Third-Party Updates in SCCM/MECM

SCCM/MECM supports publishing and deploying third-party updates for applications such as Adobe Reader, Java, Chrome, and other non-Microsoft software. This extends patch management beyond Windows and Office to ensure a more secure environment.

Overview

Third-party software often contains vulnerabilities that need timely patching. By integrating third-party updates into SCCM, you can use the same infrastructure and processes already in place for Microsoft updates.

Benefits of Third-Party Updates

Centralized patch management for both Microsoft and non-Microsoft apps.
Reduced security risk by keeping third-party apps updated.
Improved compliance with organizational and regulatory requirements.

Enable Third-Party Updates

In the SCCM console, go to Administration → Site Configuration → Sites.
Select your site and click Configure Site Components → Software Update Point.
In the SUP settings, check Enable third-party software updates.
Ensure the WSUS Signing Certificate is configured and deployed to clients.

Import and Manage Catalogs

Go to Software Library → Software Updates → Third-Party Software Update Catalogs.
Choose from built-in catalogs (e.g., Adobe, Dell) or import custom ones.
Subscribe to the vendor catalog and synchronize updates.
Published updates will appear alongside Microsoft updates in the console.

Deploy Third-Party Updates

Manage deployments the same way as Microsoft updates:
Add updates to a Software Update Group.
Download content and distribute to distribution points.
Deploy to device collections.

Best Practices

Start with a pilot deployment before broad rollout.
Regularly update vendor catalogs to fetch the latest patches.
Monitor deployments in the Monitoring → Deployments workspace.
Combine with Automatic Deployment Rules (ADR) if the vendor catalog supports frequent updates.