When Intune came out roughly 10 years ago, the natural assumption was that it was being set up to replace SCCM (which has been around for nearly 30 years). In some ways it can, but probably not for everything, and even then, perhaps not right away. 

Microsoft's approach to Intune was different from SCCM, and there are key points to be made here. Firstly, we need to understand why SCCM is still valuable today. After countless iterations over more than 2½ decades, SCCM is a very mature product with rich offerings, and it is extremely good at what it does: manage devices that run Windows. This includes patching, inventory, application installs and removals, software metering, OS deployment, OS upgrades, extremely robust reporting and more. When it comes to deployments, SCCM can deploy exactly what you want to the devices that are supposed to get it at precisely the right time, and under specified conditions – translation: SCCM is nearly infinitely configurable.

But all those infinite possibilities come at a cost. SCCM is an infrastructure solution and thus requires proper care and feeding to keep it running optimally. You must keep the SCCM infrastructure in lockstep with the rest of the organization; meaning that if a change is made to a network configuration, such as active directory, physical locations or any number of other things, then SCCM must be to be tuned to match. Additionally, for those organizations that have had SCCM running for a number of years, they may not be taking full advantage of more recent SCCM infrastructure optimizations, resulting in a need to manage more servers than would be desired.  On top of all that sits a requirement for skilled dedicated administrators. 

To truly become an expert in SCCM it takes years of dedicated time and effort, focusing on SCCM and a need to be proficient in multiple technologies, like AD, networking, SQL, application packaging, and scripting, including a deep understanding of the underlying OSs of all supported operating systems.

So, when Microsoft designed Intune, their approach was different. There were a few key goals that they strived for; they are:

  1. To lower the barrier to entry for administrators, so they can be productive in days rather than months.
  2. An infrastructure that is simpler, easier to manage and more flexible under dynamic conditions.
  3. To broaden their coverage of end-user devices and not pretend that Windows is the only operating system that end-user devices run on.

To meet these goals, changes (and some concessions) had to be made. First, Microsoft recognized that the way in which you manage servers is very different from how you manage end users and their devices. Add to that the need to support more device types and operating systems; so, Microsoft chose to remove servers from the focus of Intune. Second, to lower the complexity, Microsoft has removed some of the control. For example, patching in Intune is a more hands-off process. It will decide which patches need to be installed. If using Autopatch, it will automatically assign all devices to pre-determined groups for assigning deadlines. The OS will prompt the user to install before the deadline and have the OS enforce the deadline – the administrator just needs to let it run and trust the process; no micro-management required. Similar constructs for removing the "micro-management" can be noted for driver management, application deployment, etc. As for simplifying the infrastructure, Microsoft maintains the Intune infrastructure in the Azure cloud, so your admins no longer must maintain infrastructure, patch servers, backup and maintain SQL databases, etc.

All these things make Intune a very attractive offering, but it does not cover everything.  Many Enterprises have been using SCCM for years and have built business processes or 3rd-party integrations around SCCM; Intune may not have feature parity for all of them. Intune does not manage servers, and I am not aware of any plans to do so.  The rich reporting features of SCCM are frequently leveraged to help meet regulatory compliance requirements, and Intune may not yet be ready to fulfill those needs.  Some industries like manufacturing and high security focused industries have devices that need to be managed, but do not have access to the internet, so a cloud-based solution is not feasible.

The final consideration is simply "change is hard," and hard usually equals expensive. Microsoft recognizes this and has spent a lot of time focusing on co-management, which, as you would expect, is merging both platforms to manage your devices. By utilizing co-management there are some key benefits that can be gained, often resulting in a solution that provides the best of both worlds:

  • The ability to move individual workloads from SCCM to Intune at the speed your organization requires.
  • Allowing for testing with smaller groups at first to minimize user impact as much as possible.
  • A single interface from which you can manage all of your end user devices.
  • While getting the immediate benefits of Intune, you can learn to relinquish the control you are accustomed to having with SCCM.

So even if your ultimate goal may be to remove SCCM altogether, and your organizational requirements align with that, it does not mean that SCCM is obsolete today. For many organizations, adding Intune together with SCCM can be a better alternative.

Technologies