Lately we regularly have chats with customers about SCOM as an application and the security measures it has.
For example if TLS1.2 is supported, because customer wants to turn older versions off. Another example is question if agents are authenticated and if traffic is encrypted while in transit.
Yesterday Bhavna Appayya from the SCOM product group made a post about all this and it can be found below:
Secure your Infrastructure Monitoring with SCOM – Microsoft Tech Community
She discusses the authentication, Kerberos, TLS1.2 , SDL standards, SHA-2, the possibility to use gMSA accounts, the service logon for service accounts, and the new audit possibilities.
I hope it makes things a bit more clear that also SCOM is a good application to work with and can be used in a secure way.