Microsoft System Center Configuration Manager (SCCM) is an endpoint management solution for Microsoft devices, applications, and servers, which is now known as the Microsoft Endpoint Configuration Manager and bundled into the Endpoint Manager suite. This article explains how SCCM works, its benefits, and its challenges.
Microsoft System Center Configuration Manager (SCCM) is an endpoint management solution for Microsoft devices, applications, and servers, which is now known as the Microsoft Endpoint Configuration Manager and bundled into the Endpoint Manager suite.
System Center Configuration Manager (abbreviated as SCCM) is a product from Microsoft Windows that makes it easier to manage, deploy, and protect applications and devices in an organization. Administrators typically use SCCM for endpoint protection, patching, and distributing software in bulk, among other possible use cases. SCCM was part of the Microsoft Systems Center product suite but is now part of Endpoint Manager.
System Center Configuration Manager or SCCM is reliant on single infrastructure to unify physical machines and virtual machines. It also provides tools to aid IT administrators in terms of access control.Â
To achieve this, it discovers desktops, servers, and mobile devices linked to a network through Microsoft Active Directory (AD) and installs the requisite apps on each client. It then orchestrates application updates and deployments for individuals or groups. This allows Network Access Protection for policy enforcement and Windows Server Update Services for automatic patching.Â Â
Microsoft’s SCCM also acts as a system manager that allows supervisors to regulate the security and deployment of applications and devices throughout the company.Â
SCCM can sometimes be mistaken for Microsoft System Center Operations Manager (SCOM). SCOM is a platform used to monitor systems’ health and performance. The significant difference between SCOM and SCCM is that SCCM is used for the management of configurations, while SCO is used in monitoring applications and services. With SCCM, one could distribute updates to devices that are Windows 10 or Windows 11-compatible throughout your entire network. It offers an efficient means of provisioning and updating many devices at once, and so, therefore, it is a staple for enterprises.
SCCM’s integrated console simplifies how you manage Microsoft apps such as Microsoft Forefront, Application Virtualization (App-V), Windows Phone applications, etc. As a result, all these can be controlled from one location.
Important SCCM architectural components
There are four crucial components of the SCCM architecture (which is more of a hierarchy): the central administration site, followed by the primary site, the secondary site, and then the distribution point. Let’s discuss these components in detail:
- Central administration site: In a large organization setting, the central administration site is at the highest point of the hierarchy. It is the point from which primary sites are controlled or managed. One CAS can handle more than 25 primary sites at once, but it’s only used by organizations with a hierarchy of more than 100,000 clients. Remember that the CAS is only used for administration and reporting purposes.
- Primary site: This is the next level on the hierarchy and supports the secondary sites below. These sites do not support themselves. One primary site can support a hierarchy of over 250 secondary sites and 100,000 clients.
- Secondary sites: These sites are the next level of the hierarchy, and the primary sites manage them. These sites have their SQL servers and work as intermediaries between the clients and the primary sites. One secondary server supports a hierarchy of 5,000 other components and deploys clients.
- Distribution point: Distribution points deliver content to the client’s systems. Distribution points are of two types: local and remote. Also, note that primary and secondary sites are distribution points by default.
The evolution of SCCM
Microsoft SCCM was initially developed in 1994 as Systems Management Server v1.0. The initial purpose behind the development of this program was to make it easier to manage Microsoft-native applications like MS-DOS, Windows NT, etc., on Windows NT Server, NetWare, LAN Manager, and other networks.Â
However, as Windows 95 was created, Microsoft updated the program to version 1.1 in 1995 to help customers easily migrate to Windows 95. The 1996 version was introduced with better features like remote control, Simple Network Management Protocol (SNMP), networking-monitoring capabilities, and inventory.
The version 2.0 series started in 1990 to aid Y2K remediation efforts. However, the 2003 version improved stability, reliability, and software distribution capabilities. However, the company changed the program’s name to Microsoft System Center Configuration Manager (SCCM) in 2007.
