How are people monitoring the update status? Using a compliance policy is a pain as it'll (rightly) mark the device an non-compliant, which in most of our environments will stop them syncing files and accessing services, we really need to know before hand that updates are not installing so we can get ahead of this before it starts causing the user problems due to falling over a compliance policy.
Hi All, thanks for your informative podcasts. My current client base are mainly all small businesses and most don't have in house domain controllers and SCCM. All their workstations are just connected to the office 365 Active directory. Is there anyway of configuring Endpoint management to push out updates in this enviroment?
Ok, so I have Config manager (SCCM) with WSUS, no azure or intune to date .... what additional licensing am i looking at? 250 virtual servers, 7k+ pc devices ... soon to add 6000 mobile android for MDM
You'll need an Intune license for each user or device. You can get a stand alone Intune license or aquire the license through a bundle ( like Microsoft 365 E3)
I tested setting automatic update behavior to 'Reset to default' however it did not toggle 'Automatically adjust hours for this device based on activity' to on. The other settings I included in the update ring did take so I know it was applied. Also, could you please explain how the Auto reboot before deadline setting works?
The policy is referred to it like that, e.g. "urgent." The ring policy will govern most of the update timing, but if you need to expedite the software update, then you use the quality update policy.
+1 as an MSP, we are having to buy 3rd party tools to ensure 3rd party products are patched, these tools will often include comprehensive support for windows updates too (with monitoring), so we'd use one or the other, not both. In the UK, for Cyber Essentials Compliance, we need to install 3rd party patches inside 14 days.
Year later updating is still a huge effing issue. Can't believe how bad or PITA it is to update end points. Security updates shouldn't be so hard or slow to get put in place.
WSUS is cruddy because Microsoft stopped working on it 15 years ago, not because cloud is better. Microsoft overselling cloud based services over their own abandonware is getting tiresome.
Great work! Excited to start testing these features.
Thank you!
Is there a way to force updates to a day of the week?
Can’t wait for Driver updates to be released in MEM
How are people monitoring the update status? Using a compliance policy is a pain as it'll (rightly) mark the device an non-compliant, which in most of our environments will stop them syncing files and accessing services, we really need to know before hand that updates are not installing so we can get ahead of this before it starts causing the user problems due to falling over a compliance policy.
The device goes to Grace period status before becomes non compliant, you will have 5 days to sort those out before they get the non compliant status.
Hi All, thanks for your informative podcasts. My current client base are mainly all small businesses and most don't have in house domain controllers and SCCM. All their workstations are just connected to the office 365 Active directory. Is there anyway of configuring Endpoint management to push out updates in this enviroment?
yes you can, assign the update ring to a dynamic group where you would added those computers, endpoint manager can see them.
I see "Driver management for Windows 10" in your screenshare. Any update on this??
Great observation, this feature is still in the works as we showed starting at 6:24 here: ua-cam.com/video/EEuzEn0qmI8/v-deo.html
Ok, so I have Config manager (SCCM) with WSUS, no azure or intune to date .... what additional licensing am i looking at? 250 virtual servers, 7k+ pc devices ... soon to add 6000 mobile android for MDM
You'll need an Intune license for each user or device. You can get a stand alone Intune license or aquire the license through a bundle ( like Microsoft 365 E3)
Can this feature be set to run on a specified group of Azure AD computers, or is this feature network wide only?
Yes, you can scope using device groups or user groups.
more setups tutorial but not sure how Producer asures up in that departnt.
I tested setting automatic update behavior to 'Reset to default' however it did not toggle 'Automatically adjust hours for this device based on activity' to on. The other settings I included in the update ring did take so I know it was applied. Also, could you please explain how the Auto reboot before deadline setting works?
That ensures a reboot is forced before deadline + grace period to complete the install of the applied update(s).
I have a question. Does intune first downloads the Windows updates to Azure Blob storage and then push updates to End devices in tenant?
No, the updates are pulled directly from Windows Update. Uploaded app packages would be stored centrally, but not the updates in WU.
Why are the Quality Updates called “break glass”?
The policy is referred to it like that, e.g. "urgent." The ring policy will govern most of the update timing, but if you need to expedite the software update, then you use the quality update policy.
It’ll feel like broken glass when cleaning up the messes caused by them.
When will be possible to manage update also to non Microsoft product?
+1 as an MSP, we are having to buy 3rd party tools to ensure 3rd party products are patched, these tools will often include comprehensive support for windows updates too (with monitoring), so we'd use one or the other, not both. In the UK, for Cyber Essentials Compliance, we need to install 3rd party patches inside 14 days.
Year later updating is still a huge effing issue. Can't believe how bad or PITA it is to update end points. Security updates shouldn't be so hard or slow to get put in place.
Miss the EBC discussions guys....
HELP
WSUS is cruddy because Microsoft stopped working on it 15 years ago, not because cloud is better. Microsoft overselling cloud based services over their own abandonware is getting tiresome.
nothing secure about using the cloud for anything!