Third-party Patch Management with WSUS|SCCM

When Microsoft Intune was introduced, many feared that this would be the end of Microsoft System Center Configuration Manager (SCCM) as the IT industry moved towards being completely cloud-based.

However, with the announcement of Microsoft Endpoint Manager, a solution that merges SCCM and Intune, Microsoft has ensured that SCCM’s functionalities are here to stay.

In this post, let’s see Third-party Patch Management with WSUS.

Related PostFuture of SCCM ConfigMgr Intune Admin Jobs

If this development doesn’t matter much to you, there’s a good chance you’re relying on simpler, less complex freeware—Windows Server Update Services (WSUS)—to carry out your day-to-day patch management tasks.

WSUS and SCCM Relationship Status: Complicated

Patching is the very first step in securing any enterprise network. In addition to that, patching makes software fast, efficient, and stable. Many vendors provide end-to-end patch management, and Microsoft is at the top of the pyramid. It offers three ways to patch Windows systems:

  • Windows Update: A service for non-enterprise users to receive automatic bug fixes and updates.
  • WSUS: Centralized patch management freeware built into Windows Server.
  • SCCM aka Microsoft Endpoint Configuration Manager (MECM): A complete system management solution that includes patch management, software deployment, etc.
Patch Management with WSUS
Patch Management with WSUS

Of these three offerings, SCCM might seem like a sensible choice for an enterprise, but there’s a catch: SCCM uses WSUS’ infrastructure to perform patch management operations.

So, if you don’t need the additional features that SCCM offers, it’s wise to stick with WSUS for free patch management.

Third-party patch management in WSUS

WSUS is a simple, efficient, and reliable solution that provides centralized management of all Microsoft updates in your enterprise at no additional cost. But is everything rainbows and butterflies with WSUS? Not. WSUS has one major drawback: it doesn’t offer support for third-party patching

With cyberattacks increasingly targeting third-party applications, failing to patch the vulnerabilities in these applications can be a real threat to any enterprise.

ManageEngine Patch Connect Plus has recently introduced a feature that enables the deployment of third-party patches directly through WSUS without the need for an SCCM infrastructure.

Patch Connect Plus, a comprehensive tool for third-party patch management, offers automated third-party patching, customized deployment with pre and post-scripts, detailed deployment reports, and support for over 350 third-party applications.

Its reliability and ease of use make Patch Connect Plus the perfect partner for WSUS. Start your 30-day free trial Patch Connect Plus now!

Resources – Patch Management

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.