This is Endpoint Manager

Admin Center needs no WSUS maintenance

Put an end to manual WSUS maintenance!

  • Reject WSUS updates
  • Remove drivers
  • Improve WSUS performance
  • Remove computer
  • Clean log files
  • Remove rejected updates

Microsoft announced that it would further expand the co-management of SCCM and Intune. This is reflected in a common name for the two tools as well as simplified licensing. Endpoint Manager also includes Desktop Analytics and Device Management Admin Center.

By Microsoft's own admission, the division of labor between System Center Configuration Manager (SCCM) and the Intune cloud service has not been particularly clear until now. This was also due to the fact that the functional scope of Intune continued to grow and thus overlapped more with that of SCCM. Conversely, SCCM also offers features for mobile device management, on which Intune focuses.

Hybrides Co-Management

Since version 1710 of SCCM, Microsoft has supported the so-called co-management of Windows 10 PCs. On the one hand, this allows users to supplement the management of their end devices with functions from the cloud that are not available in SCCM. These include conditional access from Azure AD or remote actions such as deleting, resetting or restarting devices.


Second, for functions that exist in both solutions, users can selectively choose from where they want to obtain them. To do this, they assign authority for specific tasks ("workloads") to the respective system. It is also possible to claim the same function for different groups of PCs from one side or the other.


Such a separation will often run between desktop PCs in the corporate network and mobile devices used by employees on the road. The latter usually have Internet access, but would always need a VPN connection to be managed via an internal SCCM. This is where Intune comes in handy to distribute patches by configuring Windows Update for Business (WUfB) or to update policies.


Further integration of the two products is to take place via the Microsoft 365 console, which will then also contain data and tasks from Configuration Manager.


Permanent hybrid solution

The increasing overlap between SCCM and Intune, as well as a common console, could be interpreted as a roadmap towards the cloud, with the end of on-prem SCCM as the ultimate goal. However, Microsoft asserts that the concept of co-management is of a permanent nature and not a transitional solution to migrate SCCM customers to the cloud.


DMAC und Desktop Analytics

In addition to SCCM and Intune, the new Microsoft Endpoint Manager also includes Device Management Admin Center (DMAC) and Desktop Analytics. The latter is also a cloud service that interacts with SCCM to determine the update capability and app compatibility of clients.


The Device Management Admin Center, on the other hand, is used to perform certain mobile device management tasks from a web console. These include registering smartphones and tablets, managing apps and users, and installing a connector for Exchange.



In addition to closer technical integration, Microsoft also announced a standardization of licensing law. Accordingly, SCCM users will be able to use Intune at no additional cost if they use it to manage Windows 10 PCs.

However, Mobile Device Management for Android and iOS is not included. For this, companies must purchase a license for either Intune, Enterprise Mobility & Security (EMS) or Microsoft 365 E3 and higher.