Microsoft Endpoint Configuration Manager (MECM)

Community Platform

runZero integrates with Microsoft Endpoint Configuration Manager (MECM), formerly System Center Configuration Manager (SCCM), by importing data from the MECM MSSQL database. This integration allows you to sync data about your devices from MECM, making it easier to find unmanaged devices in your network.

Getting started with MECM

To set up an integration with MECM, you’ll need to:

  1. Identify or create a database user with read access to the MECM database.
  2. Configure the MECM credential in runZero.
  3. Choose whether to configure the integration as a scan probe or connector task.
  4. Activate the integration to pull your data into runZero.

Step 1: Identify or create a database user for access to MECM

  1. Identify an existing database user with read access to the database.
  2. Alternatively, create a dedicated read-only database user for this integration. More details on creating a new database user can be found in Microsoft’s documentation - Create a database user.

Step 2: Add the MECM database connection string to runZero

  1. Go to the Credentials page in runZero.
  2. Choose MECM Database Connection String from the list of credential types.
  3. Provide a name for the credential, like MECM.
  4. Provide the database connection string, using one of the following formats:
    • Server=<host:port>;Database=<database-name>;User Id=<user-id>;Password=<password>;
    • sqlserver://username:password@host/instance?database=value&param=value
  5. If you want other organizations to be able to use this credential, select the Make this a global credential option. Otherwise, you can configure access on a per-organization basis.
  6. Save the credential.

You’re now ready to set up and activate the connection to bring in data from MECM.

Step 3: Choose how to configure the MECM integration

The MECM integration can be configured as either a scan probe or a connector task. Scan probes gather data from integrations during scan tasks. Connector tasks run independently from either the cloud or one of your Explorers, only performing the integration sync.

Step 4: Set up and activate the integration to sync data

After you add your MECM credential, you’ll need to sync your data from MECM.

Step 4a: Configure the MECM integration as a connector task

A connection requires you to specify a schedule and choose a site. The schedule determines when the sync occurs, and the site determines where any new assets are created.

  1. Activate a connection to MECM. You can access all available third-party connections from the integrations page, your inventory, or the tasks page.
  2. Choose the credentials you added earlier. If you don’t see the credentials listed, make sure the credentials have access to the organization you are currently in.
  3. Enter a name for the task, like MECM Sync (optional).
  4. Choose the Explorer to perform this connector task from (optional).
  5. Choose the site you want to add your assets to. All newly discovered assets will be stored in this site.
  6. Enter a description for the task (optional).
  7. If you want to exclude assets that have not been scanned by runZero from your integration import, switch the Exclude unknown assets toggle to Yes. By default, the integration will include assets that have not been scanned by runZero.
  8. Schedule the sync. A sync can be set to run on a recurring schedule or run once. The schedule will start on the date and time you have set.
  9. Activate the connection when you are done. The sync will run on the defined schedule. You can always check the Scheduled tasks to see when the next sync will occur.

Step 4b: Configure the MECM integration as a scan probe

You can run the MECM integration as a scan probe so that the runZero Explorer will pull your MECM devices into the runZero Console.

In a new or existing scan configuration:

  • Ensure that the MECM option is set to Yes in the Probes and SNMP tab and change any of the default options if needed.
  • Set the correct MECM credential to Yes in the Credentials tab.

Step 5: View MECM assets

After a successful sync, you can go to your inventory to view your MECM assets. These assets will have a Microsoft icon listed in the Source column.

To filter by MECM assets, consider running the following queries:

Click into each asset to see its individual attributes. runZero will show you the attributes gathered from MECM.

Updated