Install Third Party Software Updates during TS Install Software Updates step
Currently (v1806 or later) Third Party Software Updates are not being installed during the Install Software Updates step in a Task Sequence.
Ideally third party software updates should be installed just like regular updates during the Task Sequence. A machine should be fully patched (secure and end-user ready) when it leaves the deployment bench.
Markus B commented
We don't need those updates during OSD, but' I've seen certificate trust errors within the "Install Updates" step lately.
It might be required to deploy the WSUS signing certificate during OSD befor Installing updates, as the PKI GPO will not be applied.