SCCM: System Center Configuration Manager

The enterprises that depended on the system center configuration manager were surprised because of the decision to redesign it. In this article, we are going to inform you about SCCM, its features, benefits, and challenges, and other details related to it.

What Is SCCM?

Microsoft System Center Configuration Manager or SCCM refers to a Windows product that allows users to manage, deploy & secure applications and devices across an enterprise. Although there are multiple potential uses, administrators use it to manage patches, distribute software, and for endpoint protection. One thing you should note is that this one is a part of the Microsoft System Center systems management suite.

The console integrated with this SCCM allows users to manage Microsoft applications like Application Virtualization (App-V), Microsoft Enterprise Desktop Virtualization (Med-V), Citrix XenApp, Microsoft Forefront, and Windows Phone applications. A single location will be able to manage all the applications.

It depends on a single infrastructure and aims to unify physical & virtual clients together. In order to assist IT administrators by providing access control, the configuration manager also adds tools. Besides, it can discover desktops, servers, and phones that are connected to a network through Active Directory. In addition, it can install client software on every node. After that, this management solution manages application deployments. Then, it updates on a group or a device basis to patch automatically with Windows Server Update Services & policy enforcement with Network Access Protection. Moreover, you should know that the System Center Endpoint Protection Manager is built into SCCM to secure the data that these devices store.

SCCM Version History:

2019 Version:

SCCM 1902 – Released March 2019

2018 Version:

SCCM 1810 – Released December 2018
SCCM 1806 – Released July 2018
SCCM 1802 – Released March 2018

2017 Version:

SCCM 1710 – Released November 2017
SCCM 1706 – Released July 2017
SCCM 1702 – Released March 2017

2016 Version:

SCCM 1610 – Released November 2016
SCCM 1606 – Released July 22, 2016
SCCM 1602 – Released March 11, 2016

2015 Version:

SCCM 1511 – Released November 2015

2012 Version:

SCCM 2012 – Released 2012

2007 Version:

SCCM 2007 – Released 2007

2003 Version:

SCCM 2003 – Released 2003

1999 Version:

SCCM 2.0 – Released 1999

1996 Version:

SCCM 1.2 – Released 1996

1995 Version:

SCCM 1.1 – Released 1995

1994 Version:

SCCM 1.0 – Released 1994

Important SCCM Architectural Components:

This SCCM architecture comes with 4 crucial components: the central administration site, the primary site, the secondary site, and the distribution point. Let’s learn about these 4 components.

Central Administration Site:

It remains at the hierarchy’s highest point in a big organization setting. Primary sites can be controlled or managed from this point. A single central administration site is able to handle over twenty-five primary sites at a time. But organizations with a hierarchy of over one lakh clients use it only. People must not forget that this administration site is only for reporting & administration purposes.

Primary Site:

On the hierarchy, it is the second level, which supports the secondary sites below. But these are not compatible with themselves. A primary site supports a hierarchy containing more than 250 secondary sites & 100,000 clients.

Secondary Sites:

In this next level, primary sites manage these sites. While the sites include their SQL servers, these also work as intermediaries between primary sites & clients. You should know that a secondary server is compatible with a hierarchy containing 5,000 other components & deploys clients.

Distribution Point:

It can offer content to the client’s systems. These are of two kinds — local and remote. You need to know that by default, the primary & secondary sites are indicated distribution points.

Why Is SCCM Now Microsoft Endpoint Configuration Manager And Microsoft Endpoint Manager?

Corporate Vice President for Microsoft 365, Brad Anderson, decided to rebrand & combine this configuration manager with Microsoft Intune. Hence, you need to know that Intunr is a mobile management solution that can form Microsoft Endpoint Manager.

Microsoft Endpoint Configuration Manager is the new name of SCCM. It is a service that can make up Microsoft Endpoint Manager like Desktop Analytics & Device Management Admin Center or DMAC.

In order to deliver a full endpoint management solution for cloud environments, the rebranding of this configuration manager is done in a single attempt. In simple words, the update was designed in terms of delivering the essential features to the enterprises to thrive in the modern workplace with various devices to make their way into the workplace.

