizational Units or Security Groups, etc., it's best if you spend some time studying this before you deploy the product in your organization, especially if your organization has severy business or business units and remote sites.
  • You don't have as much product specialists as you have for other Microsoft products like MS Exchange, for example. So, make sure you hire a partner that have the skills needed to help you during the deploy of the product. Indeed, it is a complex product and it demands attention to details to avoid frustration in the future. People tend to save money on the implementation phase and that leads to frustration and, in some cases, projects cancellation due to underestimation of the requirements of the product.
Seems obvious, but if your organization's assets are all based on Microsoft Windows, this is the right product for you. If you have mixed environments, with most of the computers running Linux or Mac, I don't think you'll have the same results. Unfortunately, I can't say much about that, because my experience is only based on a full Windows environment, and honestly, I didn't waste to much time paying attention to other operating systems.
Score 7 out of 10
Vetted Review
Verified User
Review Source
Microsoft System Center Configuration Manager is used for imaging our computers, but it is also used to deploy policies and software packages to specific users or groups.

By utilizing Microsoft System Center Configuration Manager, the IT admins spend less time manually installing applications for our end users. It allows us to centrally manage what is being deployed to the computers in our environment and run reports on the computers and what is installed on them.
  • Centrally managing applications, configuration settings and policies makes it easier to deploy. So when someone requests an application or is missing the application, I can jump on the Microsoft System Center Configuration Manager console and add them to the software deployment and generally within the hour, the application is installed on their computer. It can be manually forced to pull the change as well if you don't want to wait up to an hour.
  • Microsoft System Center Configuration Manager does take a lot of time to learn and manage. There are a lot of bits and pieces to keep up to date (software packages, drivers, OS builds, computer model packages). It is not something that you can easily pickup and start configuring. And with automation, making a mistake can cause the scripts to take days instead of hours.
  • There are frequently update failures. I understand many of these are configuration problems on our end or that the state of the computer is such that the updates cannot be pushed to it. But I feel like it happens a bit much.
I think it works well enough and helps a lot for a number of scenarios in IT. However, make sure you understand the task ahead and how many hours it will take to maintain. The trade off might not be as good as you think.
Score 8 out of 10
Vetted Review
Verified User
Review Source
It is very effective for simple tasks such as pushing out Windows updates, Defender updates, and a large array of other software. We have also started using it for servicing Windows 10 computers. With the modern life cycle of Windows 10 being more aggressive then past versions, it has been extremely handy to use Windows 10 servicing to keep our computers running the latest builds of Windows 10.
  • Windows 10 servicing.
  • Endpoint protection policies and updates.
  • Reporting.
  • Surface Driver updates seem flaky.
  • Sometimes needs some TLC to keep Microsoft SCCM and WSUS happy.
  • Menu structure sometimes gets a little confusing.
Microsoft System Center Configuration Manager isn't too useful for smaller companies. But with businesses of 100+ users and PCs, it is very handy. It allows you to report on and manage all of those PCs. I can easily push out new software to certain PCs. and ensure they are always fresh with either the latest updates or latest builds of Windows.