Microsoft Configuration Manager Reviews

I am using Microsoft Endpoint Configuration Manager for patch management and asset inventory.

The most valuable feature of Microsoft Endpoint Configuration Manager is it's incredibly simple to configure and execute changes in bulk, allowing for seamless deployment. With this solution, you can easily track the status of all modifications and send them with ease, making it a comprehensive and efficient solution for any necessary adjustments.

The assets have reached their end-of-life, and patching them is a complex and laborious task. It would be highly advantageous if there were an integrated solution that provided distinct options for each end-of-life asset, streamlining the process and facilitating comprehension.

I have been using Microsoft Endpoint Configuration Manager for approximately one and a half years.

I rate the stability of Microsoft Endpoint Configuration Manager an eight out of ten.

We have approximately 10,000 users using the solution.

I rate the scalability of Microsoft Endpoint Configuration Manager a ten out of ten.

I use Tanium in parallel with Microsoft Endpoint Configuration Manager. Tanium is a similar solution that has features, such as asset patching, and encryption, and can be configured around Microsoft assets.

The initial setup of Microsoft Endpoint Configuration Manager is simple.

There is an annual license needed to use the solution.

This tool is helpful for Microsoft assets but it is important to have clear visibility before implementation. It can be a complete solution but a plan.

I rate Microsoft Endpoint Configuration Manager an eight out of ten.

We use this solution to apply new group policies.

The solution was particularly helpful for patching the OS, and for the VM in our environment. With 10 branches, we have a huge number of VMs. Using ECM, we can download the new patches one by one, apply and then restore them. It saves us a lot of time. 

The valuable feature is the ability to gain all the data you need. We can collect data and get insight into the functionalities of their scope. As system administrators, we get a summarized report for each site with the installed version of the OS for all PCs in our environment. We know which meet the requirements and which don't. For those that don't, we can mitigate any potential vulnerabilities or threats.

I think managing Linux devices could be improved. It would help our colleagues and other departments like the dev opps, who only use Linux machines to quickly patch their VMs.

I've been using this solution for two years. 

The solution is stable. 

The solution is scalable. 

The technical support could be improved. 

The initial setup is very straightforward. We have six users. 

It's important to keep the database going at all times to avoid any interruption of the service. The implementation must be very well designed because you have to know the scope of your workload and that should be addressed in the action plan before proceeding with the deployment. 

I rate this solution eight out of 10. 

This is a diverse tool so its use case varies. Most people use it for patch management and software distribution, and operating system deployment. It can also be used for policy management and for maintaining a baseline on the computer, depending on the company and its goals. We are consultants and resellers and deploy this solution on the cloud and on-prem. We use Azure for our cloud deployments. I'm a consultant and president and CEO of our company. 

The solution enables significant streamlining and reduces resources from a personnel perspective.

Patching is very effective and reporting is very good. In general, the software distribution and operating system deployment are very good. Most organizations with small support resources leverage it, along with the Azure Autopilot component or the Intune Autopilot component. The customer orders the solution, it's shipped to them, they open it, log on with their Azure credentials and it builds the machine for them as opposed to going to an imaging center, and having a dedicated staff for that particular function. 

I think the asset management component, the TSM piece, could be improved. That would allow them to compete with other products. It's currently very basic and rudimentary because there are no other connectors such as PeopleSoft that you can get.

I've been using this solution for 24 years. 

This is a very mature product so it's very stable. In the 24 years I've been using it, most of the kinks have been worked out. It's all about having a healthy network and a healthy, active directory structure. If those two things are in place, you'll have a really good experience. If not, it will definitely show its head in the SCCM product. 

The scalability is excellent. 

Technical support for SCCM is good. You have to get past the tier one person, but once you get to a dedicated MECM engineer, it's good. The support forums are also helpful. 

If the solution is being deployed by someone with experience, it can be done in about two hours. They're pretty good with hydration kits where you can configure all the prerequisites and all the components, and you're up and running in about two clicks. It's the customer and budget that dictates how complex or how involved a setup is. If they're only leveraging a couple of the core features of the product, it's pretty straightforward, but if they want to use more advanced functions and distribute that out and do low balancing and that sort of thing, it takes a little more time. Generally, clients allow us to integrate for them, we conduct a turnkey training solution, and then they take it over.

Although the solution is not as expensive as Ivanti, the cost is still quite high. Certain licensing arrangements can get you a better deal, but it's still expensive. It's based on a CAL license, so if you have a client on an endpoint, there's going to be a charge. I think it's around $US35 per license per year. It's not too bad. 

If you're new to the solution then it's worthwhile studying the documentation because it's not easy in terms of all the components that make it up such as SQL and so forth. 

I rate the solution nine out of 10. 

The tool's most valuable features are easy patch management and software deployment. We use it because it is a Microsoft product, which makes it more secure and easier to use.

Microsoft Configuration Manager makes it easier to control remote desktops. It supplements other products. 

The tool's deployment can be cumbersome. 

Microsoft Configuration Manager's stability is very good. I rate it an eight out of ten. 

