Top 50+ Latest SCCM Interview Questions and Answers

There is no Microsoft product called SCCM (officially). But many people use the name SCCM to refer to Microsoft Configuration Manager (MCM).

MCM is the product’s official name, previously known as System Center Configuration Manager(aka SCCM). It’s part of Microsoft’s Unified Endpoint Management (UEM) solution.

SCCM is an on-prem device management solution, and Intune is Microsoft’s cloud-based device management solution. According to Microsoft stats, most organizations use SCCM to manage their enterprise devices.

It is commonly used for patch management, software distribution, operating system deployment, hardware & software inventory, and much more.

SCCM architecture is not an easy topic to explain. But on a very high level, the SCCM has a Server Client based architecture.

You need to setup a server infrastructure for SCCM and then install SCCM client software on the client devices to manage those devices from SCCM.

SCCM server infrastructure follows a Tiered hierarchy a simple example would be:

1. Tier 1 – Standalone Primary Server
2. Tier 2 – Secondary Server
3. Tier 3 – Remote Site Components (MP, DP, SUP)

SCCM consists of three sites in its architecture. SCCM sites in this context are SCCM Site Servers. They are as follows:

1. CAS (Central Administration Site) Optional Component: CAS is a top-level site in the SCCM hierarchy. It is an optional site in the SCCM hierarchy. It is required when a number of clients are more than 150000, and there is more than one primary site.

It supports up to 25 child primary sites. Also, it can manage up to 700000 devices in the SCCM hierarchy. It can only be installed on a windows server and requires an SQL server database.
 
2. Primary Site (Mandatory): It is a mandatory site in SCCM. It can support more than 250 secondary sites. It can manage up to 150000 devices. It replicates its data to the CAS site if part of a hierarchy.
 
3. Secondary Site (Optional): It is also an optional site in the SCCM hierarchy. It can only be installed when there is Primary Site. It can support up to 5000 devices.

There are various SCCM Site Roles, and different SCCM site servers can have different types of Site System Roles.

Avoid mentioning site roles that you can’t explain. The easy and most important ones are MP, DP, and SUP.

1. Management Point (MP)
2. Distribution Point (DP)
3. Software Update Point (SUP)
4. SMS Provider
5. Service Connection Point

This is again a tricky question from the SCCM interviewer. So the person wanted to know how well you know the SCCM hierarchy.

Start answering the question with examples and then elaborate on each point as discussed in the above questions:

1. Site Servers are -> CAS, Primary Server, and Secondary Server.
2. Site System Servers are -> MP, DP, SUP, etc…

There are SIX discovery methods in SCCM. This doesn’t include the Azure AD discovery methods that are recently added to the SCCM:

The interviewer might ask to explain some of the discovery methods. So make sure that you are confident in these discovery methods.

Basically, SCCM discovery methods are to discover the devices/objects that you want to use in SCCM. As part of the discovery mechanism, SCCM will create an object for each discovered item in the SCCM SQL DB.

1.      Active directory system group discovery
2.      Active directory security group discovery
3.      Active directory user discovery
4.      Active directory system discovery
5.      Network discovery
6.      Heartbeat discovery

You need to install clients on discovered systems to manage them. There are different ways to install SCCM clients.

The best method is to install SCCM’s latest client using the Logon Script method or OS deployment. But the best method depends on the organization and environment that you are working on.

1. Client Push Installation
2. SUP based Installation
3. Group Policy based Installation
4. Logon Script Installation
5. Manual Installation
6. Upgrade Installation
7. During OS deployment process
8. Intune client installation method

The log file is ccmsetup.log from the SCCM client logs. The path for the log file is as follows: c:\windows\ccmsetup\.

The exit code (0) means the client installation is successful. The successful installation client doesn’t mean that the client is fully functional.

When the interviewer asks this question, you must be confident enough to answer this correctly. This is a bit tricky question because Microsoft named it a bit differently.