The Evolution Of SCCM:

In 1994, it was initially developed as Systems Management Server v1.0. The program was developed to make managing Microsoft-native applications ( i.e., MS-DOS, Windows NT) easier on Windows NT Server, NetWare, LAN Manager, etc.

Microsoft released the updated version 1.1 in 1995 when Windows 95 was created. The update aimed to assist customers in migrating to Windows 95. Later, in the next year, another version was introduced with some improved features such as SNMP or Simple Network Management Protocol, remote control, inventory &networking-monitoring capabilities.

In order to aid Y2K remediation efforts, the version 2.0 series was started in 1990. However, you will find that the 2003 version comes with better reliability, improved stability, and great capability to distribute software. But, in 2007, the program was renamed to SCCM.

The 2007 version was compatible with Windows Vista & Windows Server 2008. But, in order to solve the confusion with SMS, it was renamed. Then, other modifications were done in 2012 and 2015 by the company. The 2016 version is the system center configuration manager’s primary as well as the most referenced version. It can deliver better integration with the Windows Store for Business to support licensed apps both offline & online.

After the 2016 release, other versions were released. But the part of the endpoint managers is only the 2019 version or Version 1906 SCCM. Its 2022 version, the upgraded version of 2019, has been released. However, it is not a standalone solution anymore, but it is bundled into Microsoft Manager solution.

How Does SCCM Work?

You need to install this at the highest level on a Windows server for managing endpoints. Usually, it needs an agent on the managed endpoints to work.

Devices that are not inside of the corporate network have to connect back via VPN to receive patches, software, configuration updates, etc. Hence, ensure that the organization has set up CMG servers that will help to reduce the dependence on VPN servers with SCCM. WSUS is available underneath SCCM to cache & distribute patches to the managed devices. You also require an SQL database to store information for this configuration manager.

Top SCCM Features:

These are a few primary features of this system center configuration manager.

Application Management:

With the help of this feature, administrators can develop apps and handle and deploy them for every device that is handled under an enterprise. This feature enables SCCM to assign specific devices to particular users, deploy software apps to both device & user, etc. It indicates that each user might have the necessary software to pursue their tasks efficiently.

Endpoint Protection:

This feature helps to manage

Malware detection policies, as well as Windows firewall security. These are the benefits of this specific feature in this configuration manager:-

It offers users security updates at different time intervals through email notifications.
SCCM can manage Windows Defender firewall settings ( based on the specifications) using the feature.
It enables you to access Microsoft Defender Advanced Threat Protection.
Besides, the feature allows the configuration manager to access antimalware definition files, which are the most recent.

Reporting:

Creating custom reports is possible directly from the console using the feature. It lets you create information on hardware, users, software, & updates. If you are willing to run the report in the console of SCCM, you have to employ some steps.

Hence, you need to select monitoring first.
Then, your job is to expand the reporting in the monitoring workspace.
Now, tap on Reports from the expanded view to reveal available reports.
Then, you have to choose the report. In order to open this, you need to tap on Run on the home tab, or you can change it by tapping on Edit.

Operating System (OS) Deployment:

The SCCM’s feature makes OS deployment more efficient because it provides tools for the deployment via PXE or Preboot Execution Environment boot or through bootable media.

The two processes of deployment are as follows:

PXE boot deployment is a method through which client computers can request network deployment. SCCM deploys the OS to the software center. Besides, they are able to download the OS easily.

Bootable media deployment is a process implemented on the destination computer when the computer boots. Hence, the content is not in the media. Therefore, you will be able to update all without reconstructing the media.

There is another process of OS deployment, called multicast deployment, apart from the above two. It entails sending data to many clients simultaneously to save network bandwidth.

Other Features:

Some extra features of the system center configuration manager are as follows:

Software Update Management: Administrators & users are able to manage & deliver updates using the feature for devices in an enterprise.
Application Delivery: Administrators deliver applications using the feature to different devices in an enterprise.
Health Monitoring: With the help of the feature, you can see your health & activities in the SCCM console. It also may trigger alerts when health parameters decline beyond a certain threshold.

