Nexthink named Customer Choice in 2022 Gartner® Peer Insights Voice of the Customer Report. Read Report

Blog Post|3 minutes

How to Ensure SCCM Client Compliance on All Endpoints with Nexthink

How to Ensure SCCM Client Compliance on All Endpoints with Nexthink
February 9th

SCCM is one of the most business-critical applications—a must have on all the devices. Administrators use SCCM for endpoint protection, software distribution, and patch management. Any machine where the SCCM client is not functioning will be unable to receive necessary policies or application updates, which can create a significant vulnerability for your organization because this leads to compliance and security issues.

Check out how we ensure SCCM compliance with Nexthink in action.

Multiple software applications are pushed through SCCM, which raises the importance of this tool. That’s why we need to ensure compliance by

  • Checking and redeploying SCCM agent on all devices
  • Maintaining SCCM compliance with periodic checks

Nexthink can be used to meet the compliance of multiple applications like SCCM.

How to Improve SCCM Client Compliance

Let us look at how to improve SCCM client compliance. In the rest of this article we’ll review how you can identify devices without an SCCM agent and repair SCCM clients in 7 simple steps using Nexthink.

Step 1: Run an Investigation to identify the devices without the SCCM package by running the query in the NQL editor

NQL query

| include package.installed_packages
| where in ["Configuration Manager Client"]
| compute devices_with_sccm_installed =
| include
| compute all_devices =
| summarize Devices_without_SCCM = all_devices.sum()- devices_with_sccm_installed.sum()

Step 2: Next, click on the device count to run an investigation on the list of devices displayed

Step 3: Click on Investigate to display the Device Objects, which will pull a list of devices that do not have SCCM deployed

Step 4: Click on Devices to investigate the list of Devices Objects.

Step 5: In this step, you can use a remote action to push a redeployment of the SCCM client to the affected devices. First, select the devices on which you need to run the remote action and next, click Execute action. A popup should appear.

Step 6: On the pop up, click the remote action Install SCCM agent, this installs the agent on the selected devices.

Step 7: Click Run on 8 Devices to install an SCCM agent on the select devices.


These 7 steps will allow you to successfully install SCCM on non-compliant devices. Once you have completed this process, you must continue to conduct periodic checks to ensure SCCM compliance is maintained. This can be done by installing the Nexthink Library Pack MS ConfigMgr – Client Health. This library pack enables you to do several important things:

  • Invoke a remote action using Get SCCM Client Status, in order to check the SCCM status on all devices.
  • If you see any disruption in the SCCM services, you can invoke the remote action Restore SCCM Client, this restores SCCM-related client services (SMS Agent, BITS, WMI, etc.) and retrieves information about SCCM agent on devices
  • Use the remote action Invoke SCCM Client Auto-repair to start the auto repair of the SCCM client. Auto repair of the SCCM client should the restore SCCM agent fail to restart the SCCM services.