Microsoft System Center Configuration Manager (SCCM)

Microsoft System Center Configuration Manager (SCCM) is a Windows product that enables the management, deployment and security of devices and applications across an enterprise. Amongst other potential uses, administrators will commonly use SCCM for endpoint protection, patch management and software distribution. SCCM is part of the Microsoft System Center systems management suite.

The SCCM integrated console enables management of Microsoft applications such as Application Virtualization (App-V), Microsoft Enterprise Desktop Virtualization (Med-V), Citrix XenApp, Microsoft Forefront and Windows Phone applications. All these applications can then be managed by a single location.

System Center Configuration Manager relies on a single infrastructure, with the goal of unifying physical and virtual clients under one umbrella. SCCM also adds tools to help IT administrators with access control. SCCM discovers servers, desktops and mobile devices connected to a network through Active Directory and installs client software on each node. It then manages application deployments and updates on a device or group basis, allowing for automated patching with Windows Server Update Services and policy enforcement with Network Access Protection. System Center Endpoint Protection Manager is built into System Center Configuration Manager to secure data stored on those devices.

Core features of Microsoft SCCM

Some core features in Microsoft System Center Configuration Manager include:

  • Windows management -- to keep pace with updates to Windows 10.
  • Endpoint protection -- to provide identification and malware protection.
  • Reporting -- to present information on users, hardware, software, applications and software updates.
  • Operating system (OS) deployment -- to distribute operating systems to devices in an enterprise.
  • Software update management --which allows users administrators to deliver and manage updates to devices across an enterprise.
  • Application delivery --which allows administrators to deliver an application to all devices across an enterprise.
  • Health monitoring -- which shows client activities and health in the console, and can alert users if health statistics decrease past a specified level.

Several key features of System Center Configuration Manager help administrators address the bring-your-own-device (BYOD) trend in enterprise organizations, including user-centric management. End users can search for applications with a self-service software center and specify times when installations and upgrades take place. IT administrators can install applications on different devices. For example, SCCM can be used to install a native application on a primary device, as a Remote Desktop Services app, or as an App-V program on a tablet. SCCM also includes role-based access control (RBAC), which enhances system security by only showing end users the interface elements that apply to their specific roles as defined by Active Directory. 


Microsoft System Center Configuration Manager is similar to Microsoft System Center Operations Manager (SCOM). The two can be easily confused upon first appearances. SCOM allows system and application administrators to deploy, configure, manage and monitor operations, services and applications of many devices. SCOM does this within an enterprise through a management console.

SCCM and SCOM are both Microsoft enterprise applications. SCOM, however, focuses on enterprise monitoring on the server-side. SCCM, instead, is not considered a monitoring application and focuses on the client-side.

This was last updated in October 2020

Continue Reading About Microsoft System Center Configuration Manager (SCCM)

Dig Deeper on IT operations and infrastructure management

Cloud Computing
Enterprise Desktop
Virtual Desktop