I am investigating the different solutions available to manage GPOs.
I see that Microsoft proposes two tools, which are AGPM (Advanced Group Policy Management), part of the Desktop Optimization Pack and SCM (Security Compliance Manager).
I see benefits of both: - AGPM provides change management capabilities for GPOs, which is very valuable for any environment - SCM provides Microsoft baselines and guidance to best configure the settings
What I don't really understand is if both tools can be used together, and if yes, how?
AGPM is a GP Management Console add-on that gives versioning, editing with out auto-applying "offline editing", and more granular delegation. It's only useful IMO if you've got more then 2 people editing the same GPO's or you need to delegate out specific GPO's to different people (more then a few). We had a large support team for 4,000 computers but only a core of 3-5 that edited GPO's and found that our existing process of "test first, then tell everyone you changed it" was enough to not justify AGPM. AGPM only affects the editing and management client.
SCM is a tool run by GPO managers that once you've got settings the way you want, it will export to a GPO for enforcing a security policy. It's security focused and is more about hardening your environment or creating specific use cases. It's also not just for GPO's.
As far as I know they are not related, solve two different problems, and (I assume) wouldn't affect each other.