Extracting real value from SCCM and Intune with IT Asset Management toolsBy Edward Cartier, xAssets LLC.
Updated January 2023 to include new integrations and Intune
Nearly every IT department uses some form of a systems management tool (SMT) such as
Microsoft's System Center Configuration Manager (SCCM) or Microsoft Endpoint Manager (Intune),
but too many rely on their systems management software to perform
IT Asset Management (ITAM) functions.
SMT's do the things they are designed for very well, but are not a substitute for a comprehensive ITAM or
Software Asset Management (SAM) solution. By using flexible ITAM and SAM tools that easily integrate external data and have a dynamic report writer, IT pros can extract real value from their SCCM and Intune investment.
It is axiomatic that good information leads to good decisions. The cost of perfect information has long been debated in business schools, but no real answers were ever forthcoming. However, most business leaders would gladly pay a small amount to improve the accuracy, level of detail and reliability of the information their systems generate.
Consider a different but analogous business situation. The company needs a third party to represent it in public.
It needs a firm that has people who can write, express themselves well, know the business, and present the company in a positive manner to the public.
Using those criteria, either a law firm or a public relations firm would meet the specifications; however, the CEO wouldn't want the attorneys
to write his advertising, nor would he want a PR firm to represent the company in court.
Just as in selecting a professional services company, it's important to determine exactly what is expected from a SMT or ITAM solution.
System Center Configuration Manager (SCCM)
Microsoft Endpoint Manager (Intune)
both survey and discover networked devices, including servers, client PCs and smartphones, connected to your system through Active Directory.
These tools install client software on each node and compiles an inventory database with records on each asset and the software installed on each device, along with the
details about the hardware configurations. It uses this data to target application deployments to groups of devices or users.
SCCM provides application recognition capability, which is necessary to get a usable understanding of what software is installed across the IT estate.
SCCM's inventory agent can also collect application usage data, which shows what software is not only installed but actually being used.
All of these are important pieces of an overall software asset management (SAM) and license optimization program,
but knowing what is installed is only the first step in the process.
On the contrary, Intune only maintains a list of "managed" software titles, and no additional information about these titles is provided
making it difficult to utilize Intune software data for managing a Software Asset Management (SAM) program. Intune customers can solve this
problem by deploying xAssets Discovery to provide a detailed inventory of all devices including the software on them.
Systems Management tools are defined as solutions that manage enterprise-wide administration of distributed systems, including computer systems. Systems management is strongly influenced by network management. Maximum productivity can be achieved more efficiently through event correlation, system automation, and predictive analysis. It includes remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
Note the lack of any IT asset management capabilities.
SMTs play a key role in maintaining the overall IT infrastructure, especially in terms of providing remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory. As part of that function SMTs must be able to discover and identify devices on the network and have some "awareness" of the software already installed. Many have reporting capabilities built in, which lead some IT managers to rely on the SMT for hardware and software discovery and inventory. Therein lies the making of a problem.
Unlike ITAM systems, SMTs are not designed to collect or report detailed system information. After all, their main purpose is to get software out to the endpoints and provide some level of network protection; however, they are not designed to thoroughly interrogate those endpoint devices.
SCCM and Intune utilize deployed agents to collect configuration information.
The software collects hardware and software inventory by enabling the client agents on a site-by-site basis.
The hardware inventory agent collects available disk space, processor type and operating system for each computer.
The SCCM software agent, in turn, identifies inventoried file types and versions and collects specified files.4
The Inventory client agents then can be used to create an inventory report based on the client inventory information collected.
The resulting reports are perfectly suited for administering software on the network, but not detailed enough for use in an ITAM practice.
ITAM is defined as
"The set of business practices that join financial, contractual and inventory functions to support life cycle management and
strategic decision making for the IT environment. Assets include all elements of software and hardware that are found in the business environment".
ITAM includes gathering detailed hardware and software inventory, and ITAM practices minimize the risks and
related costs of advancing IT portfolio infrastructure projects based on old, incomplete and/or less accurate information.
The same, but different?
There is a world of difference between the information generated by a solution that is primarily designed to deploy software across a network
and one that is intended to "join financial, contractual and inventory functions to support life cycle management and strategic decision making
for the IT environment." ITAM solutions do not manage systems well and SMTs do not perform ITAM tasks well. However, combined, they make a superb team.
The smart return
System Center and Intune both represent a great strategic decision for taking control of your IT infrastructure.
The software requires a substantial investment of time and money but for large environments the returns are substantial and worthwhile.
A few years ago a paper was published suggesting that an organization running 50,000 clients could save 5,500 man hours per year and
$290,000 USD plus some additional one-time savings.
Integration for the complete solution
However, a small additional investment in a full lifecycle ITAM tool can give you a much bigger return by giving you
visibility and organizational control over those assets through functions that are not available in SCCM or Intune.
Another important consideration is that not all of the data needed to manage an IT operation successfully exists in that one tool - SCCM or Intune.
Modern organizations will have data in several systems including
- SCCM or Intune
- Mobile and Apple devices are held in JAMF, Cisco Meraki or Kandji
- Virtual Servers and other cloud assets are held in Amazon Web Services, Google Cloud, Azure
- Active Directory and Azure Active Directory
- Other apps, whether local or in the cloud
An effective IT Asset Management implementation needs to pull data from all the sources
that contain IT assets, otherwise important decision making could be based on incomplete intelligence.
Using two or more solutions raises the question about data consistency and integrity. Management needs to have one, reliable, accurate source of information regarding the IT infrastructure. If hardware devices, including network infrastructure components such as switches and routers, are omitted then decisions regarding upgrades, and disposals are impacted. If software licenses and installations are missed, software license compliance is impacted. Manual reconciliations of two systems are difficult, time consuming, and prone to errors.
However, this needs not be a concern. A competent ITAM solution will utilize the data collected by the SMT and combine it with the discovery and inventory data, eliminating duplicates and providing a complete detailed inventory of the network. Moreover, an agent-less ITAM solution will scan every device detected and will report those devices without an agent, or in which the agent has been removed or is corrupted. Where an SMT solution may report the make, model and quantity of the discovered devices, the ITAM solution will report the discovery date, asset type, serial number, description, asset number (bar code), OS version, disk space, processor type, physical location and user name. The following Venn diagram illustrates the real benefit of using an ITAM solution in conjunction with a systems management tool.
The same applies to software. Consider the following SCCM report:
It displays the title, vendor version, software category, family and state. It's good enough to define what is on the system, but hardly adequate for an audit or for a licensing analysis.
The equivalent from Intune leaves much more to be desired. It gives a cryptic title, and version; not sufficient for a SAM program!
Now consider the level of detail generated by xAssets' ITAM solution that has imported software information from SCCM.
The inventory, plus all the relevant licensing information, is displayed in a format that can be used by IT managers to identify problems and make decisions regarding software acquisitions.
The benefits of utilizing both a systems management tool and an IT asset management tool are numerous. Beyond generating actionable intelligence about the entire IT infrastructure, a complete ITAM solution can be used to discover and report on devices with faulty or no agent. It scans every device, even those which may not support an agent. Software titles are normalized, creating accurate information crucial in performing license reconciliation. Moreover, the ITAM solution is designed to create a wide range of standard and customized reports that provide in-depth information to management. The ITAM system will also perform lifecycle analysis, identifying obsolete and disposed devices.
Just as relying on the corporate law firm to develop advertising because lawyers can write, is a bad idea, so is relying on a systems management tool to perform IT asset management. Using the right tools for the job always gets the task done the right way.