Це відео не доступне.
Перепрошуємо.
Manage Windows Updates From the Cloud Using Endpoint Manager
Вставка
- Опубліковано 7 сер 2024
- Are you a device administrator responsible for updating Windows on dozens, hundreds, or thousands of PCs? Have you used WSUS, Configuration Manager or Intune? In this show, we'll explain all of the options and for managing Windows Updates from the cloud using Microsoft Endpoint Manager and how it compares to your options in Configuration Manager and WSUS.
Jason Githens from the Windows Management team at Microsoft joins Jeremy Chapman for a full tour of Microsoft Endpoint Manager's Windows Update ring, feature update, and quality update policies. These policies add a layer of control on top of Windows Update for Business Group Policy settings and are part of the foundation for Windows Autopatch. We'll take a look at your options and how to use each of them, along with best practice recommendations.
For more information, check out 'The "Mechanics" of cloud-based update management' blog at aka.ms/WufBMechanicsBlog
► QUICK LINKS:
00:00 Introduction of Windows Update management through Endpoint Manager
00:50 New options to manage Windows updates from the cloud
01:28 Configuration Manager vs. cloud-based update management
02:50 How to set up Configuration Manager using Cloud Attach
5:05 An overview of Windows Update rings
8:03 Create Windows feature and quality updates
► Link Reference:
Find the latest information on Windows Update management: aka.ms/ManagementMechanics
View an interactive guide for the Cloud Attach process at: aka.ms/CloudAttach
► Unfamiliar with Microsoft Mechanics?
• As the Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
Subscribe to our UA-cam: ua-cam.com/users/MicrosoftMe...
• Talk with other IT Pros, join us on the Microsoft Tech Community: techcommunity.microsoft.com/t...
• Watch or listen from anywhere, subscribe to our podcast: microsoftmechanics.libsyn.com...
• To get the newest tech for IT in your inbox, subscribe to our newsletter: www.getrevue.co/profile/msftm...
► Keep getting this insider knowledge, join us on social:
• Follow us on Twitter: / msftmechanics
• Share knowledge on LinkedIn: / microsoft-mechanics
• Enjoy us on Instagram: / msftmechanics
• Loosen up with us on TikTok: / msftmechanics
#windowsupdate #windows #cloud
Great work! Excited to start testing these features.
Thank you!
Can’t wait for Driver updates to be released in MEM
Is there a way to force updates to a day of the week?
Hi All, thanks for your informative podcasts. My current client base are mainly all small businesses and most don't have in house domain controllers and SCCM. All their workstations are just connected to the office 365 Active directory. Is there anyway of configuring Endpoint management to push out updates in this enviroment?
yes you can, assign the update ring to a dynamic group where you would added those computers, endpoint manager can see them.
How are people monitoring the update status? Using a compliance policy is a pain as it'll (rightly) mark the device an non-compliant, which in most of our environments will stop them syncing files and accessing services, we really need to know before hand that updates are not installing so we can get ahead of this before it starts causing the user problems due to falling over a compliance policy.
The device goes to Grace period status before becomes non compliant, you will have 5 days to sort those out before they get the non compliant status.
I see "Driver management for Windows 10" in your screenshare. Any update on this??
Great observation, this feature is still in the works as we showed starting at 6:24 here: ua-cam.com/video/EEuzEn0qmI8/v-deo.html
Can this feature be set to run on a specified group of Azure AD computers, or is this feature network wide only?
Yes, you can scope using device groups or user groups.
Ok, so I have Config manager (SCCM) with WSUS, no azure or intune to date .... what additional licensing am i looking at? 250 virtual servers, 7k+ pc devices ... soon to add 6000 mobile android for MDM
You'll need an Intune license for each user or device. You can get a stand alone Intune license or aquire the license through a bundle ( like Microsoft 365 E3)
more setups tutorial but not sure how Producer asures up in that departnt.
I tested setting automatic update behavior to 'Reset to default' however it did not toggle 'Automatically adjust hours for this device based on activity' to on. The other settings I included in the update ring did take so I know it was applied. Also, could you please explain how the Auto reboot before deadline setting works?
That ensures a reboot is forced before deadline + grace period to complete the install of the applied update(s).
Miss the EBC discussions guys....
I have a question. Does intune first downloads the Windows updates to Azure Blob storage and then push updates to End devices in tenant?
No, the updates are pulled directly from Windows Update. Uploaded app packages would be stored centrally, but not the updates in WU.
When will be possible to manage update also to non Microsoft product?
+1 as an MSP, we are having to buy 3rd party tools to ensure 3rd party products are patched, these tools will often include comprehensive support for windows updates too (with monitoring), so we'd use one or the other, not both. In the UK, for Cyber Essentials Compliance, we need to install 3rd party patches inside 14 days.
Why are the Quality Updates called “break glass”?
The policy is referred to it like that, e.g. "urgent." The ring policy will govern most of the update timing, but if you need to expedite the software update, then you use the quality update policy.
It’ll feel like broken glass when cleaning up the messes caused by them.
Year later updating is still a huge effing issue. Can't believe how bad or PITA it is to update end points. Security updates shouldn't be so hard or slow to get put in place.
HELP
nothing secure about using the cloud for anything!
WSUS is cruddy because Microsoft stopped working on it 15 years ago, not because cloud is better. Microsoft overselling cloud based services over their own abandonware is getting tiresome.