News

Microsoft Exec Talks Up System Center Configuration Manager

IT pros wondering about the fate of System Center Configuration Manager got some reassuring words this month from a Microsoft executive.

On-premises PC management will be the primary workload for System Center Configuration Manager for the "foreseeable future," according to Brad Anderson, corporate vice president of program management for Microsoft's Windows Server and System Center Group. Anderson made the comment during the 2015 System Center Universe keynote talk in Dallas this month.

The talk is available on demand, and can be accessed here.

Microsoft currently has two PC management solutions, namely the venerable System Center Configuration Manager product and the newer Microsoft Intune service. It might be assumed that one of them might get axed by the company further on down the line, but Microsoft has tended to suggest in past communications that Intune primarily will address the mobile device management needs of organizations going forward, while the company is still committed to developing Configuration Manager as its main enterprise tool for managing PCs.

Recently, Microsoft publicized that it plans to release its next Configuration Manager product when it releases Windows 10 this fall. The next Configuration Manager product will arrive first before other System Center components, since the complete System Center suite is expected to reach general availability status sometime in 2016. The idea of releasing Configuration Manager "early" seems to be that the company will at least deliver its main tool for managing desktops when it releases its next desktop operating system (Windows 10).

Anderson said that more than 75 percent of the world's PCs are managed by Configuration Manager. Intune is also used for PC management, he added, with some organizations managing tens of thousands of PCs using Intune.

While Microsoft is moving the "control plane" of its management solutions more into the cloud with Intune, the company's goal is have "100 percent" of its Intune capabilities added to its Configuration Manager product in a "short period" of time, Anderson said. This integration will come in the form of a future update to the Configuration Manager product, although Anderson didn't specify when that might occur.

Currently, it's possible to use a connector application to link Configuration Manager with Intune, providing a "single pane of glass" view for managing mobile devices and PCs. While Intune is Microsoft's main mobile device management tool, Configuration Manager likely will still be needed by organizations since Intune can't be used to deploy servers.

Meanwhile, Intune is now being released on a monthly update schedule, as of this month. Anderson said that Microsoft hopes to increase that release pace. The company is also looking at a possible quarterly cycle for its Configuration Manager product update releases.

Not everything will be shifting to the cloud, according to Microsoft's "world view" (see chart). PC management will remain an on-premises activity, although mobile device management will best be handled via the cloud, according to Microsoft's vision.

[Click on image for larger view.] Microsoft device management vision. Source: February 4, 2015 System Center Universe keynote talk by Brad Anderson.

Microsoft plans to enable a consistent and integrated management experience across mobile devices (third bullet point). In a previous talk, Anderson linked that capability to the use of container technologies in Windows 10, while leveraging such technologies in iOS and Android. It'll be specifically associated with the management of Office apps and data across those platforms.

The self-protecting data concept (fifth bullet point) is associated with the Microsoft Azure Rights Management service, which can be used to avoid inadvertent data disclosures. Microsoft plans to sell those kinds of data management capabilities via its Enterprise Mobility Suite licensing.

Anderson stressed that Microsoft plans to deliver four layers of protection with its mobile management solutions. There will be protections at the device level, the app level (using containers and wrappers), the file level (self-protecting data) and at the identity management level (Azure Active Directory).

The Azure cloud service will smooth over the process by enabling single sign-on access to apps by end users. Microsoft currently has more than 2,400 different software-as-a-service (SaaS) apps that are integrated with Azure Active Directory to enable such access, Anderson explained.

IT pros can use Microsoft's Cloud App Discovery tool to search for unvetted SaaS apps in their organization. Microsoft has found that a typical enterprise has about 300 SaaS apps in use that IT departments don't know about, Anderson said.