The 2007 version was introduced to support Windows Vista and Windows server 2008, and the name was changed to solve the confusion with SMS (Short Messaging Services). The company made other modifications in 2012 and 2015, but the primary and most referenced version of SCCM is the 2016 version. It offers benefits like improved integration with the Windows Store for Business, supporting online and offline-licensed apps, and more.
Although there were other versions after the 2016 release, only the 2019 version or Version 1906 SCCM is part of the Microsoft Endpoint Manager. As an upgrade to the 2019 version, a 2022 version of SCCM has been released, which is no longer available as a standalone solution but is bundled into the Microsoft Endpoint Manager solution.
As we have discussed the architecture and components of the SCCM, you must have had an idea of the working structure of this program. Here, we discuss the core features of the SCCM to give you a functional explanation of how the program works. We also provide detailed steps on installing the Microsoft System Center Configuration Manager (SCCM).
Top SCCM featuresÂ
Some of the primary features of Microsoft System Center Configuration Manager include:
- Application management
This feature enables administrators to develop, handle, and deploy applications for each device handled under an enterprise. In a detailed manner, this feature allows the Configuration Manager to make management activities like; assigning specific devices to specific users and deploying software applications to both the user and the device. This implies that every user would have every essential software to pursue their tasks efficiently.
- Endpoint protection
This feature helps to manage malware detection policies and Windows firewall security. Here are the advantages of this feature in SCCM:
- Lets you give users security updates at various time intervals via email notifications
- Enables the Configuration Manager to manage Windows defender firewall settings according to their specificationsÂ
- Access Microsoft Defender Advanced Threat Protection.
- Access the most recent antimalware definition files
This feature makes it possible to create custom reports directly from the console. This helps generate information on hardware, users, software, and updates. However, One must employ a few steps to run the report in the SCCM console. In the Configuration Manager console, the user must first select monitoring. You can click to expand the reporting in the monitoring workspace. From the expanded view, clicking on Reports will reveal all the available reports. You can select the report, and on the home tab, click Run to open it or Edit to change it.
- Operating system (OS) deploymentÂ
This feature of SCCM makes operating system deployment more efficient as it provides the tools for this deployment that might be via Preboot Execution Environment (PXE) boot or through bootable media. These two methods of deployment are explained below:
- PXE boot deployment allows client computers to request network deployment. The Configuration Manager can deploy the operating system to the software center, and client computers can easily download the operating system.
- Bootable media deployment is implemented on the destination computer when the computer boots. The unique characteristic of this deployment method is that the content is not on media, so one can update everything without reconstructing the media.
Asides from the two discussed, another method of OS deployment is via multicast deployments. This method entails sending data to multiple clients simultaneously to save network bandwidth.
Apart from these four features, SCCM also aids in the following:
- Software update management: Allows users and administrators to manage and deliver updates for devices in an enterprise.
- Application delivery: Allows administrators to deliver applications to all devices in an enterprise.
- Health monitoring: This shows user clients’ health and activities in the SCCM console and can trigger alerts if health parameters decline beyond a particular threshold.
How to install SCCM in 2022
The 2022 Microsoft System Center Configuration Manager (SCCM) version is now a part of the Microsoft Endpoint Manager, and the Windows 2022 server is the latest server OS by Microsoft. Importantly, Endpoint Manager is an integrated solution to manage and organize all of your enterprise devices. It combines Intune (a mobile device management tool) and Configuration Manager with simplified licensing and without a complex migration.
There are many ways to install the Configuration Manager client on Windows server 2022, such as:
- Manually installing ConfigMgr Agent on Windows Server 2022 using the command prompt
- Using the Client Push Method implies installing client agents on remote Windows Clients (Client and Server).
- Software update-based installation, which is mainly used for first-time installation or upgrades
It is mainly advised to use the client push method as it is the easiest and most efficient. Here are the necessary steps to take while using this client push method for installing the Configuration Manager client on Windows server 2022;
- Launch the SCCM (Configuration Manager) console.
- Go to Assets and ComplianceOverviewDevices.
- Right-click Windows Server 2022 machine and select Install Client.
- Install SCCM Client on Windows Server 2022.
