We look at Microsoft Endpoint Configuration Manager MECM and Microsoft Endpoint Manager to see whats better for managing your applications.
Back in 2016, I wrote a lengthy blog on application deployment options in SCCM (System Center Configuration Manager). At the time, I started the blog stating that every client I worked for in recent times was either already using SCCM or migrating to it. It is now 2022, and SCCM has become MECM (Microsoft Endpoint Configuration Manager) and is utterly dominant in the enterprise.
At this point in time, I believe we are in a transition period caused by the switch to a remote workforce. We now require enterprise management products suited to managing devices in the office and remote. While MECM still has prominence in the enterprise, we are now trending toward cloud-native solutions or at least towards using the cloud attach feature for MECM to bring a cloud component to their efforts.
MECM and Intune:
In the 2016 post, I said that Intune was NOT the best Mobile Device Management product on the market, and I believe you could still make a strong argument for that case today, BUT Intune or its new off-shoot, Microsoft Endpoint Manager, is quickly becoming as prevalent in the MDM space as MECM is in the software deployment space.
Already dominant for managing mobile devices, it makes sense to use MEM to manage physical endpoints sitting remotely in end users’ homes. Microsoft has now tightly integrated Intune into their cloud DaaS offerings with an option to auto-enroll Azure Virtual Desktops and Windows 365 Cloud PCs for all your cloud desktop management needs. This makes Intune/MEM an essential tool for managing pretty much all devices in today’s enterprises.
If you look at the Microsoft Endpoint Manager console, it looks familiar, while previous iterations of Intune had a starkly different web UI than the SCCM Console. MEM looks and feels a little closer to what we get in MECM with the sidebar options and some of the features even extending to the application level. I will get to those shortly.
Patch Management:
In 2016, I pointed out that organizations would provide role-based access to various teams in IT, not just the desktop team, to allow them to do patch management for their machines, e.g., Citrix team, Exchange team, etc. Most organizations are still partly tied to their own on-prem data centers, so patch management with MECM is still heavily used for this purpose.
With that said, Microsoft just launched the Autopatch service for those with Windows E3 or E5 licensing. Autopatch is a cloud service that will automatically manage patches for your organization’s devices. It will sort your machines into different rings to stagger patch deployment and obviously deploy the patches to your devices. If you patch with MECM today, like me, you will probably read that and think that it is kind of cool but no big deal! Managing my department’s device collections and ensuring the Automatic Deployment Rules run as expected isn’t a pain point. The big pain point of patching and what gives Admins heartburn is that patches tend to break things!
The good news with Autopatch is that if a lot of customers subscribe to it, there will be a huge pool of devices for Microsoft to pull data from. Autopatch will bake in some intelligence to protect customers from patches breaking things. For example, if a patch is found to cause problems on a certain model of Lenovo laptops, the patches will not be deployed to those devices. Essentially, a problem for one person is fed back to the service, preventing others with the same type of environment from experiencing the issue. Kind of cool!
There are other cloud patch management services also available from Microsoft, and they have added a 3rd party patching catalog to MECM, which was a blind spot for the product for many years. Sure, you can pull patches for Windows and Microsoft products, but everyone uses products from other vendors, so what about those? Patching 3rd party products is very important. Personally, I feel Patch My PC for 3rd party product patching is still superior.
contact:
Tel: +44 (0)121 752 7600
Email: info [@] algiz-technology.com
address: 83-85 Hagley Rd, Birmingham B16 8QG, United Kingdom
https://twitter.com/intent/follow?screen_name=ALGIZTECHNOLOGY
https://www.linkedin.com/company/algiz-technology-limited/