How To Install SCCM In 2022:

The 2022 version is part of the Microsoft Endpoint Manager. Besides, the Windows 2022 server is Microsoft’s latest operating system server. With the help of the Endpoint Manager integrated solution, you are capable of managing & organizing each enterprise device. It is able to combine Intune & Configuration Manager without any complex migration.

Several methods exist to install Configuration Manager client on Windows server 2022, including:

Install ConfigMgr Agent on Windows Server 2022 manually using the command prompt.
Use of the Client Push procedure to install client agents on remote Windows Clients (Client & Server).
Software update-based installation that can be used for first time installations or upgrades.

You should try the client push method because it is the simplest one. These are a few necessary steps you should follow to install a configuration manager client using this procedure.

First, your task is to launch the SCCM or Configuration Manager console.
Then, your job is to navigate to Assets and Compliance\Overview\Devices.
After that, your task is to tap on the Windows Server 2022 machine & choose Install Client.
Then, you have to install the SCCM Client on Windows Server 2022.
You can see the client push coming about through the Install Configuration Manager client wizard.
You need to determine the preferences of client push preferences. When you install an SCCM client on Windows Server 2022 domain controllers, you should turn on this option— “Allow the client software to be installed on domain controllers.”
After that, you are required to review the settings on the Summary window & tap on Next.
Finally, your job is closing the client push installation wizard.

Once you follow the steps, you will get notifications related to the installation of the system center configuration manager component of the Windows Endpoint Manager.

Benefits And Challenges Of System Center Configuration Manager:

SCCM is a great solution that can be used to configure & manage systems in an enterprise network environment. The reason is that the configuration manager offers a single tool for deploying installations to several devices that will be able to streamline the network hardware management method. Some challenges are also there when you use Microsoft SCCM. But before knowing that, let’s learn about its benefits:

Safeguarding Endpoints:

It can regulate anti-malware definitions with the help of a default Windows update engine. Besides, it helps users to keep their PCs updated and ensures that they are safeguarded every time with the latest protection version.

Boosts User Productivity:

As an employee, you can stay productive using the configuration manager. As a result, you can get secure access. In addition, it assists in protecting sensitive data by giving the essential tools to administrators.

Unlocks Insights On Assets:

Asset intelligence can be used by administrators who are in charge of licensing to track those programs that are already installed. It helps administrators to follow the number of applications & the number of installations. Tracking licenses is possible using software metering. Thus, one can ensure that the counts are correct in the audit server.

Provides A Single Tool:

SCCM can offer one with a single tool for deploying installation to many devices. It allows the configuration manager to streamline the hardware management method. You may find difficulties when you manage devices individually on each device. This configuration manager helps to oversee the device updates & configuration of devices from a view-point and saves a lot of time.

Simplifies Patch Management:

System Center Configuration Manager lets you manage & update software remotely. With the help of WSUS or Microsoft Windows Server Update Services, checking updates & deploying patches to devices are possible. Hence, all thanks go to the SCCM program. You can use one console to maintain many Windows devices. The console will let you deploy patches to devices or schedule them periodically.

In order to keep software updated, patch management is very necessary. In addition, this management can decrease the likelihood of a hacker exploiting a vulnerability. Moreover, patches run in the background to avoid disruptions.

Speeds Up Reporting:

Report creation is another main function of SCCM. The configuration manager is made up of out-of-the-box reports to monitor devices throughout the network. In the default report, you can see the asset’s management and user data’s vulnerability assessment. If you are willing to run reports, you should have proper authorizations. As customizing reports is possible, one is able to pick the report that needs monitoring.

Integrates With Windows Systems:

As it is a Microsoft product, it can easily integrate with Windows systems & other products of Microsoft. There is now a trend of employee-provided devices which are connected to the company networks. And the configuration manager has tried to adapt to this trend in recent years. Currently, it supports BYOD or Bring Your Own Device policies. It indicates that the System Center Configuration Manager is used to control those devices that are added to a network by an individual employee, if these are not updated.

