I’d like to start this post saying that this is my only opinion and may/may not be the same opinion as Microsoft or any other person and it is based on my experience working on a series companies over the years (from many sectors of the economy and from many countries)
So, let’s start.
I often get this question, Should we use Microsoft Intune or SCCM? and just few times, they say, should we integrate Intune with SCCM or use it stand alone?
Before answering this question, we need to know a bit of the history. And let’s start with SCCM.
SCCM born in 1994 as SMS (or System Management Systems) as the same says, it was a system created to manage systems and was created in a 4-6 years update cycle, what I mean by that is that Microsoft release a new version every 4 to 6 years. Today, the SCCM 2012, we can easily see that this is the version 5.
Over the years, Microsoft added lots of features, it started as device management system and today it also has the user management features as well as OS Deployment, Settings Management, Software Update, etc…so, as you can imagine, maintaining the development of this tool is quite complex as this touch many other tools that are not developed by the same people. OS Deployment, WSUS, etc.
And most important, we’re talking of a tool that has over 20 years of history and it is being updated to give companies (that invested money buying and customizing this tool) the best tool in the business.
This is a tool that you install inside your company and as you can imagine, you need people that knows what they are doing to maintain and keep it running.
To summarize: SCCM has lots of features that companies need and if there is a missing feature, you can customize as it is installed on a server (or servers) that you manage and have access to it.
[BE AWARE: just because you can, doesn’t mean you should. when customizing SCCM, test this in a Lab before performing change in a live production environment. If you’re not sure, ask someone with more experience or maybe contract a company to do for you]
As you can see, SCCM has lots of features focused on what companies need and the feature list grow over the years and still growing, as Microsoft is still investing a lot of money on its development. You can extend it as much as you want. Using 3rd party tools or create your own tools.
With 2012/R2, it started being easy to do as it added support for PowerShell, so the development of extensions started to be an easy task, but may not need to start from zero, there lots of companies that have created tools for SCCM (like Secunia CSI to manage 3rd party software update, 1E Nomad to help minimize the bandwidth utilization, Enhansoft for better reporting, RFL Systems dashboard for a better view of the environment, etc).
Also, the CM community has grown over the years as much as the product has grown, there are lots of people with lots of experience that can help you out as well as you can find lots of good information of “goodies” (ie. Scripts, documentation, etc) out there.
Now, let’s talk about Intune. Intune is still a kid, it started few years back and if I recall properly, the name was System Center online. the objective that time was to manage devices for small companies, and by devices I meant windows desktops, not servers. it had basic features, like its brother (the system center essentials) had, so I usually called it System Center Essentials, the online version. It had the monitoring capabilities that that you could find on SCOM as well as the software update and software deployment technologies that you could find on WSUS. Later on it started to have integration with Anti-Virus, however, it never had more than that, I mean, no OS Deployment, no peer to peer, etc.
Later on, Microsoft added lots of features focused on mobile device management and renamed it to Windows Intune and recently, Microsoft Intune.
Microsoft Intune, different from SCCM, is not installed on your environment, so you don’t need to have people looking after intune as Microsoft does it for you, so you don’t need to install any server, buy server licenses, buy hardware (or create a new virtual server), patch or look after anything server related, it is a cloud and because it is installed and managed by Microsoft and it is not inside your organization, you access it over the internet (so internet is necessary) and perform the action using a webportal. As you can imagine, if your internet is not good, the user experience will not be good and there is nothing you can do about it.
Now, imagine if your internet goes down?!?! No new software installation, patch, etc…
Another difference from SCCM, you cannot extend the capabilities, there is no support for PowerShell or any other 3rd party tool. It also, its client is not created to manage Server, there is no support for Linux/Mac, OS Deployment, etc.
The focus on Intune today is Mobile Device Management and non-mobile device management features are not getting attention or are not being developed at all. The nice thing that intune is bringing, as it only exist at Microsoft environment, Microsoft can bring new features every month, and they have being doing this.
One of the drawn back is, because you have no way to test before it has been implemented, how can you be sure the update will not break anything in your environment? You can’t rollback/revert/refuse changes, they just happen.
I normally say that Intune is for companies where specialized IT does not exist. You cannot break a server, but you still able to break a desktop if you deploy the wrong thing. So with a bit of knowledge of IT, one person could manage an organization, deploy application, deploy software updates, etc. while with SCCM, you need someone that is experienced with SCCM and probably with SQL, Windows Servers, Windows Deployment, WSUS, etch
For a business, the 1st person is really cheap while the expert will costs a lot.
So, one of the differences would be MONEY, that depending on the size of the organization, intune may be cheap at the beginning but may be more expensive in a long run (3-5 years)
Now, features, OS Deployment, Integration with 3rd party tools, server management, etc.
If your company buys a device from BestBuy, PC World, etc and are happy with it, so no OS Deployment, Intune would be a great option, however, if your company needs to customize the OS Deployment before deploy to a user, wants to integrate with 3rd party tools, having a solution you cannot do this, is not an option.
Note that we have not even talked about security (that as you can imagine, has lots of things to be said), but lets just say, where is my data? Is it encrypted? Who has access to it? What data is being copied to the Clouse? So if you don’t trust Microsoft to hold your data, Intune is not an option.
In my view, Intune has a great solution that is the “monitor” part, that SCCM does not have, however, this is the feature that from what I’ve seen, is the least used in Intune.
For the majority of companies, using Intune would not help as there are many missing features and the focus is mobile device management. While for SCCM, the Mobile device management feature is missing but they do have a lots of features for device management for both servers and clients. So, for device management, I will always say: Use SCCM while for Mobile Device Management, I would say, use Intune…
And by mobile device management, I’m referring to the management of iPhone/iPad, Windows Phone 8.x, Android.
For an IT person where the company has SCCM already, you’ll then need to use 2 consoles, 1 for your devices/servers and another for your mobile devices, what is not the best option.
What Microsoft has done, is perform the integration between the solutions, so you can use SCCM to manage on-prem devices as well as mobile devices, so all features that you have with SCCM as well as the power of integration with 3rd party tools still there and depending on what you want to do, you still able to do for Mobile Devices.
But this is today, as you may already know, the new SCCM that will be release later on this year and currently in preview, does have a Mobile Device Management feature built in, so, you’ll only need intune for license purposes and not having a intune to manage your devices.
I often see companies using solution because a Sales person said it is the best for the company without a proper validation of the requirements. As you may be thinking, Microsoft is pushing cloud so, you can expect that their sales people will be pushing Intune as opposite to SCCM just because intune is a MS cloud solution, not because it is good or bad.
the decision about using intune or SCCM (or maybe the integration) should be based on what the company needs (and hopefully after a test environment being created and features tested), pros and cons and then price, but most of the time is price. So, in those environments you can imagine, IT gets blamed for not doing the job properly.