We don't contact Microsoft directly for support. We get support through a third-party vendor. 

I rate the product's ease of deployment a four out of ten. 

A contractor helped us with the product's deployment. 

I rate the overall solution an eight out of ten. 

We use Microsoft Configuration Manager for patch management. 

The product has improved time and security. 

Microsoft Configuration Manager is integrated with other Microsoft products. 

The product needs to improve scalability. 

I have been working with the product for three years. 

I rate Microsoft Configuration Manager a nine out of ten. 

I rate the tool's scalability an eight out of ten. 

The tool's deployment is easy. It takes between five to 25 minutes to complete. 

I rate Microsoft Configuration Manager a nine out of ten. 

The primary use case of the solution is to deploy patches, and applications, and upgrade our client operating systems.

Without the solution, we would have to manually install all patches and software and upgrade our operating system with the help of our support team, which would take a long time. With SCCM, this process is automated, making it a highly valuable feature.

The most valuable feature of this solution is its ability to deploy patches to nearly all applications.

SCCM should strive to enhance the accuracy of its reporting functions in order to avoid any issues with incorrect or inaccurate data.

Microsoft could supply an installation guide to make setup easier.

I have been using the solution for ten years.

The solution is stable and we have not had any issues.

The solution is scalable.

We have 100,000 people using the solution.

The technical support is good. We can call the hotline or use the website to generate the tickets.

Positive

The initial setup is straightforward.

I give the solution a nine out of ten.

Maintenance for the solution is easy.

I recommend the solution to others.

We mostly use Microsoft Endpoint Configuration Manager for patch management and application deployment. We will check and post a critical or supplement patch if there is a vulnerability.

I like Mircosoft's technical support. Microsoft has a few updates, like some of the critical KBs. They are published within the interval time, and in case of an escalation on the client missions, we will raise a ticket with the Microsoft team. They will create a hotfix or a critical update. They will chat with us, and that is one thing I like about Microsoft. Whenever any issues occur at my organization, they will help you out soon as possible within the SLA.

It would be better if automation options were available. For example, in Nexthink or SysTrack, there is an analytical tool. Creating dashboards would be very easy if you implement the same thing in Microsoft. That report will be a daily cost to the customers and good revenue for our organization. The price also could be better.

In the next release, we need to include some features like tables, dashboards, surveys, services, and metrics in the dashboard. Whatever we are implementing will be downloaded by a report. Apart from the report, we will telecast from the dashboard. It's very easy to compare, and it will be easy to telecast to the end-users.

I have been using Microsoft Endpoint Configuration Manager for five years.

Microsoft Endpoint Configuration Manager is a stable solution. There is nothing to worry about. When Microsoft pushes updates or patches, they will be in the W-Sync server. We have some people who will concentrate on Sync's parameters. Apart from that, everything is perfect.

Microsoft Endpoint Configuration Manager is a scalable solution.

From my point of view, I'm just giving 60% to 70% marks to those who support us with these issues. If there are any new issues, they will check in with the corresponding team, which takes some time. If there are issues with a single machine or server, or it affects the whole environment, they will analyze it from their end and provide a hotfix.

On a scale from one to five, I would give Microsoft technical support a four.

Positive

I would tell potential users that for 15,000 or 30,000 machines, you must go with Microsoft Endpoint Configuration Manager as it's the best tool. We can install the clients on all the end-user machines. All the data will be recorded in the Microsoft console itself. There's no need to worry if the patching activities will be hygienic, which will be very useful. 

You can go with another third-party software if you're just a small organization with 50-odd machines. The Microsoft license cost is relatively high, but everything will be perfect, stable, and reliable.

The initial setup is straightforward because Microsoft is always user-friendly. They will share the parameters, like troubleshooting steps and the pre-request. They will send the database knowledge-base document to us. It will be a step-by-step procedure. There won't be any worrying or alarming issues with Microsoft. If we have any problems, we will raise a ticket with Microsoft, and the team from Microsoft will help us. We can implement this solution within two or three hours, depending on the bandwidth speed.

On a scale from one to five, I will give the initial setup a four.

We implemented this solution.

The price could be better.

On a scale from one to ten, I would give Microsoft Endpoint Configuration Manager a nine.

First off, to clarify some confusion, Microsoft recently changed the name of a previous on-premises tool called SCCM (Microsoft System Center Configuration Manager) to MECM (Microsoft Endpoint Configuration Manager).

In our company, we originally used SCCM with all our Microsoft products, but after a while, many companies including ours started to move their on-premises devices to the cloud, and MECM, along with Intune on an Azure tenant, became our preferred solution for managing devices that are both on-premises and in the cloud.

I worked with a team to complete the upgrade of our SCCM solution to the current version of MECM, which we now use exclusively to deploy software packages, scripts, updates, and operating systems via task sequences. Then, after buying an Azure AD tenant, we took out a license for Microsoft Intune (now part of MECM), in order to link our use of MECM for managing devices that exist on the internet, such as in the case of teleworkers.

MECM has given us many benefits, but the main benefit is that we no longer have to deploy software manually onto hard drives or with USB flash drives, and instead you can do everything over the network.

