If you’ve been following this blog series so far, you’re aware that we’ve been reviewing Microsoft’s suite of endpoint management tools over the last several months. But to refresh your memory – or if this is your first time joining us – here’s a quick peek at what we’ve reviewed so far:
At this point, we understand these tools’ primary capabilities. Also, we know how an organization would use each tool in a silo. But how is each tool actually used in the real world? Let’s find out.
How are Microsoft’s endpoint management tools used in the real world?
First off, these tools are highly flexible, so you’re likely to run into some pretty unique use cases depending on your organization.
Remember, too, that these tools generally require a fairly significant up-front investment. Not just in terms of cost, but also when it comes to the time it takes to get them up and running and the recurring investments of time and money to maintain and use the tools properly.
While SCCM, WSUS, Intune, and MEM do well managing Microsoft systems, organizations with more diverse OS ecosystems – like those that include macOS and Linux – are likely to require additional tools outside of the Microsoft ecosystem.
Also, when it comes to third-party application deployment and patching many organizations tend to use additional products that sit alongside or on top of WSUS, SCCM, and Intune. To illustrate, let’s break down how each tool is ofused today.
How are WSUS and SCCM used today?
As we mentioned before, there are many use cases for these tools. We’ll take note of the most common ones.
For starters, many organizations still use SCCM and WSUS. Now, remember, WSUS can stand alone to help cache and distribute patches. But SCCM also contains WSUS and adds additional functionality like policy-based patching and configuration.
SCCM and WSUS are largely still on-prem and some organizations are likely to have years-old processes still in place around them. Organizations still using WSUS and SCCM may have localized, large workforces that require patch caching and distribution to avoid adverse effects on the network. Though, cloud-native solutions without patch caching and distribution could be used in conjunction with Delivery Optimization to the same effect.
Furthermore, SCCM is still likely to be used at organizations heavily utilizing Windows Server OSes as well – since other Microsoft solutions like Intune don’t support Server (and they won’t anytime soon).
How is Intune used today?
Moving onto the next tool, Intune is an infrastructure-less, agentless master data management (MDM) solution that can help organizations provision, configure, and manage their devices.
Primarily targeted toward Windows OSes, Intune also supports macOS, iOS, and Android (to an extent). Check out our Intune overview for more detail.
Intune can help organizations fill a need that SCCM and WSUS cannot as it offers touchless deployment and provisioning of devices via Windows Autopilot or Apple Business Manager. It’s also simpler to implement, compared to SCCM, and supports devices outside of the corporate network with less overhead and complication than SCCM.
Now, many organizations are slowly migrating workloads (e.g. management tasks like patching, configuration, etc.) to the cloud with Intune. This also means more companies are moving away from SCCM to reduce their on-prem infrastructure needs.
Next up on our toolset list is Microsoft Endpoint Manager.
How is Microsoft Endpoint Manager used today?
When Microsoft Endpoint Manager (MEM) was announced, many thought it would replace Intune and SCCM. However, this isn’t the case.
MEM is a tool meant to help organizations running SCCM, or SCCM and Intune, to modernize device management by migrating workloads from SCCM to Intune.
The tool unites Intune and SCCM under a single interface/console that is MEM. Then, it allows organizations to tenant-attach SCCM to MEM or co-manage SCCM and Intune. So, what exactly does this mean?
Well, assuming they’re licensed, most organizations running both SCCM and Intune (this is quite common) should use MEM on top of the other two.
Why? It’s simple. If you use two tools to manage devices, your visibility is incomplete in each tool. But by connecting each of the other tools to MEM, you get a more complete picture.
Now, if an organization isn’t quite ready to move workflows from SCCM to Intune, then it can simply tenant-attach SCCM to MEM to unite data with Intune.
As organizations migrate management tasks like patching and configuration from SCCM to Intune, co-management is really the only way to go.
How Microsoft tools work within your ecosystem: The takeaways
Hopefully, you now have a general idea of how each of these Microsoft tools fits into the overall device management strategy at your organization.
As we mentioned, these tools, and endpoint management in general, can be a bit like the Linux command line – there are usually multiple ways to do the same thing. Also, people and organizations will have different preferences, use cases, or business objectives that will influence strategy and tool selection, one way or another. In other words, it takes different strokes to move the world. What might be right for one organization, may not be ideal for others.
Generally speaking, though, we’re seeing tools move towards the cloud. And that’s a very good thing for the vast majority of businesses.
It turns out that migration to the cloud makes advanced technology more accessible and simple than ever, democratizing endpoint management for all organizations – large, small, and everywhere in between.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.
Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.