Endpoint Management

How to Add Deployments to an Existing Automatic Deployment Rule for Software Updates

Last modified 3/16/2021

About

This guide will show you how to add a deployment to a ConfigMgr Automatic Deployment Rule (ADR) for Software Updates. This will allow you to automatic patch your devices on a schedule without you having to setup deployments manually.

Getting Started

What is Automatic Deployment Rule (ADR)?

An Automatic Deployment Rule is a recurring task in ConfigMgr that will automatically group Software Updates, download them, and deploy them to your collection.

They can be found in the ConfigMgr console under Software Library > Software Updates > Automatic Deployment Rules.

Learn More at https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/automatically-deploy-software-updates

What ADRs are available?

The following ADRs are available in the ISU security scope for anyone to use, along with their refresh schedules:

  • ISU Windows Updates For Endpoints
    • Refreshes Monthly
    • When the ADR runs, it creates new Software Update Group
  • ISU Windows Defender Definition Updates 3:00AM/12:00pm
    • Use one or the other
    • Refreshes Daily
    • When the ADR runs, it reuses the same Software Update Group
  • ISU Application Updates - Wave 1
    • Refreshes Every other Tuesday
    • Contains Updates from Patch My PC
    • When the ADR runs, it reuses the same Software Update Group
  • ISU Application Updates - Wave 2
    • Refreshes Every other Tuesday (Offset from Wave 1)
    • Contains Updates from Patch My PC
    • When the ADR runs, it reuses the same Software Update Group

How do I deploy the ADR to my collections?

In the ConfigMgr console, navigate to Software Library > Software Updates > Automatic Deployment Rules, and select the ADR that you want to deploy. Select Add Deployment in the Ribbon or Right-Click Menu.

Below is a guide to go through the Add Deployment Wizard:

  • Add Deployment Wizard

For Collection, select the Collection you would like to deploy to.

For Deployment Settings, leave defaults.

For Deployment Schedule:

  • For Schedule evaulation - Keep time based on Client local time. 

  • For Software available time - This value sets when the updates are available to the devices to show up in Software Center.
    The time value will be added to the time after ADR runs. (For example, if you set 2 Days, it will be available two days after the ADR runs)

  • For Installation deadline - This value sets the deadline and when the deadline is passed the updates will install on the device automatically. This setting abides by your maintenance window, if one is set.
    Unlike the previous setting, the time value will be added to the time after the available time.

The below screenshot is an example schedule.  If the ADR was supposed to run on 01/01/21 at 11:00AM, then this schedule will set the available time to 01/03/21 at 11:00AM and the deadline time to 01/03/21 at 6:00PM.

If an ADR reuses the same Software Update Group, when that ADR runs, it will refresh all deployments and the times associated with them.

This means, if your deadline time does not take place before the ADR runs again, your devices would be in a state where they never hit a deadline and won't ever install updates.

Give your devices a few days time to recieve and install the updates.

For User Experience:

  • For User visual experience - You can choose how you want your notifications to behave.

  • For Deadline behavior - You can choose what you want to happen when the deadline is passed when a maintenance window is current set.  You have the options to start installation and/or let the system reboot (if needed).

  • For Device restart behavior - You can choose weither or not to supress system restarts.

  • For Write filter handling - Leave unchecked.

  • For Software Updates Deployment behavior - You can choose to have your devices re-run a Software Update Deployment Evaulation cilent action if an update required a restart.

For Alerts, you can leave defaults, or setup in-console alerts.

For Download Settings:

  • For both Deployment options - use the Download software updates / Download and install software updates options (2nd radio buttons)

  • For the first checkbox - you are using an ADR for Windows Updates, you can check this box to fallback to Microsoft Updates online.  This should be unchecked for ADRs utilizing Patch My PC (ISU Application Updates - Wave X), as their updates don't come from Microsoft.

  • For the second checkbox - check this if you want your updates to happen over a metered connection. In most cases, leave this unchecked.

For Summary, confirm your settings and add the deployment.

Your deployment won't appear until the ADR's next run. Do not run the ISU ADRs manually.