How to Deploy Software Updates Using Microsoft SCCM

Overview

This guide is also available on my personal blog: https://setupconfigmgr.com/how-to-deploy-software-updates-using-microsoft-sccm.

In this video guide, we will be covering how you can deploy software updates in Microsoft SCCM. This covers important aspects of deploying updates such as collection structure, maintenance windows, automatic deployment rules (ADRs), deadlines, and much more. This will be a great follow up from my last blog Deep Dive in Microsoft SCCM Software Updates Client and Server Components

Video Guide

Topics in Video

• Review Software Update Point Settings (Classifications, Products, Sync) – https://youtu.be/6JHJes1u8Pg?t=62
• Collection Structure for Software Updates – https://youtu.be/6JHJes1u8Pg?t=174
• Maintenance Window for Broad Deployment Collection – https://youtu.be/6JHJes1u8Pg?t=324
• Review Client Policies for Software Updates and Restarts – https://youtu.be/6JHJes1u8Pg?t=496
• Review Software Update Metadata – https://youtu.be/6JHJes1u8Pg?t=754
• Create Software Update Groups for Previous Years – https://youtu.be/6JHJes1u8Pg?t=813
• Creating Software Update Group for the Current Year by Month – https://youtu.be/6JHJes1u8Pg?t=1229
• Create ADR for Windows Defender Definitions – https://youtu.be/6JHJes1u8Pg?t=1430
• Review the ADR log RuleEngine.log – https://youtu.be/6JHJes1u8Pg?t=1749
• Deploy the yearly Software Update Groups to the Broad Collection – https://youtu.be/6JHJes1u8Pg?t=1905
• Create ADR to Create Monthly Software Update Groups Going Forward – https://youtu.be/6JHJes1u8Pg?t=2124
• Review Multiple ADR Deployments for Testing Stages and Production – https://youtu.be/6JHJes1u8Pg?t=3023

Notes From Justin

• Cleaning Up Expired and Superceded Updates from Software Update Groups
  • Since we are creating a new SUG each time the ADR runs, you will want to periodically go into your console and remove expired and superseded updates from your SUGs
  • This process can be automated using Bryan Dam’s script – https://damgoodadmin.com/2018/04/17/software-update-maintenance-script-updated-all-the-wsusness/
  • Another option is to search from “All Software Update” for Deployed = Yes and Expired = Yes. RIght-click all the updates found and choose “Edit Membership” and un-check all checked SUGs.
• Consolidating Previous Years Monthly SUGs
  • Forgot to mention in the video, I do consolidate to previous years monthly software update groups when moving to the next year. This helps to keep the number of software update groups low.
• Content Distribution
  • Don’t forget to distribute your software update packages to a distribution point. I forgot to mention this in the video.
• Software Update Point Installation
  • YouTube Video Guide – https://youtu.be/vZpuBrs0LwM?t=248
• Keep WSUS Clean!
  • Maintaining the WSUS Catalog by Declining Updates for Better Update Scanning – https://setupconfigmgr.com/maintaining-the-wsus-catalog-by-declining-updates-for-better-sccm-scanning
• Third-Party Software Updates in SCCM
  • Patch My PC Third-Party Update Catalog – https://patchmypc.net/third-party-patch-management-sccm-scup-catalog

Helpful Resources:

• Introduction to software updates in System Center Configuration Manager – /en-us/sccm/sum/understand/software-updates-introduction
• Scan for software updates compliance process – /en-us/sccm/sum/understand/software-updates-introduction#scan-for-software-updates-compliance-process
• Software update deployment packages – /en-us/sccm/sum/understand/software-updates-introduction#BKMK_DeploymentPackages
• Software update deployment workflows (ADRs Vs. Manual) – /en-us/sccm/sum/understand/software-updates-introduction#BKMK_DeploymentWorkflows
• Required system restart – /en-us/sccm/sum/understand/software-updates-introduction#required-system-restart
• Deployment reevaluation cycle – /en-us/sccm/sum/understand/software-updates-introduction#deployment-reevaluation-cycle
• Extend software updates in Configuration Manager – /en-us/sccm/sum/understand/software-updates-introduction#BKMK_ExtendSoftwareUpdates
• Deploy software updates – /en-us/sccm/sum/deploy-use/deploy-software-updates
• Manually deploy software updates – /en-us/sccm/sum/deploy-use/deploy-software-updates#BKMK_ManualDeployment
• Automatically deploy software updates – /en-us/sccm/sum/deploy-use/deploy-software-updates#automatically-deploy-software-updates
• Monitor software updates in System Center Configuration Manager – /en-us/sccm/sum/deploy-use/monitor-software-updates
• Alerts for software updates – /en-us/sccm/sum/deploy-use/monitor-software-updates#BKMK_SUAlerts
• Software updates synchronization status – /en-us/sccm/sum/deploy-use/monitor-software-updates#BKMK_SUSyncStatus
• Software update deployment status – /en-us/sccm/sum/deploy-use/monitor-software-updates#BKMK_SUDeployStatus
• Software updates reports – /en-us/sccm/sum/deploy-use/monitor-software-updates#BKMK_SUReports