Microsoft Describes Its Device Management Plans with SCCM and Intune

System Center Configuration Manager (SCCM) will be Microsoft's primary solution for on-premises PC management for the "foreseeable future," according to a keynote talk this month by Brad Anderson, corporate vice president of program management for Microsoft's Windows Server and System Center Group.

Speaking at the 2015 System Center Universe event in Dallas, Anderson said that more than 75 percent of the world's PCs are managed by Configuration Manager. Another Microsoft solution, Intune, is also used for PC management; some organizations manage tens of thousands of PCs using Intune, according to Anderson.

With two PC management solutions in Microsoft's lineup -- the venerable SCCM and the newer Intune -- it might be assumed that one of them might eventually get axed. However, Microsoft has tended to suggest in past communications that Intune will primarily address the mobile device management needs of organizations going forward, while the company is still committed to developing SCCM as its main enterprise tool for managing PCs.

Recently, Microsoft publicized that it plans to release its next SCCM product when it releases Windows 10 this fall. The next SCCM product will arrive first before other System Center components; the complete System Center suite is expected to reach general availability status sometime in 2016. The idea behind releasing SCCM "early" seems to be that the company will at least deliver its main tool for managing desktops when it releases its next desktop operating system (Windows 10).

While Microsoft is moving the "control plane" of its management solutions more into the cloud with Intune, the company's goal is to have "100 percent" of its Intune capabilities added to its SCCM product in a "short period" of time, Anderson said. This integration will come in the form of a future update to the SCCM product, although Anderson didn't specify when that might occur.

Currently, it's possible to use a connector application to link SCCM with Intune, providing a "single pane of glass" view for managing mobile devices and PCs. While Intune is Microsoft's main mobile device management tool, SCCM likely will still be needed by organizations since Intune can't be used to deploy servers.

Meanwhile, Intune is now being released on a monthly update schedule, as of this month. Anderson said that Microsoft hopes to increase that release pace. The company is also looking at a possible quarterly cycle for its SCCM product update releases.

Not everything will be shifting to the cloud, according to Microsoft's "world view" (see chart). PC management will remain an on-premises activity, although mobile device management will best be handled via the cloud, according to Microsoft's vision.

Microsoft's device management vision. Source: Feb. 4, 2015 System Center Universe keynote talk by Brad Anderson.

Microsoft plans to enable a consistent and integrated management experience across mobile devices (third bullet point). In a previous talk, Anderson linked that capability to the use of container technologies in Windows 10, while leveraging such technologies in iOS and Android. It'll be specifically associated with the management of Office apps and data across those platforms.

The self-protecting data concept (fifth bullet point) is associated with the Microsoft Azure Rights Management service, which can be used to avoid inadvertent data disclosures. Microsoft plans to sell those kinds of data management capabilities via its Enterprise Mobility Suite licensing.

Anderson stressed that Microsoft plans to deliver four layers of protection with its mobile management solutions. There will be protections at the device level, the app level (using containers and wrappers), the file level (self-protecting data) and at the identity management level (Azure Active Directory).

The Azure cloud service will smooth over the process by enabling single sign-on access to apps by end users. Microsoft currently has more than 2,400 different Software-as-a-Service (SaaS) apps that are integrated with Azure Active Directory to enable such access, Anderson explained.

IT pros can use Microsoft's Cloud App Discovery tool to search for unvetted SaaS apps in their organization. Microsoft has found that a typical enterprise has about 300 SaaS apps in use that IT departments don't know about, Anderson said.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.