When Microsoft Intune was introduced, many feared that this would be the end of Microsoft System Center Configuration Manager (SCCM) as the IT industry moved towards being completely cloud-based. However, with the announcement of Microsoft Endpoint Manager, a solution that merges SCCM and Intune, Microsoft has ensured that SCCM’s functionalities are here to stay. In this post, let’s see Third-party Patch Management with WSUS.
Related Post – Future of SCCM ConfigMgr Intune Admin Jobs
If this development doesn’t matter much to you, there’s a good chance you’re relying on simpler, less complex freeware—Windows Server Update Services (WSUS)—to carry out your day-to-day patch management tasks.
WSUS and SCCM Relationship status:Complicated
Patching is the very first step in securing any enterprise network. In addition to that, patching makes software fast, efficient, and stable. Many vendors provide end-to-end patch management, and Microsoft is at the top of the pyramid. It offers three ways to patch Windows systems:
- Windows Update: A service for non-enterprise users to receive automatic bug fixes and updates.
- WSUS: Centralized patch management freeware built into Windows Server.
- SCCM aka Microsoft Endpoint Configuration Manager (MECM): A complete system management solution that includes patch management, software deployment, and more.
Of these three offerings, SCCM might seem like a sensible choice for an enterprise, but there’s a catch: SCCM uses WSUS’ infrastructure to perform patch management operations.
So, if you don’t need the additional features that SCCM offers, it’s wise to stick with WSUS for free patch management.
Third-party patch management in WSUS
WSUS is a simple, efficient, and reliable solution that provides centralized management of all Microsoft updates in your enterprise at no additional cost. But is everything rainbows and butterflies with WSUS? Not. WSUS has one major drawback, which is that it doesn’t offer support for third-party patching.
With cyberattacks increasingly targeting third-party applications, failing to patch the vulnerabilities in these applications can be a real threat to any enterprise.
ManageEngine Patch Connect Plus has recently introduced a feature that enables the deployment of third-party patches directly through WSUS without the need for an SCCM infrastructure. Patch Connect Plus, a comprehensive tool for third-party patch management, offers automated third-party patching, customized deployment with pre and post-scripts, detailed deployment reports, and support for over 350 third-party applications.
Its reliability and ease of use make Patch Connect Plus the perfect partner to WSUS. Start your 30-day, free trial Patch Connect Plus now!
Resources – Patch Management
- SCCM WSUS Cleanup – Fix SCCM Scan Timeout Errors
- SCCM Third-Party Software Updates Setup Step by Step Guide Post Video Guide
- Free SCCM Catalog List – SCCM Third-Party Updates Post 2
- Background Process flow with Logs – SCCM Third-Party Software Updates – Post 3
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a logger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…