Hello gentlemen,
I'm facing a difficult questions from a customer: he uses PatchMyPC since a few weeks to update third party applications and loves it ! but on Windows updates side, he has too many mobile users that rarely connects on the company network so he wants to keep the Windows updates to Microsoft public update points. When we setup the GPO to allow device to connect on Microsoft Update and automatically check the updates there, the Software Center do not update the Third Party applications using PatchMyPC catalogs. Is there a way to have both working in parallel ?
- Windows update agent going over public Microsoft for Windows Updates
- SCCM client checking internally for Third Party based on PatchMyPC database
Thank you in advance
There are a lot of options in this space.
The way many companies are taking care of this nowadays is to set up a CMG and distribute the update content to the CMG.
There is a great Technet article here: https://techcommunity.microsoft.com/t5/configuration-manager-blog/managing-remote-machines-with-cloud-management-gateway-in/ba-p/1233895
Windows Update for Business will work with 3rd party patches as well, please see here: https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/integrate-windows-update-for-business-windows-10
Thank you for the answer !
I don't really like CMG as it uses classic Azure resources. Microsoft is not clear about the future of this feature.
Windows Update for Business seems the way to go. We tried to setup it but it looks like it requires the devices to be Azure AD joined for the Analytics as prerequisites ? We can't enable that part and without Desktop Analytics it seems it doesn't work.
The CMG will continue to be supported by Microsoft, despite using some classic features. It is your best solution for delivering third party updates to an internet based device if you are also using Configuration Manager. You will not see the CMG feature lose support any time in the foreseeable future. You may see them migrate away from the Classic deployment method, but they would provide a migration path to ensure existing class-based customer can moved to the newer implementation and retain support.
As for WuFB, you will definitely need the machine to be Azure AD joined in order to use the feature.