Over the years, and especially when Azure first came out, Microsoft has developed many ways in terms of configuring and managing both your IT/Network Infrastructure, and even your devices as well.  But now the battle had been drawn between two main ones:  System Center Configuration Manager and Intune.

We take a closer at both of them, and then do a cross comparison to help you decide which may be the better choice for you.

The System Center Configuration Manager (SCCM)

This is also known as the “SCCM”.  This particular tool has been around since at least 1994 and is now a legacy tool. It is a rather powerful one to use, as it is primarily meant for the management of servers and workstations and for On Prem deployments.

A sampling of the functionalities of SCCM include the following:

  • The deployment of the various Microsoft Operating Systems, both at the workstation and server levels;
  • The auto deployment of the software patches and upgrades as they are released;
  • Helping your organization coming into compliance not only with your own security policies but also with the data privacy laws of the GDPR and the CCPA;
  • Allowing for the remote access of your VMs and VDs for the purposes of management and configuration;
  • Easy integration with antivirus software packages, especially that of the Microsoft Endpoint Protection;
  • Allowing you to define and configure access controls, rights, and privileges based upon the roles that your employees have for their jobs.

Although there is a lot of technological sophistication that goes with the SCCM, it can be very simply managed from one dashboard, or by simply logging into endpoint.microsoft.com

An example of the dashboard is illustrated below:

(SOURCE:  1).

Intune – What Is It?

Back in 2011, Microsoft developed and made commercially available a product known as “Intune”.

Intune offers a much more robust and advanced suite of tools that allow you to create and deploy the access policies for your employees.  It should be noted that the core functionalities of Intune are pretty much the same as they are for the SCCM, but there are some differences as follows:

  • The software patch/upgrade deployment process is done via a special portal which is known as the “Microsoft Update for Business”;
  • There are tools that let you create various policies and rules for the sole protection of your software applications;
  • In terms of antivirus packages, it only makes use of the “Defender Antivirus”.

There is a central dashboard from which you can manage Intune, and it can be accessed in the exact same manner as you would the SCCM.  An example of this is illustrated below:

(SOURCE:  1).

Which One To Use?

Up until 2019 or so, Microsoft allowed its customers to choose which package they wanted to use.  But then just recently, the company changed course and now offers both the SCCM and Intune as one package, which is co-managed together.  This means that while you cannot exclusively use one tool over the other, you have the choice of which one you want to use from the standpoint of software management.

A cross comparison of these two can be seen in the matrix below:




Software Application Deployment



OS Deployment


Not Available

Creation of Conditional Access Rules

Not Available


Software Patch/Upgrade Deployments



Compliance Management



Management of Digital Assets



Remote Access Availability


Available (can only be accessed in TeamViewer)



Enterprise Mobility, Security E3, Enterprise Mobility and Security E5, Microsoft 365 E3, Microsoft 365 E5, or Microsoft 365 F3

Microsoft 365 E3, Microsoft 365 E5, Enterprise Mobility and Security E3, Enterprise Mobility and Security E5, Microsoft 365 Business Premium, Microsoft 365 F1, Microsoft 365 F3, Microsoft 365 Government G3, or Microsoft 365 Government G5.

You should use SCCM for the following:

  • You have very complex Cloud or On Premises based deployments;
  • You are still operating a legacy environment
  • Need advanced reporting and analytics tools.

You should use Intune for the following:

  • You want the latest cloud-based tools;
  • Need to manage mobile devices;
  • If your security requirements have to make use of Conditional Access Policies.


Choosing which one to use can be a confusing process, and there is more that you need to consider before you do make that final selection.  If you need help with this, contact us today.


  • https://www.techtarget.com/searchwindowsserver/tip/SCCM-vs-Intune-A-closer-look-at-the-capabilities-of-each