Then this is a reporting issue and you'll have to add this logic to your compliance reports.
Compliancy and Supsesede Updates
In a SUG we have no filter for superseded so I understand that any update that falls within the other criteria will be included. It does seem like this is correct as superseded updates are showing in the SUG Preview.
However, when I run a compliancy report against this SUG today, most of it is non-compliant because Patch Tuesday was only 2 days ago, and December's patch is now in the SUG.
For Compliancy, I want to include everything in the SUG, so if an update is included but superseded any machine with at least the oldest superseded update in the SUG should show as Compliant.
So for example, running a compliance report today against a Collection that has 100 devices:
10 devices have December patch installed
80 devices have November patch installed
5 devices have October patch installed
5 devices have September patch installed
Should be 95% compliant and 5% non-compliant, against the SUG shown in the screenshots.
I am not getting this behaviour and the only thing I can think of is that although November and October patches are picked up in the SUG, they have been superseded by December's patch and Compliancy Report is ignoring them.
I also have a custom SQL query that replicates the Compliancy Report showing the same behaviour. I am using the default SCCM SQL Views.
Is it possible to get this working as above?
Sign in to comment
1 additional answer
Sort by: Most helpful
One option here is to account for this in your compliance reports.
Another option is to exclude the superseded updates. Is there a reason you aren't doing this?
So in this exact scenario, both patches should be 'merged' for compliant/non-compliant
I'm saying you need to create a custom report or take a stock report and customize it to include your unique, custom logic.