This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 44%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Current situation:
In terms of Software updates, we currently have 2 ADRs deployed to all Windows 10 workstations.
See current ADRs below
New situation:
We want to configure the Software updates differently.
Device Collection A will receive the windows updates as soon as possible.
Device Collection B gets the Windows updates 7 days later.
Device collection B gets the Windows updates 14 days later.
How and where should I arrange postponement of Windows updates.
See the picture below.
Thanks
Correct on the ADR, deployment creation, and available scheduling . For required, that's up to whether or not you want to give your users time to manually install the updates before the deadline or at least give them notification before the updates become mandatory. I strongly encourage that you do, but that's up to you. Also, this gives the clients time to pre-download the content before the deployments are enforced automatically.
For the update schedule, no not at all. The functionality of software updates does not depend on scheduled cycle of this task. It is run ad hoc as necessary by the clients. The schedule is to provide compliance information for updates not deployed to systems. If your ADRs use the required criteria, this will of course impact them though, however, I strongly encourage not relying on this attribute for your ADRs as it makes the process reactive instead of proactive.
1) That's up to you but generally yes, this should follow the cadence of your update deployment cycle.
2) There are no such things as practices in a generic sense. I strongly prefer reusing them. Here are my full thoughts on this: https://home.memftw.com/software-updates-and-automatic-deployment-rules-in-configmgr/
3) Yes. Defender definitions can be updated many times throughout the day. It's supported to run an ADR a maximum of three times per day though which is generally considered sufficient. I know of customers who run their definition ADRs only once a day as well as twice a day. It's up to you to determine what is sufficient and best for your org.
That's the article i read before i posted my last questions. Missed it that is was you're blog.
Thanks again for you're support.
Hi,
Thank you very much for the update and we're glad the problem is solved now. If you have any questions in future, we warmly welcome you to post in this forum again.
Have a nice day!
Regards,
Amanda