Microsoft Configuration Manager vs Qualys CyberSecurity Asset Management comparison

Microsoft Configuration Manager vs. Qualys CyberSecurity Asset Management

Download the complete report

Helped 859,129 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Configuration Man...

Ranking in Patch Management

1st

Average Rating

8.2

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Server Monitoring (7th), Configuration Management (4th)

Qualys CyberSecurity Asset ...

Ranking in Patch Management

6th

Average Rating

9.2

Reviews Sentiment

7.7

Number of Reviews

Ranking in other categories

Vulnerability Management (8th), Cyber Asset Attack Surface Management (CAASM) (3rd), Attack Surface Management (ASM) (3rd), Software Supply Chain Security (4th)

Mindshare comparison

As of June 2025, in the Patch Management category, the mindshare of Microsoft Configuration Manager is 13.9%, down from 17.6% compared to the previous year. The mindshare of Qualys CyberSecurity Asset Management is 1.0%, up from 0.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Patch Management

Featured Reviews

MikeNelson2

IT Infrastructure Coordinator at NSW Government

Deployment recovery works well but requires configuration improvements

While I do not use the product frequently, many issues were due to configuration rather than the product itself. I cannot give an exact recommendation as it is not my area of responsibility. The team that uses it finds it adequate. It is presently good enough for us not to investigate other options. Overall, I rate the product a six out of ten.

Read full review

Scott Frederick

Director of Vulnerability Management at a insurance company with 1,001-5,000 employees

Well-integrated with our vulnerability scanning utilities and efficient in asset tagging and identification

Our favorite features are the tagging and the ability to quickly find assets in the portal. Additionally, I do like the fact that Qualys CSAM is integrated with the rest of our vulnerability scanning utilities. We use the full suite from Qualys. The fact that it is integrated makes it very easy to understand. It shares tagging information with VMDR. That is very nice. Qualys CSAM has discovered assets not previously covered by our vulnerability management program. Primarily, if we have assets without vulnerabilities, they become less visible, but Qualys CSAM alerts us to them because they have IP addresses and are attached to our network. It could discover everything from printers to servers to endpoints. It could discover UPSs, network devices, and across all operating systems. It discovers our security badge readers and digital signage. We have to feed that the IP address ranges, but beyond that, it finds everything in our internal network. We were able to realize its benefits within the first quarter of installing it. We did have to take some time to learn it and understand how to operationally leverage what it was telling us, but it was very quick. In addition to vulnerabilities, Qualys CSAM helps identify other risk factors to a degree. For instance, we can see if servers or assets have incorrect naming standards. We have our network segmented into development model, test, and production, and we have server naming standards that identify which management they should be in. If a production server has the naming standard of a development model server, we can find that. That is one area we have used it for. We are not fully using TruRisk, but we are using the Qualys detection score that is central to our corporate risk prioritization approach. It has completely replaced our homegrown one.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"I manage software updates and operating systems for devices, and within seconds, we can remotely deploy a system for, say, 2,000 devices. Not only that, but we can also deploy scripts and create comprehensive compliance rules."

"We are happy with the collaboration of SCCM with Patch My PC, which allows us to do patch work."

"The ease of usability is the most valuable feature. It's user-friendly."

"We're a Microsoft-centric organization, so we are happy with the integration between products."

"Microsoft Configuration Manager is integrated with other Microsoft products."

"Microsoft is being very competitive right now, and they are really investing in a lot of new features to be more competitive in the marketplace."

"It is a good choice for deployment that performs very well."

"The solution doesn't require any maintenance from our end because it is a cloud-based solution and Microsoft takes care of everything."

More Microsoft Configuration Manager pros

"Authorized and unauthorized software visibility is the best feature for me. It helps me understand security controls on our network and where we lack visibility. With a single security tool, we are able to get an extensive list."

"The most valuable feature is the Management sensor, which helps identify gaps in policy agent availability, thereby improving agent utilization."

"The end-of-life and end-of-service software and hardware are some of my favorite features."

"We have a diverse organization with a robust infrastructure of more than 300,000 assets. By creating unauthorized lists and rules in the Qualys CSAM module, I can block certain software from being used in the organization."

"The most valuable aspect we receive from Qualys is the remediation."

"Qualys CSAM is valuable for providing end-of-life and end-of-sale information. It gives me visibility into the number of products or hardware items that are end-of-life."

"Tags are very useful for us since we can tag virus applications in infrastructure types such as databases, operating systems, or web platforms."

"The integration with different third-party tools, such as cloud providers like Azure and AWS, and asset management tools like CMDB systems, is valuable."

More Qualys CyberSecurity Asset Management pros

Cons

"We'd like the solution to make it easier to manage remote users."

