For most patches, the ZENworks Ondemand Content Masters (OCMs) retrieve the patch content that devices need to install the patches. This includes most Windows and all Mac patches. Some patches, however, are downloaded directly from the vendor source by the native patch mechanism using their native update channel. This includes the following channels:
SUSE Linux and Red Hat Linux updates
Windows “Click-to-Run” applications like Microsoft 365 Apps
The patch process is the same for these “native update channel” patches with the exception that the ZENworks content system does not retrieve and distribute the patch content to the device. This means that you can still scan devices for the missing patches, track the patch status in ZENworks Control Center, and schedule and initiate patching via Patch policies or remediation bundles.
However, devices must still be configured to download the patch content from their native update channel.
For SUSE and Red Hat patches, you do not need to do any configuration beyond what you have already done to enable Linux patching with the Legacy Patch Platform. For example:
Register devices you want to patch with SUSE or Red Hat with the respective software update channel.
Ensure the devices can access the external update channels.
Essentially, if a SUSE or Red Hat device can use its native YaST or YUM package managers to apply updates without ZENworks involved, ZENworks will be able to orchestrate the installation, including tracking the status of patches as well as applying them.
Windows devices use Microsoft’s Click-to-Run service to install Microsoft 365 applications like Office 365 and Office 2019. Any Windows device on which you want to apply Microsoft 365 apps must be configured to allow ZENworks to initiate the Click-to-Run service.
To configure a device for Microsoft 365 apps patching:
Make sure that the device can apply updates without ZENworks involved.
For example, make sure that O365 can be updated manually by the user. This ensures that O365 is configured with the correct update channel and the device has access to the update channel.
Use Group Policy to enable updates from ZENworks:
Download and install the Administrative Template files (ADMX/ADML) for Office from the Microsoft Download Center.
enable the ”Management of Microsoft 365 Apps for enterprise” policy setting.
You can find this policy setting under Computer Configuration\Policies\Administrative Templates\Microsoft Office 2016 (Machine)\Updates.
Alternatively, you can modify the officeupdate key in the Windows Registry to add the officemgmtcom value set to 1.
Once you complete this configuration on a device, you can track the status of Microsoft 365 Application patches in ZENworks Control Center and initiate the patching just as you would for any other type of patch.