The two types of inventories are as follows:

1. Hardware Inventory: It collects information about the SCCM client’s software and hardware. Software and Hardware configurations are collected using the hardware inventory process.

2. Software Inventory: It collects file-based info from the SCCM client machine. But you don’t need to enable this inventory method to collect the installed application details from the Windows client computer.

We extend schema so that SCCM can publish info in Active Directory. Once the information is published SCCM client can get the associated MP and DP details from the AD system management container.

No, it’s not mandatory to extend the AD schema to SCCM to work. But the recommendation is to extend the AD schema to get the full functionality of SCCM.

You can set up other methods like DNS to locate services and site system servers when you don’t use an extended schema. These methods of service location require different configurations and aren’t the preferred method for service location by clients.

WSUS is the main component that SCCM uses for patching scenarios. SCCM alone can’t handle the patch deployment without WSUS integration.

WSUS (Windows Server Update Services) allows administrators to deploy Microsoft software updates (patches) to systems.

You can use WSUS as a standalone patching solution or integrate it with SCCM for better features and controls.

WSUS communicates with Microsoft Updates Service and syncs all the available updates into its server.

SUP is the SCCM site component (site system server). The SUP (Software Update Point) is a component of software updates.

A site system server role in the SCCM helps with the SCCM patching process. The SUP component is tightly integrated with WSUS to provide rich patch management capabilities.

This is the SCCM component that helps the SCCM server to configure WSUS without even opening the WSUS console.

SCCM CMG is the Cloud Management Gateway, another site system component that helps to manage internet-connected SCCM client devices without a very complex on-prem setup.

The Clients from the internet can contact the CMG assigned for that client and get the policies and all the other instructions without contacting the on-prem SCCM server infra.

SCCM CMG can also provide application content to the client devices using Cloud DP features available in the CMG.

SCCM collection is a group of devices or users so that you can deploy patches, applications, etc., to a group of devices or users.

There are different types of collections. You can’t mix two kinds of resources into one collection. The device collection will only have devices, and the user collection will only have users.

1. User Collection
2. Device Collection

There are different types of device/user collections:

1. Dynamic Collections
2. Static Collections

The CMPivot is a new in-console and standalone utility in SCCM that now provides access to your environment’s real-time state of devices.

The CMPivot uses KQL queries to get the real-time status from SCCM Online Clients.

Microsoft normally releases patches every 2^nd Tuesday of the month. The following is a very high-level view of the SCCM patching process.

NOTE! – All deploy patches to the small number of test devices first and confirm whether the devices receive the patch or not. This is the change management process that you need to follow. Once the patch is successfully deployed to those devices, you can deploy it to production devices.

1. WSUS runs the scheduled synchronization to get the metadata from Microsoft Catalogue with the help of WSUS.

2. WSUS connects to the Microsoft Update service to get the data. The SUP gets connected to WSUS and syncs metadata of patches with the SCCM console.

3. Based on the selected products and update categories, the required updates are as per the environment and requirement, you can create an SCCM Software Update Group and patch packages.

4. During the patch package creation process, the patches will be downloaded and stored on the SCCM server.

5. Once downloaded, you can deploy it to a collection of devices.

The Cloud Attach (aka tenant attach) is the option to leverage the combined power of Microsoft Endpoint Manager by connecting SCCM to Intune.

You can sync the device records from SCCM to Intune using the Cloud Attach feature. This feature also allows the management of SCCM clients from Intune portal. This mainly enables helpdesk team profiles to manage SCCM devices.

The SCCM Server Logs location is as follows: D:\Program files\Microsoft Configuration Manager\logs. TIP: Don’t install the SCCM server on C Drive.

SCCM Client logs Location is as follows: C:\Windows\CCM\logs. 

There are different SCCM log file reader tools. The one most commonly used is CMTrace.exe.

Onetrace (CMPowerLogViewer.exe) is the latest one that Microsoft is promoting with recent versions of SCCM.

