News

Microsoft Gives More Guidance on SCCM vs. Intune

Microsoft recently clarified the differences between its Intune and System Center Configuration Manager (SCCM) products to help organizations decide on the client management solution that fits them best.

The mobile device management (MDM) market is a crowded one. Analyst and consulting firm Gartner Inc. has placed AirWatch, Mobile Iron and Citrix, among others, in the top Leaders category in its 2015 report on the topic, with Intune residing in the Visionaries category. However, in Microsoft's conception, it's a choice between the so-called "standalone" Intune service for device management and the so-called "hybrid" SCCM software.

In late May, Microsoft published a TechNet article with further details to help organizations make a decision on its device management products. Microsoft is recommending the use of hybrid SCCM for managing more than 50,000 devices, while Intune is a consideration for less than 50,000 devices. Hybrid SCCM is the choice if an organization is managing intranet-only devices and requires capabilities such as traditional fat-client management, full application inventories, role-based access controls and the ability to use "external tooling."

The capabilities of Intune and SCCM aren't equivalent. In March, Brad Anderson, corporate vice president for enterprise and client mobility at Microsoft, claimed that most organizations likely would want to use both products -- namely, the hybrid SCCM approach.

Organizations sticking with Microsoft's solutions apparently are confused by the choice. And right now, switching between the two isn't easy to do.

"It's an important decision, as it's not particularly easy to change your mind once device deployment has begun," Microsoft explained in a blog post last week.

Standalone vs. Hybrid
Intune is a multiplatform (Android, iOS and Windows) MDM and mobile application management service. However, it also can be used to manage desktop PCs. Intune is one of Microsoft many managed services delivered from its datacenters and offered on a subscription basis.

SCCM, on the other hand, is Microsoft's venerable PC and server management software solution that gets installed in an organization's computing environment. It's but one component of Microsoft's System Center suite of enterprise management tools, obtained through traditional licensing.

SCCM can integrate with the Intune service using connector software, which Microsoft calls the "hybrid" approach. Alternatively, the Intune service can be used by itself, which Microsoft labels "standalone." This nomenclature is worth noting because Microsoft updates its standalone Intune service faster than the Intune service that's integrated with SCCM. In other words, Microsoft's development innovations get delivered faster to organizations using the standalone Intune service. Possibly, that's of importance in the rapidly changing mobile device world.

Service Models
SCCM 1511, released in December, represented the first release of Microsoft's most current client management solution. It was released ahead of the rest of the System Center 2016 product suite in order to keep pace with Windows 10. The main difference with the SCCM product now is that it is service-enabled. It follows an update model mirroring Windows 10's rapid changes. Windows 10 gets monthly minor feature updates, along with biannual major feature updates. IT pros have to keep pace with this update model in SCCM or risk having it fall out of support, which is a potential security risk.

Intune, in contrast, is a potentially lower maintenance product. Microsoft maintains and pushes down the Intune product updates, for instance.

Limitations
A hybrid SCCM implementation has "a steep learning curve," Microsoft's TechNet article admits, with "on-premises complexity" to deal with. An organization also will need SQL Server licensing to use SCCM, in contrast to Intune.

Intune, on the other hand, is restricted by having limited built-in roles. It just has two roles for administrators, namely "Full Access" and "Read-only Access." It just has "basic user and device grouping capabilities." Intune's reporting capabilities are considered to be "limited" by Microsoft. For instance, it won't show details about apps that are "sideloaded" outside a company's portal page. IT pros cannot use "external tooling," such as PowerShell, with Intune. Microsoft's old Silverlight platform for running Web apps is a requirement for using Intune, even though the current Silverlight 5 platform is a deprecated product that will fall out of support in 2021. On the plus side, Intune has a "low learning curve," and Microsoft maintains its updates.

Microsoft's Advice and Intune's Direction
Organizations should test Intune and consider its direction before deciding to deploy it, according to Microsoft's TechNet article. Intune's management capabilities vary among the Android, iOS and Windows platforms. It's a moving target for Microsoft to address those platform differences, so testing Intune may be a somewhat involved task unless an organization has standardized on a particular mobile platform.

On the other hand, Microsoft conceives of hybrid SCCM as being the choice for organizations that require "a single management console for both traditional clients and mobile devices."

Organizations opting between Microsoft's solutions might not want to make such a choice. Microsoft is currently working to make it easier to switch between Intune and hybrid SCCM in the near future, but switching isn't too easy right now.

"Switching MDM authorities today requires manual intervention from Microsoft Support, and significant effort by the tenant," the article explained. "To simplify this, our goal is to allow coexistence of hybrid and Intune standalone, allowing you to move users between the two types of management, but not requiring you to choose one configuration over the other."

Clearly, organizations may be stumped by Microsoft's dual mobile device management approaches right now. Intune is designed for lightweight management scenarios and smaller mobile device deployments. It's only advantage over hybrid SCCM is its simplicity. However, Microsoft is planning to make Intune's capabilities equivalent to those of its hybrid SCCM solution somewhere down the line.

"Many of the unique abilities that a hybrid configuration currently provides will be functionally replicated in Intune standalone as the service is developed in the short, medium, and long term," Microsoft's TechNet article stated.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured