Postpone Software updates for diffrent Device Collections

Steve 41 Reputation points
2020-08-27T16:03:41.87+00:00

Current situation:
In terms of Software updates, we currently have 2 ADRs deployed to all Windows 10 workstations.
See current ADRs below
20937-adr.jpg
New situation:
We want to configure the Software updates differently.
Device Collection A will receive the windows updates as soon as possible.
Device Collection B gets the Windows updates 7 days later.
Device collection B gets the Windows updates 14 days later.

How and where should I arrange postponement of Windows updates.
See the picture below.
20955-windows-updates.jpg
Thanks

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,005 questions
0 comments
Accepted answer
  1. Jason Sandys 31,186 Reputation points Microsoft Employee
    2020-08-28T16:16:20.593+00:00

    Correct on the ADR, deployment creation, and available scheduling . For required, that's up to whether or not you want to give your users time to manually install the updates before the deadline or at least give them notification before the updates become mandatory. I strongly encourage that you do, but that's up to you. Also, this gives the clients time to pre-download the content before the deployments are enforced automatically.

    For the update schedule, no not at all. The functionality of software updates does not depend on scheduled cycle of this task. It is run ad hoc as necessary by the clients. The schedule is to provide compliance information for updates not deployed to systems. If your ADRs use the required criteria, this will of course impact them though, however, I strongly encourage not relying on this attribute for your ADRs as it makes the process reactive instead of proactive.

    0 comments

6 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Sandys 31,186 Reputation points Microsoft Employee
    2020-08-27T20:39:34.33+00:00

    First, why do you have two different ADRs? With the monthly Cumulative Update model, you should not be making any distinctions between update type.

    Next, your second screenshot is for using Windows Update for Business and is unrelated to using ADRs. Do not deploy WUfB policies if you wish to use ConfigMgr to deploy software updates as this will cause issues and transfer all update functionality to WUfB making your ADRs useless.

    For your requirement, simply add additional deployment configurations to the ADR.

    0 comments
  2. Amandayou-MSFT 11,051 Reputation points
    2020-08-28T06:08:15.49+00:00

    We could use one ADR, and the update classification could be selected, for example, security update, critical update. Here is the screenshot we could refer to: ![21098-8281.png][1] For three collections of ABC, they are set as three suitations, agree with Jason, we could add deployment on the ADR by the following picture: ![21152-8282.png][2] ************************************************************************* If the response is helpful, please click "Accept Answer" and upvote it. [1]: /api/attachments/21098-8281.png?platform=QnA [2]: /api/attachments/21152-8282.png?platform=QnA

    0 comments
  3. Steve 41 Reputation points
    2020-08-28T15:52:36.263+00:00

    Thanks for the response gentlemen.
    Based on your response, I read some articles about WUfB, and it is clear that you cannot use this together with ADRs software deployment.
    MS sometimes makes it confusing with all the possibilities it creates, in this case Software updates.

    So if I interpret it correctly I will create 1 ADR with Critical Updates, Definition Updates, Security Updates, Update Rollups and Updates.
    Then create 3 deployment for Collection ABC.

    Software available time:
    Deployment schedule Collection A - As soon as possible
    Deployment schedule Collection B - 7 Days
    Deployment schedule Collection C - 14 Days

    Installation Deadline:
    All 3 collections - As soon as posible ??

    I probably also have to change the software update schedule to daily? It's set to the default. 7 days.
    Thanks

    0 comments
  4. Steve 41 Reputation points
    2020-08-28T22:57:12.667+00:00

    Thanks Jason,
    Now I understand the Software update cycles many times better. Thanks

    Please be patient with me. These are the last questions ..
    Last week we changed the SUP Sync Schedule from 7 to 1 day ..
    Yesterday I noticed that SUGs has been created every day since then.
    I assume this is due to the setting below.
    21210-sug.jpg

    1) Do I have to change this to eg monthly, and then every 2nd Wednesday of the month?
    2) Is it best practice to reuse the same update groups every month
    What i've read is that you lose the ability to explicitly track when an update was deployed. Not an issue for us, but does this still applies for version 1910?
    3) Do i create a separate ADR for definition updates. Run daily, every hour?

    0 comments