Location of the Log Reader file <Install Directory>\Program Files\Microsoft Configuration Manager\tools\

The SCCM MP related logs are as follows: The location of the MP logs varies depending on the other server roles, etc.

1. MP log files at %ProgramFiles%\SMS_CCM\Logs\
2. Or Here %windir%\ccm\logs.

MPsetup.log: This log gives status if MP is installed.
MP-msi.log: MP.msi log is for advanced troubleshooting.
MPcontrol.log: This log checks whether MP works fine and clients can communicate with it.

The SMS Provider is the SCCM component that helps to establish the connection between WMI and SCCM SQL DB.

The SMS provider is a site system server; you can install it on a remote server. SMS provider functionality is required for SCCM Console connectivity.

You can initiate the SCCM manual backup using the following method.

1. Open services.msc
2. Look for the service called sms_site_backup and start this service.

One can also check smsbackup.log for any warnings or errors.

You can manage Windows 10 or Windows 11 devices simultaneously with SCCM and Intune device management solutions without conflicts. This feature of the Windows operating system is called co-management.

Co-management is dual management (with SCCM and Intune) capability available with Windows 10 1709 version (Fall Creators Update).

You can check the Inventoryagent.log on the SCCM client logs.

First, check whether the policy is received or not by the client. If the policy is received, then check policy is evaluated or not using the policy evaluator.

You can get the deployment ID and check it with Appenforce.log and App_discovery.log.

SCCM Task Sequence is used to deploy a group of applications or deploy the Operating System to devices.

1. SMSTS.log is the log file that helps you to get the details of Task Sequence failure.

1. First, check whether the application is distributed to the DP or not. The log files on the server side – (Dstmgr.log and PkgXferMgr.log)
2. Check whether the client can reach the DP or not. After this, check CAS.log and locationservices.log.

You need to check the log files related to application deployment from the SCCM side Appenforce.log and App_discovery.log.

Some of the application provides additional app-specific logs in different location. One example is given below. Open the below-mentioned log, and it shows the status why it is getting failed:

C:\ Windows\Temp\Date\Unique ID

SCCM Content Library is where the content of the applications, patches, and OS images is stored.

Content Library included in SCCM from 2012. It stores everything related to SCCM at the distribution point. The content library does not store duplicate content that is already available.

The Content library consists of three folders:
i) Pkg lib
ii) Data lib
iii) File lib

You will have to check SMSDPPROV.log at remote DP. The location for the same is as follows:

SMSdpprov.log on remote DP (Windows 11 PC) – Location of the log

Drive:\SMS_DP$\sms\logs.

You can check the SCCM log called SMSdpusage.log on remote DP. This helps to monitor the usage of the DP.

Location of the log Drive:\SMS_DP$\sms\logs.

The following is a very high-level view of the SCCM patching process. The logs to check on the SCCM client side are as follows.

a) Policyagent.log
b) Scanagent.log
c) Wuahandler.log
d) Windowsupdate.log (Use PowerShell to enable this logging)
e) Updatedeployment.log
f) Updatestore.log

The Rebootcordinator.log is the log that you have to check on the SCCM client logs to check whether the restart is needed for the client or not.

You can also check Wuahandler.log and Updatedeploymen.log for the same.

The logs to check for application deployment at the client side are as follows:

a) Policyagent.log
b) Appdiscovery.log
c) AppIntentEval.log
d) AppEnforce.log

You can refer to Policyagent.log to check DTS (Data Transfer Service) Job Id from the SCCM Client logs folder. Data Transfer Service (DTS) downloads the application content from DP using BITs.

The PkgXMgr.log is the log file (from the DP server side log folder) you must check to get Content Id details.

If the application is not showing in the SCCM Software Center, then possible cases are as follows:

a) Check if the user or system is in the correct Collection.
b) Check the device’s state, i.e., online or offline.
c) Check the SCCM client connectivity with server/firewall/proxy.

