Introduction
Are you looking for a more efficient way to manage third-party software updates in your organization? Look no further! With the latest update to ConfigMgr Current Branch 1806, you can now easily enable and deploy third-party software updates directly from within ConfigMgr. In this article, we will walk you through the process of configuring this new feature and getting it up and running in no time. So, let's get started!
Why use ConfigMgr and third-party software updates catalogs
Staying current with the latest versions of the applications you deploy in your organization is crucial. ConfigMgr provides various methods to achieve this, but they can be time-consuming and require a lot of management. Luckily, third-party vendors offer catalogs that provide access to the latest versions of applications, making it easier for ConfigMgr administrators to stay up to date. Some popular vendors offering catalog services include Flexera Software, Patch My PC, Ivanti Patch for SCCM, and ManageEngine. Before choosing a vendor, make sure they offer a software update catalog for third-party patching that suits your needs.
Infrastructure requirements before enabling third-party software updates
Before enabling the third-party software updates feature, it's essential to ensure that your environment is properly configured. Here are the requirements:
- The Software Update Point can run in either HTTP or HTTPS when located on the Primary Site server. If running on a remote server, it must be set up in HTTPS mode.
- Internet access to download.microsoft.com over HTTPS and port 443 for the partner list managed by Microsoft.
- Client Settings deployed that enable the new Third-party Software Updates feature.
- Access to a partner or third-party catalog to sync software updates.
To enable this feature, a new Third-party Software Updates synchronization server will be running on the Site server. This server is responsible for updating the list of available catalogs, downloading subscribed catalogs, and downloading software updates from the catalogs when published.
Enable Software Update Point with HTTPS
Enabling the Software Update Point with HTTPS requires some additional configuration. For detailed instructions on how to configure a Software Update Point to use SSL for communication with WSUS, refer to the documentation.
Enable Third-party Software Updates feature
To enable the Third-party Software Updates feature in ConfigMgr, follow these steps:
- Navigate to the Administration - Site Configuration - Sites node and select your Site server.
- Click on "Configure Site Components" in the ribbon menu and select "Software Update Point" component.
- Select the "Third Party Updates" tab and configure the necessary settings.
- Choose whether to let ConfigMgr manage the WSUS signing certificate for you or manually manage the certificate. Refer to the provided instructions for manual certificate management.
- Click OK.
After enabling this feature, you will see the HP Client Updates Catalog automatically added to the Third-Party Software Update Catalogs node. Microsoft will continue to expand the built-in list of catalogs in future releases.
Enable Client Settings
Before adding custom catalogs, you need to enable the Third-party Software Updates feature in the Client Settings as well. Here's how:
- Navigate to Administration - Client Settings and open the properties of the settings policy.
- In the Software Updates section, select "Yes" in the "Enable third party software updates" drop-down menu.
Add a custom catalog
Now that all the configuration is in place, you can add a custom catalog to the Third-party Software Updates feature. Follow these steps:
- Navigate to Software Library - Software Updates - Third-Party Software Update Catalogs.
- Right-click on Third-Party Software Update Catalogs and select "Add Custom Catalog".
- Enter the required details in the Third-Party Software Updates Custom Catalogs wizard and click Next.
- Review the summary and click Next.
- On the completion page, click Close.
- The new custom catalog will now be visible in the Third-Party Software Update Catalogs node.
Congratulations! You have successfully added a custom catalog. Next, we will learn how to subscribe to the catalog and download the software updates.
Subscribe to a custom catalog
Once you have added a custom catalog, it's time to subscribe to it. Here's how:
- Navigate to Software Library - Software Updates - Third-Party Software Update Catalogs.
- Right-click on the catalog you wish to subscribe to and select "Subscribe to Catalog".
- The Third-Party Software Updates wizard will appear. Verify the information and click Next.
- On the Download page, ensure that the wizard can successfully download the catalog and click Next.
- Review and approve the certificate from the catalog. Once reviewed and approved, select the checkbox indicating that you have read and understood the message, and click Next.
- On the Summary page, click Next.
- On the Completion page, click Close.
The custom catalog has now been approved and downloaded. It's time to synchronize and publish the software updates to the Software Update Point.
Synchronize software updates from custom catalog
To synchronize the software updates from the custom catalog, follow these steps:
- Navigate to Software Library - Software Updates - Third-Party Software Update Catalogs.
- Right-click on the catalog you wish to sync and select "Sync now".
- Click Yes in the popup window that appears.
- The synchronization process will be initialized.
- Follow the synchronization process in the SMS_ISVUPDATES_SYNCAGENT.log log file located in
/Microsoft Configuration Manager/Logs. - Navigate to Administration - Site Configuration - Sites and select the Software Update Point component.
- Ensure that you've enabled the products published from the custom catalog on the Products tab and click OK.
- Navigate to Software Library - Software Updates. Right-click on All Software Updates and select "Synchronize Software Updates".
- Follow the synchronization process in the wsyncmgr.log log file located in
/Microsoft Configuration Manager/Logs. - Once the synchronization is complete, the software updates from the custom catalog will be available in the All Software Updates node.
Congratulations! The software updates from the custom catalog are now published to the Software Update Point and synchronized into ConfigMgr. You can proceed to manage these updates by deploying them to clients.
Deploy third-party software updates
To deploy a software update from a custom catalog, follow these steps:
- From the Software Library - Software Updates - All Software Updates node, search for the desired software update.
- Right-click on the software update and select "Publish Third-Party Software Update Content".
- Click OK and follow the content publishing process in the SMS_ISVUPDATES_SYNCAGENT.log log file.
- After the content publishing process is complete, perform another synchronization of the Software Update Point from the All Software Updates node by selecting "Synchronize Software Updates".
- Refresh the All Software Updates node.
- Search for the software update item again and notice that the icon has changed from blue to green.
- Right-click on the software update item and select "Deploy". Complete the necessary steps to deploy the software update to a device collection.
End user experience
Finally, let's take a look at the end user experience. After the software update is deployed, end users will see the update available in Software Center. They can choose to install the update, and the ConfigMgr agent will automatically install the necessary certificates and ensure that the "Allow signed updates from an intranet Microsoft update service location" GPO policy setting is properly configured.
That's it! You have successfully configured and deployed third-party software updates with ConfigMgr. This new feature streamlines the process, making it easier and more efficient for you to stay current with the latest software updates. So why wait? Start leveraging this powerful feature today and enjoy the benefits of a more streamlined software update management process.