"There is a reboot issue with the patching. Sometimes, if patching runs into any issue whatsoever, it doesn't reboot but it doesn't tell you it errored out. It just sits there and we don't find out until the next day whether it patched or not. That was a big issue for us. We're working through that. They added some stuff in there now where you can actually tell reboot is pending. But we still need some kind of notification that if something fails or is pending, we know. We shouldn't have to go in and look. They don't have anything for that right now."

"SCCM does not scale well, which is one of the reasons we are not going to continue to use it."

"SCCM should strive to enhance the accuracy of its reporting functions in order to avoid any issues with incorrect or inaccurate data."

"The solution is a bit heavy on the sources such as RAM or CPU and the software needs to be a bit lighter."

"Their compliance reporting is not accurate, and they admitted it on the phone when we had a call with them. We were trying to understand why their numbers didn't match on our compliance reports. It is not accurate and you cannot depend on the compliance reports. The numbers just don't match, and we can't figure out why. We called Microsoft and they said, "Yeah, that's a known issue." But there is no word that they're working on it."

"The analysis is something that can be integrated. Their report analysis can be improved a little bit due to the fact that most of the time complaints policies are saved by the admins. It's something that we need to look into and search for."

"Troubleshooting in general needs improvement. There's just a ton of logs to go through, and so finding the error log that corresponds with that you're doing can sometimes be difficult."

More Microsoft Configuration Manager cons

"The deployment is somewhat complicated and could be made more user-friendly for most users. It is currently not user-friendly for all users. It is good but can be improved. It is a new product, and they are working on it."

"The deployment is somewhat complicated and could be made more user-friendly for most users."

"The Qualys CAPS service requires further exploration and improvement, particularly in its handling of protocols and reactivity with MAC and IP addresses for CAP agents."

"The main aspect that needs improvement is the user interface, which should be more intuitive."

"Some areas that would be helpful are more comprehensive tagging and the ability to set up better dynamic rules."

"It is automatically exporting the vulnerabilities and the assets. However, it would be useful to have the ability to select or to filter which we would like to export."

"Currently, whenever the agent is running, it consumes over ten percent of my CPU, indicating that CPU consumption is another area Qualys needs to address."

More Qualys CyberSecurity Asset Management cons

Pricing and Cost Advice

"We have a support license from Microsoft Endpoint Configuration Manager and the overall price of the solution is reasonable."

"Microsoft provides a steep price for their enterprise products, but they offer very competitive pricing for their legacy customers."

"The price of Microsoft Endpoint Configuration Manager is expensive."

"As far as I know, it is an annual operating expense license."

"The price of SCCM depends on the size of the organization. The price is competitive."

"There is an annual license needed to use the solution."

"Along with buying a license for MECM, we also have to buy a service called CMG (Cloud Management Gateway) which is a virtual machine in the cloud with which you can link your MECM to the Azure tenant so as to manage teleworkers."

"The price model is different for every client."

More Microsoft Configuration Manager pricing and cost advice

"The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution."

"Qualys is competitively priced for its features. Its pricing is suitable for large organizations with more than 4,000 assets, but for smaller organizations with few assets, such as banks, the costs might be high. They should come up with packages that are suitable for small organizations."

"The pricing for Qualys CSAM is nominal."

"The pricing is fair. I would love to see the price come down a little bit, but we do get a lot of value out of it. We are squeezing every ounce of value we can out of the tool."

"Though the solution is considered expensive, if bundled with other services such as VMDR or cloud agents, its value would significantly increase. It is currently a bit costly, but with bundling, it could become attractive to more customers."

"Qualys CyberSecurity Asset Management can be expensive, especially if we already have VMDR."

"The pricing is market-competitive."

"It is cost-effective because, in a single tool, we are getting everything. All the solutions come in a single license or price."

More Qualys CyberSecurity Asset Management pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Patch Management solutions are best for your needs.

See recommendations

859,129 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

12%

Computer Software Company

11%

Government

11%

Manufacturing Company

Computer Software Company

18%

Financial Services Firm

14%

Government

Comms Service Provider

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

How does Ansible compare to Microsoft Endpoint Configuration Manager (SCCM)?

Microsoft Endpoint Configuration Manager takes knowledge and research to properly configure. The length of time that the set up will take depends on the kind of technical architecture that your org...

How to choose between ManageEngine Desktop Central and Microsoft Endpoint Configuration Manager (formerly SCCM)?

ManageEngine Desktop Central is very easy to set up, is scalable, stable, and also has very good patch management. What I like most about ManageEngine is that I can log on to every PC very easily a...

What do you like most about SCCM?

One of the standout features of SCCM is its application management capabilities. It allows us to create packages efficiently and deploy them to specific groups within our network. This streamlined ...

What is your experience regarding pricing and costs for Qualys CyberSecurity Asset Management?

The pricing is reasonable relative to the features provided, as it collects all module data and operates as a main, centralized inventory, making it a cost-effective solution.

