Share via

Which client action triggers software update deployment to install udpates

David Moon 606 Reputation points
2020-11-02T04:00:19.347+00:00

Hi All
I have my client settings for both of these as every 1 day, and when setting up software updates deployment on a schedule, it just works.

  • Software Updates Scan Cycle
  • Software Updates Deployment Evaluation Cycle

However, just want to get some clarification as to which client action actually triggers the install of the patches.

So lets say both of these actions are set as default for 7 days.

  • Software Updates Scan Cycle
  • Software Updates Deployment Evaluation Cycle

And, both of those scans have last occurred Monday 12pm.
On Tuesday, i setup a new Software Updates deployment, and schedule it to make it available Wednesday 12pm. The deadline is set at the same time as well.

Lets also say that the machine is rebooted every night.

Based on the 7 day scan schedule, will this machine get the deployment installed at Wednesday 12pm?
My assumption is that, it will not, as the Scan cycle and Eval cycle has not run since i have setup the new deployment. Will this be correct assumption?
Or does the machine policy eval cycle actually trigger the deployments?

Thanks, DM.

Microsoft Security | Intune | Configuration Manager | Other
0 comments
Accepted answer
  1. Jason Sandys 31,411 Reputation points Microsoft Employee Moderator
    2020-11-02T16:27:25.97+00:00

    Just to call out and reinforce (and slightly restate) one point that Eswar made here: The scheduled update scan cycle has nothing to do with when updates are installed and neither does the scheduled update deployment evaluation cycle. Both of these are called asynchronously as needed by the client based on other factors including the when the deployment is received by the client (via the machine policy as Eswar noted), the available time of the update deployment, the deadline time of the update deployment, and restarts performed as a result of the deployment.

    2 people found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ESWARARAJU KONETI 2,206 Reputation points MVP Volunteer Moderator
    2020-11-02T14:36:48.643+00:00

    Getting the deployments (apps, updates etc) has nothing to do with update scan cycle or deployment evaluation cycle. The deployments works with machine policy refresh cycle and based on the deadline date, the patches get installed.

    The following is the definition of:

    Software Updates Deployment Evaluation Cycle: Evaluates the state of new and existing deployments and their associated software updates. This includes scanning for software updates compliance, but may not always catch scan results for the latest updates. This is a forced online scan and requires that the WSUS server is available for this action to succeed.

    Software Updates Scan Cycle: Scans for software updates compliance for updates that are new since the last scan. This action does not evaluate deployment policies as the Software Updates Deployment Evaluation Cycle does. This is a forced online scan and requires that the WSUS server is available for this action to succeed.

    Regards,
    Eswar
    www.eskonr.com
    If the response is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.