Integrate to Sys Upd IP with WSUS / ConfigMgr
The current IP is great but, afaik, it just does check for published updates, a true compliance report should be based on authorized updates. I know this isn't going to be easy and probably not possible today without some change on the patching tools, but as a future evolution I think the IP should leverage the customer chosen tool for patching and reporting against authorized updates in addition to published updates.
We’re currently enhancing our compliance functionality.
Luc Bergeron commented
The OMS Agent should be able to gather updates data information from the server whatever the update source is. ConfigMgr is best at managing deployments and updates selection, OMS Update Solution has better dashboard. Help us benefit of both.
I would lik eto see both values to better evaluate how well our service provider are doing. This would save be a bunch of time, not having to scan our enviroment myself with mbsa and some excel magic.
So do a scan using the configures WSUS (and thereby the approved patches) and a scan with Wsusscn2.cab directly from MS. Please keep in mind, that the servers in questions do not have unrestricted Internet access, so the file would need to be downloaded through the Direct Agent.
Also, the ability to initiate a scan right now on one or more devices and also be able to define how often and when a system should be scanned.
Alessandro Gregnanin commented
I think it should be your highest priority.
We haven't to wait how many customers are interested in it .... worlwide markets asks for that to us.
We need to think our great idea as this one pushing towards a complete integration with other our products.
This your solution well fit with System Center products because here you have other capability to satisfy the Service Governance independently where service is (cloud, on premise or hybrid).
As you know, Service Governance means technology stream and process stream (SCSM ?).
Mathieu Isabel commented
I would agree that a bridge would be beneficial especially in the context of comparing with a desired configuration baseline in SCCM. It would bring value operationally in my opinion. When checking for deployed updates it Operational Insights checks against latest patch level from Microsoft which might not be desirable in occasion as patches are deployed in a staged fashion to different groups of servers.