What needs improvement with Qualys CyberSecurity Asset Management?

Qualys CyberSecurity Asset Management helps us prioritize assets according to operating system, kernel version, installed software, and current version information. The ASM assists with attack surf...

What is your primary use case for Qualys CyberSecurity Asset Management?

We are using Qualys CyberSecurity Asset Management for daily activities such as identifying new assets through network scanning and agent-based scanning for newly provisioned assets. When any new a...

Red Hat Ansible Automation Platform vs Microsoft Configuration Manager

Comparisons

Compared 13% of the time

ManageEngine Endpoint Central vs Microsoft Configuration Manager

Compared 12% of the time

Tanium vs Microsoft Configuration Manager

Compared 8% of the time

BigFix vs Microsoft Configuration Manager

Compared 5% of the time

Quest KACE Systems Management Appliance (SMA) vs Microsoft Configuration Manager

Compared 5% of the time

More Microsoft Configuration Manager Competitors

Amazon Inspector vs Qualys CyberSecurity Asset Management

Compared 13% of the time

Armis vs Qualys CyberSecurity Asset Management

Compared 11% of the time

CrowdStrike Falcon vs Qualys CyberSecurity Asset Management

Compared 9% of the time

Axonius vs Qualys CyberSecurity Asset Management

Compared 7% of the time

Microsoft Defender External Attack Surface Management vs Qualys CyberSecurity Asset Management

Compared 7% of the time

More Qualys CyberSecurity Asset Management Competitors

Product Reports

Microsoft Configuration Manager

Download Microsoft Configuration Manager product report

Qualys CyberSecurity Asset Management

Download Qualys CyberSecurity Asset Management product report

Qualys CyberSecurity Asset Management report

Also Known As

Microsoft Endpoint Configuration Manager, System Center Configuration Manager (SCCM )

No data available

Overview

Microsoft Configuration Manager helps IT manage PCs and servers, keeping software up-to-date, setting configuration and security policies, and monitoring system status while giving employees access to corporate applications on the devices that they choose. When Configuration Manager is integrated with Microsoft Intune, you can manage corporate-connected PCs and Macs along with cloud-based mobile devices running Windows, iOS, and Android, all from a single management console.

New features of Configuration Manager, such as the support of Windows 10 in-place upgrade, co-management with Microsoft Intune, Windows 10 and Microsoft 365 Apps for enterprise Servicing Dashboard, integration with Windows Update for Business, and more make deploying and managing Windows easier than ever before.

Microsoft

Qualys CyberSecurity Asset Management provides advanced real-time asset visibility, dynamic tagging, and External Attack Surface Management. It streamlines asset discovery and management using cloud agents and IP-based scanning, enhancing risk management and software lifecycle tracking.

Qualys CyberSecurity Asset Management offers a comprehensive solution for managing asset inventories and tracking software lifecycle states. It facilitates network visibility and supports zero-day vulnerability solutions, enhancing security posture through efficient monitoring. Users benefit from its cloud-based interface, which provides in-depth asset configurations and insights. Key features include automated vulnerability scanning and unauthorized software management, reducing manual efforts. The platform also emphasizes the importance of timely remediation and ongoing risk mitigation across multiple environments. Despite its strengths, users note the need for enhanced integration with additional CMDBs beyond ServiceNow, as well as cost efficiency improvements. Requests also include better report customization, more scan control, and a simplified UI.

What are the key features of Qualys CyberSecurity Asset Management?

Real-time Visibility: Offers continuous insight into asset status and condition.
Dynamic Tagging: Allows for flexible organization and assessment of assets.
External Attack Surface Management: Identifies potential threats from external sources.
Automated Vulnerability Scanning: Reduces manual scanning efforts and identifies vulnerabilities instantly.
Unauthorized Software Management: Detects and manages software not approved for use.
Asset Purge Rule: Automates the removal of obsolete assets from the inventory.

What benefits should users look for in reviews?

Enhanced Security Posture: Gains stronger defense through effective asset monitoring.
Efficient Risk Management: Identifies threats quickly, enabling timely resolutions.
Improved Compliance: Assists in meeting industry standards and regulations.
Reduced Manual Effort: Automates repetitive tasks, saving time and resources.
Comprehensive Insight: Provides detailed data for informed decision making.

In industries like finance, healthcare, and manufacturing, Qualys CyberSecurity Asset Management enhances asset control by offering visibility into hardware and software configurations. It aids in maintaining security compliance and identifying unauthorized software, crucial for sectors with strict regulatory requirements.

Qualys

Sample Customers

Bank Alfalah Ltd., Wªrth Handelsges.m.b.H, Dimension Data, Japan Business Systems, St. Lucie County Public Schools, MISC Berhad

Information Not Available

Microsoft Configuration Manager vs. Qualys CyberSecurity Asset Management