Share via

Issue w/ Azure Update Manager for Servers that have SCCM Client

Kalel 80 Reputation points
2025-10-01T10:31:26.1066667+00:00

Hello. I wanted to reach out to see if someone has run into similar issue and had a fix.

We currently use SCCM with PatchMyPC integrated to help manage 3rd Software Patching of our servers. Because our SCCM is an older version (waiting for Project to upgrade to latest version) we started using Azure Update Manager to manage patching OS level on our servers. The problem we are having is Azure Update Manager does not return back all applicable patches when the SCCM client is installed. If we uninstall the SCCM client, then Azure Update Manager is able to report back applicable OS level patches.

So my question is has anyone successfully have the SCCM client deployed to servers (to use for reporting purposes) but also use Azure Update Manager to deploy patches successfully? I know SCCM can handle the OS patching but we are running a EOL SCCM at the moment until we get the project moved forward to setup a new instance.

Thx in advance for any assistance given.

Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Suchitra Suregaunkar 4,210 Reputation points Microsoft External Staff Moderator
    2025-10-07T18:03:34.8066667+00:00

    Hello Kalel
    Thank you for posting your query on Microsoft Q&A portal.

    Azure Update Manager (AUM) uses the Windows Update Agent (WUA) to scan for updates. When the System Center Configuration Manager (SCCM) client is installed and configured for Software Updates, it enforces Windows Server Update Services (WSUS) policies (e.g., UseWUServer=1) that redirect WUA to your on-premises WSUS/SCCM infrastructure.

    • WUA only reports updates approved in SCCM, not the full Microsoft Update catalog.
    • AUM queries WUA, so it sees a limited patch list.
    • When SCCM is removed, WUA defaults back to Microsoft Update, and AUM works as expected.

    To make it work:

    Coexistence Limitations: Azure Update Manager and SCCM (MCM) shouldn't be used simultaneously for patching the same set of servers. If you have SCCM installed, Azure Update Manager may not be able to report all applicable patches correctly. It’s recommended to use one or the other for managing the patching.

    Hybrid Approach:

    • Use AUM for operating system patching.
    • Keep WSUS + Patch My PC for third-party updates (AUM does not handle third-party patching).

    If SCCM is end-of-life (EOL) and cannot be upgraded soon, disable its update role entirely and let AUM manage OS patches.

    AUM cannot replace WSUS for third-party updates, SCCM and AUM cannot both control WUA at the same time, Full coexistence requires SCCM in reporting-only mode or co-management with Microsoft Intune.

    Yes, you can keep System Center Configuration Manager (SCCM) for reporting and use Azure Update Manager (AUM) for OS patching, but you must disable SCCM’s update management and WSUS policies so WUA can communicate with Microsoft Update.

    MCM

    Reference:

    https://learn.microsoft.com/en-us/intune/configmgr/sum/understand/software-updates-introduction#BKMK_ExtendSoftwareUpdate

    https://learn.microsoft.com/en-us/azure/update-manager/workflow-update-manager?tabs=azure-vms%2Cupdate-win#how-patches-are-installed-in-azure-update-manager

    https://learn.microsoft.com/en-us/azure/update-manager/guidance-migration-azure

    Thanks,

    Suchitra.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.