I'm in a bit of a pickle with my company's server patch management. We've tried several solutions over the years - starting with Kace, which was pretty much a black box, then moving to Atera, but compliance has been terrible lately. Now, my supervisor wants to switch server patching to SCCM while we're also transitioning client endpoints to Intune. We manage around 50-75 servers right now. I suggested sticking with plain WSUS coupled with WAM from AJ Tek instead, as I'm unsure about the cost and complexity of SCCM. I've also been experimenting with Action1 at home and think it could handle our needs well for server patching. I'd love to hear thoughts on using SCCM versus WSUS or Action1 for patching our servers only. Thanks in advance for any insights!
5 Answers
You might also want to consider other options like Batchpatch or NinjaOne. These tools can automate patching and could save you a headache compared to the complexity of SCCM.
Action1 is a reliable choice for managing updates if you’ve had success with it already. It’s user-friendly and covers a variety of patching needs, which seems fitting for your servers without the overhead of SCCM.
For a smaller setup like yours, WSUS should work fine for OS patching. I've successfully managed a large fleet of servers with it. If compliance is your goal, get your patching policies straight first. Then select a tool that supports those policies.
Exactly! Defining a patch management plan is key. You need to know how and when you want your updates applied before pulling the trigger on a specific tool.
It seems like if you've been through a few different tools already without much success, constantly switching might not be the answer. The issue could be down to management more than the tools themselves. Plus, if you're saying you don’t have time to learn SCCM, what makes you think you'll find time to manage yet another tool?
Great points! The churn in security engineers hasn’t helped either. Every new hire has a fresh idea, and frankly, Atera has just been a mess. I have time to mess with Action1 since it's free and useful at home!
If you’re considering your options, don’t forget that SCCM utilizes WSUS for updates. For Azure servers, you could also look at Azure Update Manager combined with Azure Arc for visibility. If you’re already using Microsoft tools, this might fit seamlessly into your operations.
That makes sense! I’ve had limited experience with SCCM but knew it uses WSUS. Azure Update Manager is new for me, but it aligns with our push toward Microsoft’s ecosystem!
I agree! NinjaOne has been solid for us and handles both Windows and third-party patching well.