Extracting real value from SCCM and Intune with ITAM Tools

Nearly every IT department uses some form of a systems management tool (SMT) such as Microsoft's System Center Configuration Manager (SCCM) or Microsoft Intune, but too many rely on their systems management software to perform IT Asset Management (ITAM) functions. SMT's do the things they are designed for very well, but are not a substitute for a comprehensive ITAM or Software Asset Management (SAM) solution.

By using flexible ITAM and SAM tools that easily integrate external data and have a dynamic report writer, IT pros can extract real value from their SCCM and Intune investment.

System Center Configuration Manager (SCCM) and Intune both discover networked devices, including servers, client PCs and mobile devices, connected to your system through Active Directory or Microsoft Entra. These tools install client software on each node. Then it compiles an inventory database with records of each asset and the software installed on each device, along with details of hardware configurations. It uses this data to target application deployments to groups of devices or users.

SCCM provides application recognition capability, which is necessary to get a usable understanding of what software is installed across the IT estate. SCCM's inventory agent can also collect application usage data, which shows what software is not only installed but actually being used. All of these are important pieces of an overall software asset management (SAM) and license optimization program, but knowing what is installed is only the first step in the process.

Intune maintains a list of "managed" software titles, and no additional information about these titles is provided making it difficult to utilize Intune software data for managing a Software Asset Management (SAM) program. xAssets Intune customers solve this problem by deploying xAssets Network Discovery to provide a detailed inventory of all devices including the software on them.

Many SMTs have reporting capabilities built in, which lead some IT managers to rely on the SMT for hardware and software discovery and inventory. Therein lies the making of a problem:

System Management Tools do not do ITAM !

SMTs are not designed to collect or report detailed system information. Their main purpose is to get software out to the endpoints and provide some level of network protection; they are not designed to thoroughly interrogate those endpoint devices.

There is a world of difference between the information generated by a solution that is primarily designed to deploy software across a network and one that is intended to "join financial, contractual and inventory functions to support life cycle management and strategic decision making for the IT environment." ITAM solutions do not manage systems well and SMTs do not perform ITAM tasks well. However, combined, they make a superb team.

System Center and Intune both represent a great strategic decision for taking control of your IT infrastructure. The software requires a substantial investment of time and money but for large environments the returns are substantial and worthwhile. A few years ago a paper was published suggesting that an organization running 50,000 clients could save 5,500 man hours per year and $290,000 USD plus some additional one-time savings.

Integration for the complete solution

A small additional investment in a full lifecycle ITAM tool can give you a much bigger return by giving you visibility and organizational control over those assets through functions that are not available in SCCM or Intune.

Another important consideration is that not all the data needed to manage an IT operation successfully exists in that one tool - SCCM or Intune.

Modern organizations will have data in several systems including

• SCCM or Intune
• Mobile and Apple devices are held in JAMF, Cisco Meraki or Kandji
• Virtual Servers and other cloud assets are held in Amazon Web Services, Google Cloud, Azure
• Active Directory and Azure Active Directory
• Other apps, whether local or in the cloud

An effective IT Asset Management implementation must pull data from all sources that contain IT assets, otherwise decision making could be based on incomplete intelligence.

Using two or more solutions raises the question about data consistency and integrity. Management needs to have one, reliable, accurate source of information regarding the IT infrastructure. If hardware devices, including network infrastructure components such as switches and routers, are omitted then decisions regarding upgrades, and disposals are impacted. If software licenses and installations are missed, software license compliance is impacted. Manual reconciliations of two systems are difficult, time consuming, and prone to errors.

A competent ITAM solution will utilize the data collected by the SMT and combine it with the discovery and inventory data, eliminating duplicates and providing a complete detailed inventory of the network. Moreover, an agentless ITAM solution will scan every device detected and will report those devices without an agent, or in which the agent has been removed or is corrupted. Where an SMT solution may report the make, model and quantity of the discovered devices, the ITAM solution will report the discovery date, asset type, serial number, description, asset number (bar code), OS version, disk space, processor type, physical location, user name, asset value, warranty expiry dates, and relationships (and a whole lot more!)

The following Venn diagram illustrates the real benefit of using an ITAM solution in conjunction with a systems management tool.

The same applies to software. Consider the following SCCM report:

It displays the title, vendor version, software category, family and state. It's good enough to define what is on the system, but hardly adequate for an audit or for a licensing analysis.

The equivalent from Intune leaves much more to be desired. It gives a cryptic title, and version; not sufficient for a SAM program!

Now consider the level of detail generated by xAssets' ITAM solution that has imported software information from SCCM.

The inventory, plus all the relevant licensing information, is displayed in a format that can be used by IT managers to identify problems and make decisions regarding software acquisitions.

Working together

The benefits of utilizing both a systems management tool and an IT asset management tool are numerous. Beyond generating actionable intelligence about the entire IT infrastructure, a complete ITAM solution can be used to discover and report on devices with faulty or no agent. It scans every device, even those which may not support an agent. Software titles are normalized, creating accurate information crucial in performing license reconciliation. Moreover, the ITAM solution is designed to create a wide range of standard and customized reports that provide in-depth information to management. The ITAM system will also perform lifecycle analysis, identifying obsolete and disposed devices.