Hi and thanks for the replies!
@ _Brian:
The component is installed on each client, but has no policy assigned. Hence it is not active.
@ Rafeeq:
At least I did not send any command to disable NTP via SEPM.
Since I'm not in the office anymore, I will check tomorrow at a client that shows "Disabled by Policy".
In the end, what I don't understand is the mixed status of the components on each client. This is what confuses me and really holds me back from upgrading the 12.1.1 environment to 12.1.4
But then again, does it make sense at all, that on the environment with 12.1.1 SEPM and clients (configuration all the same, except the release version of SEPM and clients) all show "Enabled"?