Best Practices for Managing a Smaller Server Farm (Ideally without SCCM)

New Contributor

I work for a Non-Profit that raises funds for Children's Hospitals across the US and Canada, and we have about 40 Servers (all VMs on a Hyper-V cluster) that I'd like to improve how I manage and monitor.

The current process 

  • For new VMs, run a Powershell script that takes care of naming and installing the required software.
  • If a new app needs to be deployed I log into each server and do it.
  • Group Policy handles the basic configuration and permissions.
  • Azure Update Management (without WSUS) is set up for updates.
  • Use Windows Admin Center to manage VMs.

What I'd like to improve (mostly monitoring)

  • Ability to check versions of installed software on servers.
  • Report what Windows Updates are installed. Ideally, enter a KBID and get back what servers do/don't have it installed.
  • Push out new apps and monitor install status.

Reasons for trying to avoid SCCM

  • We don't currently have SCCM set up and since I am essentially a one-man show with a couple of Help Desk Techs I don't know if I have time to learn it, set it up, and manage it. And I'm less inclined to set up more complex infrastructure when our desired features seem light, especially compared to the full scope of what I think SCCM can do.
  • We are using full azure AD join and Intune for endpoints, and I don't really want a co-managed deployment that will affect our endpoints. (Unsure if comanagement is a requirement for using SCCM on the same domain synced to Azure AD.)
  • We are currently a Microsoft E3 licensed org with a couple of the E5 add-ons.
  • Over the next 5ish years I'm planning to move off of local AD to Azure AD entirely and severely cut down the amount of on-prem servers we have. Our needs and requirements are so light I haven't found anything Azure AD/M365 can't do for us with the existing licenses that we need so much on-prem infrastructure for.

Things I have thought of that might help but would like some suggestions/feedback before I dedicate time to one of these options.

  • Better PowerShell scripting skills to pull the data I want via scripts.
  • Log Analytics (Better KQL skills, knowing what data to send to Log Analytics)
  • Azure Functions to automate the deployment of apps/scripts
  • And maybe I'm just overestimating how complicated SCCM is and could use help getting a "basic set up" guide to get what I need out of the system.
0 Replies