šŸ’€ SCCM Is Dead. Long Live the Cloud Overlord Intune.

aka: How Microsoft replaced Task Sequences, PXE and sanity with Graph APIs, JSON logs and Azure blobs

šŸ¦“ SCCM: the glorious beast of bare metal and BIOS-level mayhem

šŸ§  Architecture recap:

SCCM (System Center Configuration Manager) is the lovechild of legacy infrastructure and deep surgical control:

  • SQL Server ā€” the brain of everything: device state, deployments, compliance

  • Management Point / Distribution Point ā€” the artery and warehouse

  • PXE + WDS ā€” the imaging cult, letting you rebuild machines from boot

  • WSUS integration ā€” for those who like patching to feel like trench warfare

  • Client Agent ā€” fat, powerful, self-healing (ccmrepair.exe for life)

You could deploy a driver pack, BIOS settings, a full OS image, a language pack, an app bundle, and a branded wallpaper ā€” in one Task Sequence. While playing Doom on the side.

SCCM didnā€™t need internet. It needed grit.

ā˜ļø Intune: cloud-native, JSON-fueled, and spiritually allergic to MSI

Microsoft Intune is not SCCM 2.0 ā€” itā€™s a different religion:

  • Based on Azure AD and MDM channels

  • Uses Configuration Service Providers (CSPs) to apply policies

  • Runs Intune Management Extension (IME) for Win32 deployments

  • Wraps everything in .intunewin, because MSI was apparently ā€œtoo simpleā€

  • Logs to JSON files that live in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\

Everything is wrapped in layers of ā€œcompliance,ā€ ā€œremediation,ā€ and ā€œhope it worked.ā€

šŸ’£ Deploying software: itā€™s not plug-and-play, itā€™s plug-and-pray

In SCCM:

powershell
New-CMApplication -Name "CoolApp" -DeploymentType MSI -InstallationProgram "msiexec /i cool.msi /qn"

Assign to a dynamic device collection, schedule it, boom ā€” done.

In Intune:

  1. Package your app via IntuneWinAppUtil.exe

  2. Upload to the MEM portal

  3. Configure detection logic

  4. Define return codes

  5. Assign to Azure AD group

  6. Waitā€¦ and maybe it installs

If it doesnā€™t install, you get ā€œError (0x87D1041C)ā€ and a lesson in humility.

There is no rollback, no pre-caching, and every edit means repackaging the whole damn thing.

šŸ§¬ Intune Management Extension: your fragile cloud agent overlord

IME runs as a Windows service. It:

  • Polls the Intune service for assignments

  • Downloads blobs over WinHTTP

  • Executes scripts and installers

  • Logs events in 3 different places

  • Frequently gets stuck, silently fails, and doesnā€™t retry

The AgentExecutor.log is your only friend. And it speaks in riddles.

šŸš« PXE is dead. Welcome to Autopilot, your new not-quite-OSD friend

Windows Autopilot is not imaging. Itā€™s ā€œcloud onboardingā€:

  • Uses hardware hashes or PKIDs

  • Pulls enrollment profiles from Intune

  • Boots into a vanilla Windows image, then starts ESP (Enrollment Status Page)

  • Installs apps via IME + policies + prayers

Itā€™s slick on paper, useless on an airgapped network, and terrifying when Wi-Fi cuts mid-onboarding.

Thereā€™s no support for:

  • BIOS flashing

  • Driver staging

  • Offline deployment

  • Customized partitioning

In short: Autopilot is for the Surface Pro generation, not warehouse floors.

āš™ļø Co-Management: the diplomatic hell between old and new

Microsoftā€™s “co-management” lets you run SCCM and Intune simultaneously:

  • Assign certain workloads (apps, updates, compliance) to Intune

  • Keep Task Sequences and on-prem stuff in SCCM

  • Requires Cloud Attach, Azure AD Join, token juggling, and a 300-page onboarding doc

Itā€™s a band-aid, not a bridge. And it will break in the worst possible moment.

šŸ’ø What about pricing?

  • SCCM: Covered under Core CAL Suite or standalone

  • Intune: Requires Microsoft 365 E3/E5 or Intune Suite

  • Intune Suite: Add-ons like Endpoint Privilege Management, Remote Help, advanced analytics

  • Deployment of your own app with admin elevation? Thatā€™ll be $5/user/month, sir.

Microsoft turned right-click ā€œRun as adminā€ into a subscription feature.

šŸ§  Final Breakdown

Feature SCCM Intune
OS Deployment PXE, Task Sequence, offline Autopilot only, online
App Deployment MSI, Script, EXE, TS .intunewin, Store, LOB, web apps
Logs & Diagnostics SSRS, CMTrace, WQL, SQL JSON, Kusto, guesswork
Deployment Speed Fast, local DP, cacheable Slow, cloud only
Rollback / Reinstall Yes (TS/CI) Not really
Offline support Yes āŒ
Network controls Rate limits, DP boundaries āŒ
Script flexibility Full PowerShell CSP-based + some PS, no logic chains

šŸ§Ø Summary:

SCCM is a flamethrower.
Intune is a scented candle in a hurricane.

Microsoft isnā€™t replacing SCCM. Itā€™s dismembering it, wrapping the limbs in Graph APIs, and selling them back to you as individual cloud services.

If your job was deploying custom apps via PXE in 17 steps ā€” itā€™s time to learn YAML, become friends with AgentExecutor.log, and cry in Azure Monitor.