Share via

Azure Update Manager - patching 3rd party apps on servers

Bojan Zivkovic 506 Reputation points
2025-01-27T09:20:29.0766667+00:00

Hi, today I started using Azure Update Manager for patching on-premises servers in DMZ forest (test environment) and so far, everything has been working as expected.

I guess answer to the following question is no (hopefully someone can prove me wrong) - can Azure Update Manager handle patching of 3rd party apps installed on servers without local WSUS instance? In production, we use Configuration Manager with 3rd party apps updates published to WSUS using Patch My PC Publishing Service.

Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
339 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pranay Reddy Madireddy 1,580 Reputation points Microsoft Vendor
    2025-01-27T11:38:18.7666667+00:00

    Hi Bojan Zivkovic

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    Azure Update Manager uses WSUS to manage updates for both first-party and third-party applications. For third-party apps, you need to publish the updates to WSUS, which will then allow Azure Update Manager to detect and install them.
    https://learn.microsoft.com/en-us/azure/update-manager/guidance-migration-azure

    If you use Patch My PC to send third-party updates to WSUS, Azure Update Manager can use it. But without WSUS, Azure Update Manager can't manage or update third-party apps.
    https://azure.microsoft.com/en-us/products/azure-update-management-center/

    Right now, Azure Update Manager can't handle third-party patching without WSUS. So, you need a WSUS instance for complete patch management, including third-party apps.

    If you have any further queries, do let us know.

    If the answer is helpful, please and "Upvote it".

    0 comments
  2. Pratheep Sinnathurai 1 Reputation point MVP
    2025-01-27T13:05:03.5866667+00:00

    Unfortunately you are right, Azure Update Manager can't handle 3rd Party Apps without WSUS.Other solutions would be to use Machine Configuration in Combination with xPSDesiredStateConfiguration - using the xMsiPackage: https://github.com/dsccommunity/xPSDesiredStateConfiguration/wiki/xMsiPackage

    For Windows Server 2025 you could use as well winget.

    0 comments
  3. Pratheep Sinnathurai 1 Reputation point MVP
    2025-01-27T14:05:39.5833333+00:00

    I assume not: There are some limitations to enabling authentication. Any WSUS server you want to authenticate must be in an Active Directory environment. Also, if the WSUS servers are in different forests, there has to be trust between forests for this authentication method to succeed.

    Source: https://learn.microsoft.com/de-de/security-updates/windowsupdateservices/18127589#adding-authentication-between-chained-wsus-servers-in-an-active-directory-environment

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.