Control Via GUI & Support Via Microsoft:

An easy-to-use GUI controls the configuration manager, indicating that it is easy to learn. Besides, it is simpler to implement than Puppet, Chef, or other self-deployed tools. Being an established as well as paid Microsoft service, this one can get great support through community channels & Microsoft.

While there are several benefits of SCCM, it also has many hidden risks that may be revealed when you use this. So, admins and ITOps managers should know how to prevent the risks to get the optimum results.

Deploy OSs To Bare Metal Machines:

It can deploy a golden image of Windows to devices without an OS.

Generally, the PXE process is used to do this. Preboot Execution Environment lets your computer install an operating system or load it over a network connection.

Hardware & Software Inventory Of Devices:

With the help of the configuration manager, you get to know what hardware the device contains & the software it’s running.

Compliance And Device Configuration Management:

It enables you to configure device settings. Additionally, you can monitor to check which devices are in or which are out of compliance.

Challenges of System Center Configuration Manager:

Although the system center configuration manager is useful and offers many benefits to Windows users, it comes with several challenges:

Limited Support For Non-windows Devices:

Its support is limited in devices like Linux & Mac, because the configuration manager is built by Microsoft for Windows devices. So, a Windows server is required for running a program that is able to immediately rule out several cross-platform environments. If Windows dominates your IT infrastructure, you should go with System Center Configuration Manager.

Limited Support For Third-party Application Patches:

It has little support for third parties. Regarding patching 3rd party applications, it is not so effective. However, it is a considerable limitation as these apps have to be secured. Additionally, hackers use these types of apps as an entry point. This is one of the drawbacks of the configuration manager program and needs extra investment to resolve the issue.

Costly And A Complex Pricing Structure:

As an enterprise user, you can find its pricing expensive. Enterprise client licenses are available between $430 (£353) and $41 (£33) for the ML or Management License version. It is very costly for incomplete coverage when it comes to discussing its limitations in 3rd-party patching and support for Linux, Mac, etc.

Incomplete Management Of Non-windows System:

MacOS, Linux, and other organizations with non-Windows systems often buy extra products to supplement its limited feature set for products that do not belong to Microsoft.

Its systems are expensive. Hence, you need to know that if your enterprise has a larger number of non-Windows systems than Windows ones, it is necessary to go with another system manager supporting better different platforms.

Lack Of Cloud Support:

As it uses on-premise infrastructure, you will not be capable of getting cloud management support with SCCM easily. When you host the configuration manager in Azure, you need to have a gateway so that SCCM becomes able to communicate with your devices.

Remember that, like cloud-native software, the cloud-hosted solutions are not able to scale so easily. It is the same as purchasing an electric car, and you know that you need to mine lithium for the battery yourself. The more competition increases in the market, it is necessary to be more diligent about your company’s protection.

VPN Requirement For Remote Workforce Management:

System Center Configuration Manager uses an old process of software deployment, according to which devices will talk to the domain often. But in reality, devices don’t check in as often as these do with remote workforces. Remember that fewer check-ins with legacy patching appliances will lead to more devices on outdated as well as potentially vulnerable software versions.

VPNs can slow down the work, the result of which employees might not want to use these. Even when teams move past on-prem servers & use a cloud instance for system center configuration manager, a management overhead is there that needs human intervention. The reason is that humans are fallible; because of this, it is common to occur errors.

When you use more legacy software, there will be more chances of security threats to the system. So, it’s recommended not to use old software. Otherwise, it will affect your business and destroy your reputation in the market. Real risks to the business reputation are represented by breaches & potential incidents, and it may affect customer trust in your brand.

