Compliancy and Supsesede Updates

Lanky Doodle 191 Reputation points


In a SUG we have no filter for superseded so I understand that any update that falls within the other criteria will be included. It does seem like this is correct as superseded updates are showing in the SUG Preview.

However, when I run a compliancy report against this SUG today, most of it is non-compliant because Patch Tuesday was only 2 days ago, and December's patch is now in the SUG.

For Compliancy, I want to include everything in the SUG, so if an update is included but superseded any machine with at least the oldest superseded update in the SUG should show as Compliant.

So for example, running a compliance report today against a Collection that has 100 devices:

10 devices have December patch installed
80 devices have November patch installed
5 devices have October patch installed
5 devices have September patch installed

Should be 95% compliant and 5% non-compliant, against the SUG shown in the screenshots.

I am not getting this behaviour and the only thing I can think of is that although November and October patches are picked up in the SUG, they have been superseded by December's patch and Compliancy Report is ignoring them.

I also have a custom SQL query that replicates the Compliancy Report showing the same behaviour. I am using the default SCCM SQL Views.

Is it possible to get this working as above?



Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
811 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. Jason Sandys 31,041 Reputation points Microsoft Employee

    Then this is a reporting issue and you'll have to add this logic to your compliance reports.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Jason Sandys 31,041 Reputation points Microsoft Employee

    One option here is to account for this in your compliance reports.

    Another option is to exclude the superseded updates. Is there a reason you aren't doing this?