Professional management tools are an absolute must to avoid a proliferation of fixed and mobile devices. Certainly, now that the shop floor is extending far beyond the company walls and work from home is becoming the "new normal" as a result of the coronavirus pandemic, as a company, it is wise to invest in thorough "endpoint lifecycle management". In addition to the installation or configuration of the various devices - from servers to smartphones – this specific part of IT management also involves the maintenance and security of these devices throughout their entire lifecycle.
SCCM: proven solution continues to evolve
Yet, however indispensable management tools may be, you can also have too many of them. Each tool in turn requires a certain amount of management, which calls for twice the expertise. So there really must be a good reason – in other words, a clear advantage – for using Microsoft SCCM and Microsoft Intune together, for example. "My personal experience tells me that a combination such as this hardly ever yields any benefits. You're better off going with one solution or the other. But in a transition phase, you can certainly use both solutions together: the scenarios are there," says Ives Ledegen, Technology Expert in the domain of "endpoint lifecycle management'"at Inetum-Realdolmen.
As always, each solution has its specific strengths and weaknesses. Microsoft SCCM (System Center Configuration Manager), which was renamed Microsoft Endpoint Configuration Manager (ECM) a few years ago, was originally known as Systems Management Server (SMS). Initially developed to manage Windows systems, both workstations and servers, the tool today also offers support for macOS, Linux, Unix and all kinds of mobile devices running on iOS and Android, among others.
"Microsoft SCCM has evolved tremendously over the years," notes Yves Ledegen. "And the tool is still evolving." For example, Microsoft now also provides a Cloud Management Gateway (CMG), as an addition to the on-premises solution that SCCM essentially is. In doing so, the software vendor is cleverly responding to the need to make clients accessible beyond an organization's classic Active Directory and network perimeter.
This ongoing evolution results in a fairly complete management solution that allows you to remotely deploy and inventory software, (re)install an operating system, roll out updates, provide the necessary network security, and report on all those aspects of ICT management as well. In doing so, Microsoft SCCM has all along proved to be a particularly robust solution with which even large international companies can efficiently manage their systems worldwide.
Intune: cloud-based management continues to gain ground
In contrast to the long and respectable track record of Microsoft SCCM is Microsoft Intune, a management solution from the current cloud era. Originally an MDM tool (Mobile Device Management), which was initially developed for managing smartphones and tablets via the cloud, Intune can now also be used to install and manage laptops and desktops. "Only server management is not yet a possibility," notes Yves Ledegen. "For that, it can therefore be useful to also still have SCCM."
"Apart from that, Intune is a virtually complete management tool that supports not only Windows devices but also devices running on Android, iOS and macOS," the Technology Expert continued. "The tool is only available as a cloud service." You can rent the service separately and then pay a subscription fee to use it. But you can also purchase Intune as part of Enterprise Mobility + Security (EMS), Microsoft's security suite.
The latter is no coincidence, Yves Ledegen points out. "The great strength of a tool like Intune is that it responds more to the needs of the present day. And particularly to the need for a higher level of security, because more devices are outside the traditional security perimeter. SCCM is not as suitable for that."
Office work versus work from home
"In a way, you can think of Intune as an extension in Microsoft Azure of some of the on-premises functionality of Microsoft SCCM," explains Yves Ledegen. "With Intune, you can also do just a bit more remotely than with SCCM. For instance, you can reset a device more easily or delete data. With SCCM, you have to go on site for that or call on the Cloud Management Gateway. Although that cloud extension certainly also has its limitations and you can't do everything with it at the moment."
"In conclusion, SCCM remains a staple for managing servers and on-premises devices and applications, which are within an organization's traditional security perimeter. That's why the tool was developed in the first place. For the management of PCs and other end-user devices, the use of SCCM is somewhat less expedient nowadays. Certainly now that, as a result of the coronavirus crisis, more people are working from home. With Intune, you can leave the installation and configuration of a home work PC to the end users themselves, while with SCCM, this continues to be a task for the IT department", concludes Yves Ledegen.