Microsoft SCOM (System Center Operations Manager)

Microsoft System Center Operations Manager (SCOM) is a component of the Microsoft System Center suite of enterprise management software. SCOM allows data center administrators to deploy, configure, manage and monitor the operations, services, devices and applications of multiple enterprise IT systems through a single pane of glass.

The SCOM management dashboard uses traffic light color coding to indicate object health states. Green is healthy, yellow is a warning and red indicates there is a critical issue. The administrator can adjust these levels when needed.

SCOM is a cross-platform tool and can work with Windows, MacOS and Unix-based operating systems, including Linux. Organizations using SCOM typically rely on management packs developed by third-party vendors to extend SCOM’s monitoring capability beyond Microsoft workloads. 

SCOM is part of Microsoft's Long Term Servicing Channel (LTSC) and is available to all customers with a valid license for System Center 2019. In March 2019, Microsoft announced that internally, the company stopped using SCOM to address operations support for its own applications and has switched to its Azure Monitor service instead.

How SCOM works

Every enterprise relies on its underlying services and applications for everyday business and user productivity. SCOM is a monitoring and reporting tool that checks the status of various objects defined within the environment, such as server hardware, system services, operating systems (OSes), hypervisors and applications. Administrators set up and configure the objects. SCOM then checks the relative health -- such as packet loss and latency issues -- of each object and alerts administrators to potential problems. Additionally, SCOM offers possible root causes or corrective action to assist troubleshooting procedures.

SCOM uses traffic light color coding for object health states. Green is healthy, yellow is a warning and red is a critical issue. (Gray can denote an item is under maintenance or SCOM cannot connect to the object.) Administrators set a threshold for each object's health state to determine if SCOM should issue an alert. For example, the admin can set a disk drive as green/healthy with more than 70% capacity remaining, yellow/warning with 70% to 80% capacity filled and red/critical with more than 80% of storage capacity filled. The admin can adjust these levels when needed.

SCOM components

A basic SCOM installation includes several components. A management server handles the essential administration and connection to databases. The operational database provides an SQL database for current reporting. The data warehouse database holds SQL data collected over long-term reporting. A reporting server queries the databases and produces detailed reports delivered to administrators. The IT department can install these components on one server or across several servers for scalability.

SCOM management packs and agents

SCOM uses agents installed on each system to check performance and collect data retrieved by the management server. Application-specific management packs, which provide prefabricated rules for data collection and reporting to particular applications, augment these reports.

Management packs allow SCOM to manage and monitor applications outside of the tool's direct control. Since monitoring and management can be too complex to handle manually, the use of management packs automates and orchestrates the auditing process.

Microsoft provides a number of management packs from its TechNet site to monitor a wide assortment of OSes, applications, tools and services. For example, administrators can download Microsoft management packs for applications such as SQL Server 2016 and Microsoft Azure SQL Database.

Third parties also provide SCOM management packs. For example, the Veeam Management Pack for System Center monitors and assists with the management of Hyper-V, vSphere and the Veeam Backup & Replication product.

For certain computers that cannot have an agent installed for various reasons, SCOM allows agentless monitoring for these machines through a proxy agent that runs on another system.

SCOM update release cadence

In March of 2019, Microsoft announced a change to their release cadence of updates to SCOM. Microsoft reports that most of their customers use the Long Term Servicing Channel (LTSC) update cadence, as opposed to Microsoft’s other two update options, which are known as Semi-Annual Channel (SAC) and Update Rollups (URs). LTSC provides five years of mainstream support as well as five years of extended support and UR provides incremental fixes and updates. LTSC and UR will now be the main objects of focus for SCOM, as SAC releases will stop. This should mean update cycles will now be longer and more stable.

The two prior SAC releases will be upgraded to SCOM 2019.

Version history of SCOM

Microsoft Operations Manager

SCOM's roots came from a network management system named SeNTry ELM from a company named Serverware Group plc. Mission Critical Software acquired the rights to SeNTry ELM in 1998, adapted it and changed the name to OnePoint Operations Manager. Mission Critical Software merged with NetIQ and sold the rights to OnePoint Operations Manager in 2000.

Microsoft renamed the product to Microsoft Operations Manager (MOM) and released it in 2001.

MOM worked in concert with two other Microsoft programs: Systems Management Server (SMS) 2.0 and Application Center 2000. MOM simplified the management of servers and applications. It contained the same basic features as SCOM 2019, but with less scope due to the limited number of management packs.

MOM 2005 SP1: Microsoft released MOM 2005 Service Pack 1 in 2005 with several enhancements, including mutual authentication, agent proxy capabilities, a secure communications channel and secure credential storage. Microsoft introduced several new features, such as an action account, tasks and a reporting database that stored data and generated reports to the reporting console.

SCOM 2007: In 2007, Microsoft renamed MOM to System Center Operations Manager (SCOM). The company added the command shell to this update that connected to Windows PowerShell. This feature -- and the addition of about 80 cmdlets related to SCOM -- allowed administrators to develop scripts for task automation.

