MECM / Windows Update Simplified Update KB5005031

Sumner, Ann 31 Reputation points
2021-08-19T10:34:11.133+00:00

So just looking at the new simplified deployment of the SSU and CU through MECM, I have enabled the "Windows Insider Pre-release Category" as suggested in the article published: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplified-deployment-of-windows-servicing-stack-updates-what-s/ba-p/2632102.

My 1909 device then shows as needing all 3 Aug patches, the combined and the separate SSU and CU's, which is great until you come to use ADR's, this means it will download and deploy more content than needed if we want to use just the combined update. We use a basic query on the ADR based on date released, number required, and classification for Critical and Security, as the updates all fall into the security classification is there any recommendations around this without being to restrictive on the ADR?

The other issue I have found is that after deploying the combined update, both the combined and the separate CU appears as installed but the SSU still shows as required, I then went on the device and tried to manually install the SSU and it does appears the device thinks it is needed, so it appears the Combined Aug patch has not done what it should have and installed the SSU as well. Has anyone else had this problem?

I have checked and the content download does appear to be the size of both the SSU and CU combined.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,167 questions
Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
965 questions
Microsoft Configuration Manager
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AllenLiu-MSFT 40,476 Reputation points Microsoft Vendor
    2021-08-20T07:20:35.197+00:00

    Hi, @Sumner, Ann
    Thank you for posting in Microsoft Q&A forum.

    For the ADR, we may add the property filter Product="Windows Insider Pre-Release" to make sure we just use the combined update:
    124888-1.jpg

    For the second issue, I think we can ignore it, Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. So if the windows updates are installed, we can ignore whether SSU is installed.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  2. Sumner, Ann 31 Reputation points
    2021-08-20T08:38:19.067+00:00

    Hi, many thanks for your response.

    For the ADR, adding the Product is going to be to restrictive as this will then exclude any other product that has a classification of Critical or Security that is required and therefore we will end up missing patches that need to be deployed, for example any .net updates that may be in the classification of critical or security.

    Even with additional ADR's and phased running times, i,e we have an ADR for the product "Windows Insider Pre-release Category" to run as soon as the patches are released and then our non restrictive one to capture any other product runs a few days later, there will always be devices that show all 3 being required as they are not all guaranteed to patch and report back before the non restrictive ADR will run.

    In relation to the SSU, is ignoring this not defeating the object of the new simplified method? Isnt the purpose of the update in the category "Windows Insider Pre-release Category" a combined update and should install both the SSU and CU? Or am I misunderstanding how this combined update should be working?

    The commentary on article states "We shared a plan to ease the efforts of IT administrators by providing a single monthly update containing both the latest cumulative update (LCU) fixes as well as the latest SSU, if applicable. This single update package can be installed on a device to ensure that updates are applied in the correct order, thus reducing the chances of installation failures." In this instance the Aug CU and SSU are showing as applicable and it looks like the combined update did not install the SSU as the commentary suggests it should.

    0 comments
  3. AllenLiu-MSFT 40,476 Reputation points Microsoft Vendor
    2021-08-23T09:06:46.363+00:00

    Hi, @Sumner, Ann
    Thank you for the feedback.

    For the restrictive ADR, I think we can set the "title -cumulative update OR -servicing stack" to exclude CU and SSU updates.
    125563-1.jpg

    As for the issue the SSU still show required even the combined update has installed, you may try to add a comment in the article you are referencing to see if you can get a response.

    0 comments