Additional Disadvantages Of System Center Configuration Manager:

The installation of SCCM background software has some other disadvantages & hidden risks:

It is impossible for you to know if you have installed certain software. You will not be able to detect installed SCCM software until you stumble on this.
No pop-up warnings appear during a software installation failure. In addition, there will not be any instant notices of failure.
New apps pushed into viruses or the system signal malware.
You can not install anything when the SCCM server doesn’t respond. It damages your operations & affects the bottom line of your business.
If your computer is corrupted, it will be unable to receive updates or installations.
You do not find any way to keep up with cybercriminals unless all are patched in an automated fashion.
Patching mobiles, such as iOS, Android, etc, isn’t possible. You need an extra solution to provision & manage such devices effectively.
The touchless deployment option is not present. However, it is one of the key components of a holistic & modern device management approach.
The System Center Configuration Manager needs a steep learning curve for the administrator. In order to benefit from this configuration manager, you have to invest a lot of time and effort.
Remember that other dependencies need substantial extra time and expertise. For example, your team members should have the capability of running Active Directory, WSUS, and an SQL Database at least.

SCCM Vs. SCOM:

System Center Configuration Manager is similar to SCOM or System Center Operations Manager. When you see both for the first time, you may be confused. With the help of SCOM, application & system administrators can deploy, configure, manage & monitor services, operations, and multiple device apps. This Operations Manager performs it within an enterprise via a management console.

You should know that each of these two is a Microsoft enterprise application. The main focus of SCOM is on enterprise monitoring on the server side. On the flip side, System Center Configuration Manager isn’t a monitoring application and focuses on the client side.

Microsoft Intune vs SCCM:

Intune is always compared with System Center Configuration Manager. Before Intune was merged into Endpoint Manager, it was previously a cloud-based system & mobile device management solution. In order to manage cloud-based infrastructure, the program was developed by equipping customers.

The essential features in this case are as follows:

Bring Your Own Device (BYOD)
A central admin portal
Application Level Management
Integration with SCCM
Microsoft Malware Protection Engine
Reporting

What differs SCCM and Intune mainly is that the former one’s aim was to manage on-premises infrastructure. On the other hand, the aim of the latter one is at cloud-based services.

Key Benefits Of SCCM Over Intune:

It lets you manage systems that are not connected to the Internet.
There is no need to use Microsoft Cloud.
It allows you to manage Windows Servers.

Key Benefits Of Intune Over SCCM:

Mobile device management (MDM) for mobile devices
No need for local infrastructure
Maintenance of the program or infrastructure is not required.

Now you know the strengths of both solutions. The combination of these two can offer you a lot more co-management options. Both are possible to be combined to manage on-premise & cloud-based infrastructure in phones, computers, applications, etc.

Which Operation Systems Are Covered Under SCCM?

Operating systems that are covered under SCCM are as follows:-

Windows 8.1, 10, 11
Windows Server 2012-2022 (including core)
Windows embedded devices (IoT), & other lightweight devices
Windows devices in Azure Virtual Desktop
macOS Mojave, Catalina, and Big Sur.

What Are SCCM’s Requirements?

Its requirements are as follows:

Infrastructure And Other Software Needs:

Active Directory (AD) or Azure AD domain
SQL database
WSUS

If you are willing to have no VPN requirement, then you have to create a cloud management gateway

Licensing:

Included in Microsoft 365 E3, E5, F5, or Enterprise Mobility & Security (EMS) E3 & E5, or with an Intune USL or user subscription license.

Is SCCM Suitable For You?

Big organizations that invested in Windows, are already using System Center Configuration Manager to manage their Windows devices as well as the workstations. But those who are not using this configuration manager already, may want to look elsewhere. Microsoft, the giant tech, is modernizing its toolset for device management. So, Intune and other tools can make more sense to be used in different cases. But, it is impossible to manage servers with Intune yet. Therefore, you have to use tools like SCCM to manage them.

When you don’t use 100% Windows in your organization, many tools will be required outside of the Microsoft ecosystem for management of your devices & workstations. So, it is better to use an all-in-one endpoint management platform that can offer visibility via a single pane of glass.

Conclusion:

SCCM, a viable endpoint solution, can be used only by those enterprises that can afford this & have Windows-only infrastructures. As the mixed OS is becoming the norm, the system center configuration manager is less valuable regarding efficiency & patching capabilities.