Enable Third-Party Software Updates in SCCM

Oh god, thank you Microsoft:), finally, we got this! as a built-in feature in the ConfigMgr, and for those who are wondering about the System Center Update Publisher – it is not needed anymore.
Introduce the new feature “Third-Party Software Updates” which available in 1806 update and allow us to deploy third-party updates to your computers.
In the long term and next updates for sure, they will add more repositories and new flexibilities for this feature! apparently, if you have some third party software which deploys third-party updates, in soon you are going to give up about it so don’t rush renew the support or license period…

– The software update point requires HTTPS because of WSUS’s API signing certificate.
– Make sure you have sufficient disk space.
– The site server requires internet access to download.microsoft.com over HTTPS port 443
–  Software update point configured to use a WSUS Server Connection Account.

In order to use on this feature we have to do some prerequisites and enable this features just follow me:
First, we have to enable SSL communication to the WSUS server.
Administration > Servers and Site System Roles > look bottom of the windows and right click properties “Software Update Point” and enable “Require SSL communication to the WSUS server“:

Enable third-party software updates on “Default Client Settings” or you also can create a new one:

The third step is to “Enable Third-Party Software Updates” under your SUP component properties:
Go to Administration > Sites > Settings > Configure sites components > Software Update Point:

Click on Third Party Updates and tick the “Enable Third-Party Software Updates” and choose the “Configuration Manager manages the certificate”:

Right now, only “HP Client Updates Catalog” is available:

Within 2-1 hours you should see HP catalog available on “Third-Part Software Update Catalog”:

We have to “Subscribe to catalog” to this catalog, right click and “Subscribe to catalog“:


The next step is to view the certificate, you must do that:
After you viewed the certificate you will be able to check the checkbox – move between tab into the certificate and make sure it really belongs to HP.
Install the certificate on your local machine.


By default, It re-syncs every 24 hours automatically or you can initiates the run sync process manually like this:

You can view on “SMS_ISVUPDATES_SYNCAGENT.log” in order to track the updates log – be patient it may take time…:



Great, while it syncs I would like to add another Third-party software catalog, actually we are going to perform the same steps:
By the way, there are several providers, you can choose such as Patch my PC, Patch Connect Plus, Flexera Software, Ivanti Patch which have larger repositories for deploying a third-party update.
We can use the following URL which belongs to manageengine:

Once you added it, we have to “Subscribe” to ManageEngine catalog as well:

Guys, it’s exactly the same process that we have done to HP,  proceed with Next and install the certificate on Local Machine and close the window:

Sync it manually:

As soon as the HP and Manageengine have been synced, we have to enable them in the SUP products:
Administration > Sites > Settings > Configure sites components > Software Update Point:

And thick Adobe, Google, HP, 7ZIP.:

Go to “All Software Updates” and Run sync or just wait, you will see them, they gather slowly:

Select third-party updates and choose “Publish Third-Party Software Update Content” And then deploy them:

Meantime into the SMS_ISVUPDATES_SYNCAGENT.log the updates are downloading…


And from this point, you just have to create the package and deploy the updates as you deploy the Windows update using SCCM.