Scenario 2: ConfigMgr - Applications and Updates (WSUS)

Applies to: Patch My PC Publisher

Overview

Use this scenario when the Publisher is used to create and manage third-party updates, by leveraging Windows Server Update Services (WSUS), and third party applications in ConfigMgr. This configuration is for environments that intend to manage applications and updates through ConfigMgr.

In this scenario, a Software Update Point (SUP) site system role that leverages WSUS is used as the update publishing endpoint for the Publisher. The Publisher publishes third-party update metadata and binaries directly to the WSUS instance associated with the top-level SUP in the ConfigMgr environment.

ConfigMgr uses the SUP to synchronize third-party update metadata from WSUS. After synchronization, ConfigMgr orchestrates update approval, deployment and reporting.

After completing the configuration steps in this section, the Publisher will be ready to publish third-party applications to ConfigMgr and third-party updates to WSUS.

Checklist

Before configuring the Publisher, ensure the following information is identified and validated:

General Items

• You have started a trial and/or have a valid license key.

• The Publisher installation location has been identified.

• Publisher core requirements are met.

Platform Checklist (WSUS)

• Publisher platform requirements are met.

Platform Checklist (ConfigMgr)

• Publisher platform requirements are met.

• The SUP site system role has been considered and is configured.

• The location and the name of the ConfigMgr site database has been identified.

• The SMS Provider location has been identified.

Installation and Configuration Steps

The following steps are suitable for getting the Publisher up and running in most environments and are recommended to be completed before selecting products to enable for publishing and applying product customizations.

1. After the core, WSUS and ConfigMgr platform requirements have been met, and the Publisher installation location is identified, download and install the Publisher.

2. Open the Publisher console and go to the General tab. Enter your license key or start a trial.

3. Click the Validate button to validate the licence.

4. On the General tab still, confirm that a valid code signing certificate is selected or create/select one.

5. On the General tab still, configure log retention to keep a minimum of 10 logs and set the maximum log size to 10 megabytes.

6. Go to the Updates tab, right-click the All Products node in the product tree and enable and configure, the Manage Installation Logging customization option. This ensures detailed installation logs are generated on client devices when third-party applications are installed. This helps with troubleshooting if issues occur during installation.

7. Go to the ConfigMgr Apps tab and configure the Scan ConfigMgr Database for Supported Products form control.

8. On the ConfigMgr Apps tab still, right-click the All Products node in the product tree and enable and configure, the Manage Installation Logging customization option.

9. On the ConfigMgr Apps tab still, click the Options button. Configure the SMS Provider connection by specifying the SMS Provider server and validating connectivity.

10. On the same Options page, configure the source folder used for application content. Ensure the folder is accessible to the ConfigMgr site server and distribution points.

11. On the same Options page, review the Application Creation Options section:

    1. Disable the option to allow applications to be installed from the Install Application task sequence action unless it is required for your environment.

    2. Configure a default folder in the Applications node so applications published by the Publisher are centralized and easy to manage.

    3. Leave the default options enabled to update existing application metadata, deployment types, detection methods, and content when new application versions are published.

    4. Configure application retention to keep at least 1 previous version to support rollback scenarios using supersedence.

12. Review Content Distribution Options and confirm applications are automatically distributed to the appropriate distribution points if required.

13. Go to the Sync Schedule tab to confirm the schedule aligns with your operational requirements.

14. Go to the Alerts tab to configure email or webhook notifications if publishing and operational notifications are required.

15. Go to the Advanced tab and review:

    1. Configure proxy settings if your environment requires outbound internet access through a proxy.

    2. Configure a Local Content Repository path for binary free applications.

16. Go to the About tab and review the self-update settings for the Publisher. If your organization has strict change control, disable automatic self updates. In most environments this is not recommended, as new versions include bug fixes and new features.

17. Click Apply to save the settings.

After completing these steps, the Publisher is configured and ready to publish third-party applications to ConfigMgr and third-party updates to WSUS.

The next step is to Customize and publish applications and updates.