Insight and analysis on the information technology space from industry thought leaders.

Third-Party Patching Tips from ConfigMgr and Infosec Experts

Here are some tips and tricks experts shared in Adaptiva’s recent ConfigMgr Third-Party Patching Roundtable Webinar.

3 Min Read
ITPro Today logo

IT pros are feeling anxious about third-party patching in today’s volatile threat landscape. In an ideal scenario, every application on every endpoint would have all the security patches applied as soon as available. Even then, you’d still have to account for functional updates, as well. In reality, you prioritize intelligently and work as efficiently as you can. In this blog, I’ll summarize some tips and tricks experts shared in Adaptiva’s recent ConfigMgr Third-Party Patching Roundtable Webinar.

Some of the world’s leading voices on the topic joined the discussion, including MVP Anoop C. Nair; MVP Harjit Dhaliwal; Bob Kelly, Director, Flexera; and MVP Andy Malone.

Anoop: ConfigMgr Third-Party Overview

Microsoft has all but eliminated the older  System Center Updates Publisher (SCUP). While SCUP is still available, Anoop recommends using a newer technology. With ConfigMgr 1806, Microsoft introduced the ability to do third-party patching without installing SCUP. See what’s new in this overview diagram.

Third Party Patching Overview.jpg

Third Party Patching Overview_1

Anoop also provided a great explanation of how to enable third-party patching in ConfigMgr. You may be able to get what you need from the diagram below. If not, you can watch the webinar on demand.

Enable Third Party Patching.jpg

Enable Third Party Patching_1

Harjit: Supersedence

Harjit reminded the audience that there can be more to application updating than just applying patches. ConfigMgr allows you upgrade or replace existing applications by using a supersedence relationship. You can optionally specify a new deployment type to replace the deployment type of the superseded application.




Bob: Patching Prioritization

Bob talked about the importance of prioritization. There just are not enough hours in the day to keep up with new application requests, functional updates and security updates. It’s too much to track and and too many decisions points. For that reason, companies often just focus on popular applications.

That’s a major danger, because the top vendors account for only about half of software vulnerabilities.

Bob suggests instead looking a number factors, starting with threat intelligence. It’s not enough to know which applications are vulnerable. You really need to know which of those vulnerabilities are being exploited in the real world. He breaks patching down to four main factors: threat, criticality, prevalence and asset sensitivity.

Patch Prioritization.jpg

Patch Prioritization


Andy: Application Security Vulnerability Patching

Andy had some very specific advice for thinking strategically:

  1. Adapt your organization’s security policy to keep up with changing technologies. It should be a living, breathing document.

  2. Ensure you have “best bractice” cybersecurity procedures in place.

  3. Identity and prioritize your key assets in terms of risk.

  4. Have a solid security awareness program for your staff.

  5. Establish a solid incident response plan.

  6. Start looking at security from an assumed breach standpoint. You’ll see security in a very different way.

  7. Have a verification process for third-arty updates/supply chain attacks

He also implored the online audience to know their tech, which is not as simple as some people might think! He offered several suggestions.

Know your tech.png

Know your tech

More Info

If you’d like to learn more, there’s an easy solution: Watch the webinar on demand, and review the full slide deck, as well.

Screen Shot 2019-07-30 at 8.34.43 PM.png

Screen Shot 2019-07-30 at 8.34.43 PM

Bill Bernat, director at Adaptiva, has worked in the technology industry for over 25 years. Before joining the team at Adaptiva, Bill was the web publisher at OpenText and a technical editor for Penton’s Streaming Media Magazine. He spent many years as a programmer and engineering manager for a variety of organizations including NASA, Union Bank of California, and Banc of America Securities. For more information, please visit and follow the company on LinkedIn, Facebook, and Twitter.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like