There could be many reasons for the scan failures. Some of the most common issues for the same are given below:

a) Wrong Group Policy Configurations 
b) Wrong proxy configuration
c) Firewall Issues
d) Wrong port Configuration
e) Data corruption
f) Windows Update Agent (WUA) version issues

The most common ports used for SCCM server and client communication are 80 (HTTP) and 443 (https).

It’s important to understand other Firewall port communications required between SCCM server infra and client devices.

You have different options for creating an SCCM application detection method. The different detection methods are as follows:

a) File System
b) Registry
c) Windows Installers
d) Custom Detection

SCCM Boundary is a network location available within your enterprise network parameter. There are different types of boundaries, as listed below.

1. Active Directory site name
2. IP subnet
3. IP address range
4. IPv6 Prefix.

SCCM client policy is the set of instructions the server sends to the client. Based on those instructions, the SCCM client agent initiates actions at the client’s end.

There are different types of client actions available:

1. Application Deployment Evaluation Cycle
2. Discovery Data Collection Cycle
3. Hardware Inventory
4. Machine Policy Retrieval & Evaluation Cycle
5. Software Updates Deployment Evaluation Cycle
6. Software Updates Scan Cycle
7. User Policy Retrieval & Evaluation Cycle
8. Windows Installer Source List Update Cycle

Background Intelligence Transfer Service (BITS) transfers the data between the SCCM Server and the client. Data Transfer Service (DTS)

Data Transfer Service downloads the application content by creating a BITS job and waiting for the download to complete.

This BITs activity can be tracked in DataTransferService.log on the client using the DTS Job ID obtained from ContentTransferService.log.

You have the option to upload the PowerShell scripts to SCCM and deploy the script using the right-click option from the device collections.

You can create and deploy SCCM PowerShell Script using SCCM run script options. This is the quickest method to deploy fixes without waiting for the client’s policy evaluation cycle.

Windows servicing is the feature that helps enterprises to upgrade from one version of Windows 10 or Windows 11 to the next version using the Windows Servicing mechanism.

SCCM Windows servicing is the modern way of upgrading Windows 10 or 11 PCs to the latest version of Windows 10 or 11 without using the in-place upgrade (IPU) Task Sequence.

SCCM Community Hub is the central location within your SCCM console where you can share useful SCCM objects with other admins.

The community hub helps to avoid downloading and creating CMPivot queries, Scripts, Console extensions, and Reports from scratch. Microsoft built a community hub in SCCM where SCCM Admins can share.

Maintenance windows provide administrators with a way to define a period of time that limits when changes can be made on the systems that are members of a collection.

The maximum duration of maintenance windows is 24 hours; if you have an entire weekend as a maintenance window, you have to create two schedules.

SCCM BDP is the Branch distribution point. BDP provides an option to avoid full-fledged DP in 100s of remote branch offices.

This helps with package distribution to a small office with limited bandwidth. The Branch DP takes the content from the standard distribution point.

Every 90mins User Group Policy is refreshed/applied in the background by itself. You can, however, modify or change this refresh interval time for both users or computers through group policies.

Software Inventory collects files from the client machine and database.

Software inventory is collected when you select the Enable software inventory on clients setting in client settings. Software inventory is enabled, and the client runs a software inventory cycle, which sends the information to the client’s management point. Management points forward inventory information to Configuration Manager site servers, which store it in the site database.

The site to which clients are directly assigned is Primary Site.

The All Unknown Computers collection has two objects which represent records in the database. It enables users to deploy OS to their PC that is not managed by a configuration manager.

Monitoring Node.

Management Point.

Heartbeat Discovery. In the hierarchy, heartbeat discovery runs on a schedule configured for each client. Heartbeat discovery is scheduled every seven days by default.

5120 MB of disk space is the default size of the client cache. However, you can specify the cache folder size using client settings in the Configuration Manager console. And, %windir%/ccmcache is the default location for the Configuration Manager client cache.