SCOM 2012: In 2012, Microsoft released System Center 2012 and introduced high availability, application performance monitoring, dashboards, network device monitoring and Java application monitoring to SCOM. Microsoft improved the installation process with a prerequisite checker in the installation wizard. Microsoft added integration packs to enable SCOM to interact with System Center Orchestrator 2012.

SCOM 2012 R2: Microsoft released System Center 2012 R2 in 2013, which included improved fabric monitoring for private clouds and integration with development tools for application troubleshooting. Additional changes included an improved monitoring agent and support for IPv6, integration with the System Center Advisor service and upgraded Unix and Linux monitoring.

SCOM 2016: Microsoft released System Center 2016 in October 2016 with more advanced cross-platform infrastructure and workload monitoring. Microsoft further integrated SCOM with the rest of System Center and extended its toolset to provide a more consistent monitoring system.

SCOM 2019: SCOM 2019 was released in March of 2019 and focused on areas of monitoring such as adding tools for monitoring and managing data centers, adding support and management capabilities to newer versions of Windows server and enabling hybrid management and monitoring with Azure.

Additional changes and enhancements in SCOM 2019

Many of the changes made in SCOM 2019 relate to enhancing the software’s monitoring features and capabilities. Changes include:

  • Enhanced alerts raised by monitors- an instance where the closure of critical alerts while the object is in a warning, critical or unhealthy state leaves the problem unresolved has been fixed. Now, an alert cannot be closed unless the health state of the corresponding monitor is in a healthy state.
  • Management server failover support for monitoring in Linux and UNIX- when a primary management server fails, another management server will take over the role of the primary management server. An instance has been fixed where new alerts would cause new tickets or incidents being created. Alerts now do not get recreated if a primary management server fails.
  • New Linux OS support- Support for monitoring in SUSE Linux Enterprise Server 15, openSUSE Leap 15, Ubuntu 18, Debian 9 and SUSE 12 PPC has been added
  • Enhanced URL monitoring- Operations Manager will not ignore server certificate errors by default.
  • Client-side monitoring on multiple browsers added- In addition to Internet Explorer, client-side-monitoring can also be used in Microsoft Edge and Google Chrome—versions 42 and up and versions 68 and up respectively.
  • Enhanced Application Performance Monitoring- websites created with SharePoint 2016 can now be monitored.

Different versions of the Windows OS now support Microsoft Monitoring Agent which connects to Operations manager. Standard, Standard (Desktop Experience), Datacenter, Datacenter (Desktop Experience), Server Core versions of Windows server 2019, 2016 and 2012 R2 are all supported, as well as:

  • Windows Server 2012- Standard, Datacenter and Server Core versions.
  • Windows 10- Enterprise and Pro versions.
  • File System- formatted in the NTFS.
  • Windows PowerShell- version 2.0 or 3.0.
  • Microsoft .NET Framework- version 3.5 or later.

SCOM alternatives

There are a number of management and monitoring tools available to the enterprise, such as:

  • Nagios is an open source server monitoring program similar to SCOM. Both programs have agent- and agentless-based monitoring with Windows and Linux support. Nagios rivals SCOM in quality, adaptability and customization. Nagios has an active user community that shares plug-ins for the platform. Nagios does not offer graphing of live programs unless an add-on is installed, has less complicated live reports and lacks a web console.
  • Zabbix is another open source monitoring platform that includes high capacity performance, automatic network discovery and support for multiple OSes. Zabbix supports agent-, agentless- and web-based monitoring with Simple Network Management Protocol (SNMP) and Intelligent Platform Management Interface (IPMI) agents. While versatile, Zabbix has a relatively steep learning curve and lacks in-depth documentation, which can hinder adoption.
  • SolarWinds Server & Application Monitor supports Windows and Linux. It can monitor up to 12,000 applications, servers and databases. It also checks the status of Microsoft applications in Azure. Monitoring of some applications, such as SQL Server, can be lacking. Also, each monitored node requires a license, which can be a substantial cost for large deployments.
  • PRTG supports Windows, Linux, Unix and macOS systems. PRTG offers similar features to SCOM by detecting health issues and issuing alerts. Unlike SCOM, setting priorities for notifications can be more challenging to manage.


Microsoft SCOM and System Center Configuration Manager (SCCM) are both Windows products, that could be confused with one another. While SCOM focuses on enterprise monitoring on the server-side, SCCM instead, is not considered a monitoring application and focuses on the client-side. The goal of SCCM is to unify physical and virtual clients in one infrastructure.

SCCM enables administrators to manage the deployment and security of devices and applications across an enterprise. Administrators will commonly use SCCM for endpoint protection. The integrated management console for SCCM also provides management for these Microsoft applications:

  • Application Virtualization (App-V)
  • Microsoft Enterprise Desktop Virtualization (Med-V)
  • Citrix XenApp

Microsoft Forefront and Windows Phone applications

This was last updated in September 2019

Continue Reading About Microsoft SCOM (System Center Operations Manager)

Dig Deeper on IT operations and infrastructure management

Cloud Computing
Enterprise Desktop
Virtual Desktop