The client push comes about via the Install Configuration Manager client wizard.Â
- Determine the client push preferences. If installing an SCCM client on Windows Server 2022 domain controllers, it is advisable to turn on the option â€œAllow the client software to be installed on domain controllers.â€
- Review the settings on the Summary window and click Next.
- Close the client push installation wizard.
After carrying out these steps accordingly, you will be notified of successfully installing the SCCM component of the Windows Endpoint Manager.
If you need a solution that will help in configuring and managing systems in an enterprise network environment, using SCCM will be a good idea. This is because SCCM provides a single tool to deploy installations to many devices, which streamlines the network hardware management process. However, there are also a few challenges to using Microsoft SCCM. First, let us consider its benefits:
1. Safeguarding endpoints
Thanks to an inbuilt Windows update engine, SCCM helps regulate anti-malware definitions. It also allows you to keep the user’s PC updated while ensuring that they are safeguarded all the time with the latest protection version.Â
2. Boosts user productivityÂ
By safeguarding endpoints, SCCM offers the opportunity for employees to stay productive, resulting from the Configuration Manager and the secure access it provides. It also helps to protect sensitive data, and it does that by providing the required tools to administrators.Â
3. Unlocks insights on assets
The administrator in charge of licensing can use asset intelligence to track the programs that have been installed, and he will also know where it was installed. They can also follow the number of applications and also the number of installations too. Across the environment and with the help of software metering, one can track licenses, thereby assuring that the counts are precise in the audit server.Â Â
4. Provides a single tool
SCCM is beneficial because it helps in providing one with single tools to deploy installation to multiple devices, which streamlines the hardware management processes. It can be very cumbersome to manage devices individually daily on every single device â€“ but with the help of SCCM,Â overseeing the updates and configuration of devices from a top-down viewpoint saves you a lot of time.
5. Simplifies patch management
With SCCM, one can manage and update software remotely. Microsoft Windows Server Update Services (WSUS) helps to check for updates and also deploys patches to devices, and that is because of the SCCM program. Multiple Windows devices can be maintained using one console, which can periodically schedule or deploy patches to devices. Patch management is essential for keeping software updated, and also, from a security viewpoint, it helps to reduce the likelihood of a cyber attacker exploiting a vulnerability. To avoid disruptions, patches run in the background.
6. Speeds up reporting
One of the main functions of SCCM is report creation. SCCM is built with out-of-the-box reports for device monitoring throughout the network. The default reports cover everything from the management of assets to the vulnerability assessment of user data. To run reports, you will need to have appropriate authorizations. One can customize reports, so one can pick which report to monitor.
Challenges of SCCM
While SCCM is a beneficial tool for Windows users, it also comes with its challenges:
- It has limited support for non-Windows devices: Devices such as Mac and Linux experience limited support because Microsoft built SCCM for Windows devices. One needs a Windows server to run the program, which immediately rules out many cross-platform environments. For users whose IT infrastructure is dominated by Windows, SCCM is recommended to them.Â
- It has limited support for third-party application patches: SCCM has little support for third parties. SCCM becomes ineffective at patching third-party applications. This is a considerable limitation because third-party applications still need to be secured and can be used as an entry point by cyber attackers. It is a significant weakness of the SCCM program and requires additional investment to address.Â
- It is expensive, with a complex pricing structure: The pricing can be costly for enterprise users. For the Management License (ML) version, enterprise client licenses range from $430 (Â£353) to $41 (Â£33) for the user’s ML version. When one considers how complex and expensive it is regarding limitations in the third-party patching and the limited support it has for non-Windows devices like Mac and Linux, it may be too expensive for incomplete coverage.Â Â
SCCM from Microsoft was one of the essential tools to help IT administrators manage their Windows-based infrastructures. Today, the features and functionalities of the product remain accessible but in a different garb â€“ as part of the Microsoft Endpoint Manager.Â
This is aligned with the company’s holistic approach of moving towards integrated solutions that address some of the challenges SCCM faced (e.g., complex licensing). Using the Configuration Manager module of Microsoft Endpoint Manager, IT admins can continue to stay productive across their physical and cloud footprints.Â
Did this article answer your questions about System Center Configuration Manager (SCCM)? Tell us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to hear from you!Â Â