Delivering software updates can be a challenge, especially when you don’t know which tool is best for the job. This is often the case when Desktop Managers have to choose between Systems Center Configuration Manager (SCCM or ConfigMgr) and Intune. Although the two might seem similar, they are very different, and so are the purposes they serve.
Think of them like you would a rubber mallet and a ball-peen hammer. SCCM, the rubber mallet, can – and should – be used for big jobs, like deploying Windows 10 on bare metal machines. Intune, our ball-peen hammer, is more useful in scenarios that require finesse, like managing updates to mobile devices and applications.
Let’s dive in to see what makes them each unique, and then discuss how to use and optimize them for even greater performance.
What is SCCM?
SCCM is now a part of Microsoft Endpoint Manager (MEM) and is used to securely deploy applications, software updates, and operating systems on desktop devices.
- Long history: More than 250,000 companies use SCCM to manage over 50 million endpoints
- Excellent for delivering large “payloads” or large files
- Great for complex files and packaging
- Strong in Operating System Deployments (OSD); supports the full lifecycle of getting a machine up and running on the network, from bare metal machines to ongoing delivery analytics
- Supports all types of software – Windows, iOS and custom line-of-business applications
- Allows for management of content at all endpoints and servers
- Excellent for large enterprises with complex global networks and needs
- Flat licensing fee with unlimited usage
- Powerful software delivery tool but requires a commitment to learn the tool and dedicated staff to use it to its full potential
- Typical setup is on-premises and makes it difficult to update software in bandwidth-constrained offices without integrating with a Cloud Management Gateway (CMG)
- Complex toolset which can be intimidating for new admin
- Detailed reporting but can be a challenge to find what you need
- Requires defining network typology and boundaries, which increases the work to maintain the network and staging of content
What is Intune?
Intune is SCCM’s mobile device and application management counterpart. Unlike SCCM it is cloud native and is used to deliver software updates to mobile devices. It is part of Microsoft's Enterprise Mobility + Security (EMS) suite.
- Cloud native
- Strong in mobile device management (MDM)
- Good at light-weight, smaller applications on mobile devices or mobile OS.
- Auto provisioning of systems – with Microsoft Intune and Autopilot, you can give new devices to your end users without the need to build, maintain, and apply custom operating system images to the devices.
- When you use Intune to manage Autopilot devices, you can manage policies, profiles, apps after end users are enrolled
- Narrow focus on mobile devices; not a full systems-management platform
- Doesn’t support server-side applications
- Not intended for large applications
- Doesn’t have the feature-set to handle complex package deployments
- Incurs egress or monthly usage fees based on the volume of data transmitted – software deployment is often a reactive activity based on the software provider updates; usage fees add up and get more expensive over time
- Challenges in planning – difficult to predict the number or size of software updates that will occur over time, especially in an environment where most applications are going cloud native with a higher frequency of updates
What Do I Do with This Information?
Knowing the pros and cons of SCCM and Intune is great, but it doesn’t provide practical advice for how to use each effectively – or strategically – when delivering software updates. Here’s our advice, plus additional insights on how to securely speed up deployments.
Leverage Co-management – Use the Right Tool for the Job
Microsoft continues to state that Intune and SCCM will both co-exist in the future under the Endpoint Manager product family. With that in mind, it’s important to implement a co-management strategy that uses both solutions and applies them based on use case – i.e. SCCM for desktop deliveries and Intune for mobile device management.
Enable Window’s Autopilot in Conjunction with Intune
According to Microsoft, you can use Intune and Autopilot to “give new devices to your end users without the need to build, maintain, and apply custom operating system images to the devices.” This is big news as Autopilot can help with Windows 10 provisioning on mobile devices. But remember, it only works with existing OEM images, not delivery of corporate gold images.
Reduce Network Infrastructure with an SD WAN
Maintaining hardware distribution points is costly, especially when taking into consideration hardware, bandwidth and maintenance. Distributing software updates via an SD WAN instead can greatly reduce your internal infrastructure footprint and associated costs. An SD WAN also gives you greater flexibility and scale to better service a modern work environment.
Connect a Cloud Management gateway (CMG)
For those who manage all of their organization’s remote internet-based devices, it is important to set up SCCM with a CMG to deliver software more efficiently. An Azure-based CMG makes it so you don’t have to expose your on-premise infrastructure to the internet, greatly reducing network strain in remote offices with limited bandwidth.
Be Smart About How You Use Your Network
Leverage the Azure cloud for long hops across your network, but don’t do this for every delivery because it can get very expensive due to egress or usage fees. Instead, opt to use peering technology, like Kollective for Software Delivery, within regional locations to complete updates over the LAN more efficiently. This also provides significantly faster software deployments because updates occur organically and in parallel versus in a typical serial manner.
Learn How Kollective Can Accelerate Software Delivery
Whether you need to accelerate software delivery, minimize bandwidth usage or reduce the total cost of ownership (TCO) for software, Kollective can help. Our solution leverages a secure cloud-native architecture and peering technology to more efficiently deliver software at scale via SCCM – Intune integration coming soon.
- 70% faster deployments
- 25% less time spent on desktop management
- Up to 99% of bandwidth saved
- Up-to-date patch compliance
- 100% confidence
To learn more about Kollective for Software Delivery, read the solution brief.