Our company is spread over several regions, with the headquarters located in Paris, France, and with two remote locations in Paris and two remote locations in Morocco, where I am based. With MECM, we can deploy distribution points (e.g. file servers) in different areas, such that we can deploy packages from any of the distribution points that are nearest to the intended location.

This is useful because when a device needs a package, it will trace the location of the nearest distribution point from which it can source the package, to speed up the transfers over the internet and not impact the overall bandwidth.

I manage software updates and operating systems for devices, and within seconds, we can remotely deploy a system for, say, 2,000 devices. Not only that, but we can also deploy scripts and create comprehensive compliance rules.

There are several challenges regarding MECM worth mentioning.

With MECM, you can't deploy packages remotely for end users who are working from home, unless you pass them through Intune with an Azure tenant. After initiating a VPN connection, the remote machine will contact Intune in order to retrieve packages, scripts, etc.

Intune is a great solution for managing devices but it is expensive because you also have to buy an Azure service called CMG (Cloud Management Gateway). CMG works as an intermediary between your on-premises MECM server and remote end users, via email authentication, but it can be difficult to integrate with MECM and costly.

There are also some limitations of Intune, such as the inability to deploy operating systems the traditional way via task sequences, making it such that we have to use Autopilot to deploy operating systems. Though, with Intune and Autopilot you can deploy what you have on-premises, including GPO strategies for local endpoints and general endpoint configurations. 

It is important to note that MECM by itself can only manage Microsoft devices, despite how Intune can be used alongside it to manage multiple platforms (e.g. Android / Apple devices).

Finally, there is a steep learning curve when it comes to administration. A lot of experience is needed in terms of troubleshooting, as this is one of the most difficult tasks in MECM. We were seven people in a group and I was the only one that had the patience to do the troubleshooting at times. If we have a problem with a certain feature in MECM, we need to observe the log, reading and analyzing, to discover the problem. 

I have worked with Microsoft Endpoint Configuration Manager for six years.

MECM is stable. However, whenever Microsoft makes changes or updates to the workstation operating system (Windows 10, for example), you also have to adapt your version in the server accordingly. So, in future, if you're going to be deploying Windows 11, you will also need to upgrade your version of Windows in MECM. This means that you are always thinking about which versions of operating systems you have in your workstations as well as which versions you have in MECM.

You have to do such maintenance every six months, where you need to consider the versions of operating systems while upgrading and testing to see if they are compatible with your MECM. On the whole, it ends up being a lot of work.

To improve scalability across on-premises and cloud environments, Microsoft introduced Intune which is a service implemented with MECM in the cloud in order to provide communication with devices in remote locations. So if you need to manage remote devices with MECM, you can do so by buying the Azure tenant service, and attach it to your MECM.

In total, we are using MECM and Intune to configure almost 2,000 devices across the company.

We haven't had many problems that have warranted the use of Microsoft support. Thankfully, there are a lot of people on the internet who are also working with MECM so we have a lot of documentation to work with. If you follow the documentation, you don't need the support of Microsoft.

Before using the original SCCM, we had never used anything similar.

It's not easy to implement MECM at first because you are required to have some experience on how to deploy the database for MECM. At our company we already have people working in the data center who have lots of experience in deploying with VMs and virtualization (e.g. Hyper-V and VMware), but for me, implementing MECM was difficult.

It took us around six months to complete the entire implementation because our company has several remote locations which have to be served by the remote distribution server and distribution point servers, and after implementing each server, you have to test it extensively before you put it into production.

We did the implementation by ourselves. We have staff in different areas who helped deploy MECM, including support staff and data center personnel. For example, one person takes care of the AD server, and another takes care of our use of Intune. Yet another group takes care of the IT, engineering, and system administration, of which three people might be there just to handle the load balancing. It all depends on the requirements at the time.

If you have a small company and you have a simple need to install operating systems remotely, you can install WDS (Windows Deployment Service) on a server, which can help with the task of deploying operating systems and software remotely. But if your company has a lot of applications and devices that need monthly updates, it is better to buy a license for MECM.

I don't have the figures for the licensing because it's another group that manages the accounts and licensing for all the servers, but I believe it's quite expensive. The reason I say it's expensive is because we have a lot of products in our company, especially Microsoft products such as Microsoft Office and Microsoft System Center Orchestrator. 

Along with buying a license for MECM, we also have to buy a service called CMG (Cloud Management Gateway) which is a virtual machine in the cloud with which you can link your MECM to the Azure tenant so as to manage teleworkers. To explain a bit further, the teleworkers' machines communicate with the CMG as a tenant service in Azure, which then communicates with your MECM and on-premises policies, which then communicates back to the teleworker client.

This is a necessary process, but at least it is only a small feature and it is not difficult to add this relationship to your MECM as long as you have people experienced in the Azure tenant service.

MECM is a solution that needs a team that is well-experienced in implementation, administration, troubleshooting, and more, but the reward is worth the effort. My biggest piece of advice is that before you integrate it into your company, make sure you have the required skills.

I would rate MECM an eight out of ten.