Enabling administrator updates to Visual Studio with Microsoft Endpoint Configuration Manager
Applies to: Visual Studio Visual Studio for Mac Visual Studio Code
When Microsoft releases a new Visual Studio update, Microsoft will simultaneously publish a corresponding Visual Studio administrator update package to the Microsoft Update servers. An administrator can then distribute the Visual Studio administrator update package via Windows Server Update Services (WSUS) by using the Configuration Manager (SCCM), or via Windows Update for Business (WUfB) by using the Microsoft Endpoint Manager (Intune).
Use Microsoft Endpoint Manager (Intune) to update to cloud connected devices using Visual Studio administrator updates
Microsoft Endpoint Manager can be used to configure device policies across the organization such as enrolling the devices into Windows Update for Business (WUfB) and enabling the MUUpdateServicePolicy. Devices that have been configured in this way will automatically be eligible to receive and install the applicable Visual Studio administrator updates via the "Receive updates for other Microsoft products" channel in Windows Update.
Enable Configuration Manager (SCCM) to receive and distribute Visual Studio administrator updates
Configuration Manager (SCCM) can be set up to synchronize and download the Visual Studio administrator updates from the Windows Server Update Services (WSUS) catalog, and then deploy it to Visual Studio client machines across the organization.
First, to run Configuration Manager (SCCM), you'll need a current licensed version of Windows Server running Microsoft Endpoint Configuration Manager (current branch) and Windows Server Update Services (WSUS). You can’t use WSUS itself to deploy these updates; it must be used in conjunction with SCCM.
SCCM must be configured to receive notifications when Visual Studio administrator update packages are available. To do that, use the following steps, and for more information, see Introduction to software updates in Microsoft Endpoint Configuration Manager (SCCM).
In the SCCM console, select Administration (bottom-left), then select Site Configuration (middle left), then select Sites, and select your site server.
On the Home tab ribbon at the top, in the Settings group button, select Configure Site Components, and then select Software Update Point.
In the Software Update Point Component Properties dialog box:
On the Products tab, under the Developer Tools, Runtimes, and Redistributables hierarchy, choose the versions of Visual Studio you want to synchronize.
On the Classifications tab, make sure “Security Updates”, “Feature Packs”, and “Updates” are selected.
- Next, synchronize the software updates with the WSUS server by choosing Software Library (bottom-left), and then on the Home tab ribbon at the top, select the Synchronize Software Updates button. Synchronizing Software Updates will make the available Visual Studio administrator updates visible in, and able to be deployed from, the SCCM console.
Note that only Visual Studio security Administrator updates are published to WSUS by default. If you want to deploy feature or quality administrator updates through SCCM, you'll need to manually import them from the Microsoft Catalog and then deploy them.
After you perform these steps, you can use the software update management capabilities of Configuration Manager (SCCM) to deploy the Visual Studio administrator updates. The different types and characteristics of Visual Studio administrator updates are described in Applying administrator updates, which provides guidance about how and when they should be distributed throughout your organization. For more information about Configuration Manager (SCCM) functionality and options, see Deploy software updates in Microsoft Endpoint Configuration Manager (SCCM).
Enable (or disable) client machines' ability to receive Visual Studio administrator updates from Configuration Manager (SCCM)
The client machines must be configured properly if they are going to recognize and accept Visual Studio administrator updates.
Visual Studio Client Detector Utility
The Visual Studio Client Detector Utility must be installed on the client machines in order for the Visual Studio administrator updates to be properly recognized and received. This utility was included and installed with all Visual Studio product updates that were released on or after May 12, 2020, it is included as a pre-requisite with all the Visual Studio administrator updates, and it is also available on the Microsoft Update Catalog to deploy and install independently.
Encoding administrator intent on the client machines
The client computers must be enabled to receive Visual Studio administrator updates. This step is necessary to make sure that the updates are not unintentionally or accidentally pushed out to unsuspecting client computers.
The AdministratorUpdatesEnabled policy, implemented via a registry key, is designed for the administrator to encode administrator intent. For details on how to set this policy, refer to Set Policies for Enterprise Deployments. Admin access on the client computer is required to create and set the value of this policy.
- AdministratorUpdatesEnabled policy set to 1 configures the client computer to accept Administrator Updates via WSUS/SCCM.
- AdministratorUpdatesEnabled policy set to 2 configures the client computer to accept Administrator Updates via either WSUS/SCCM or WUfB/Intune.
- AdministratorUpdatesEnabled policy set to 0 or absent blocks administrator updates from being applied to the client computer.
Ensuring the account has the right privileges and permissions
By default, the client machine's SYSTEM account will be downloading and installing the Visual Studio administrator updates. This means that the SYSTEM account must have administrative privileges to the machine. Additionally, depending on where the client is configured to obtain the product sources from, the SYSTEM account must also have access to at least to either the Visual Studio endpoints on the internet or permissions to read from the network layout location in order to download the updated product bits. Note: an easy way to grant permissions to a network share for a collection of client machines' SYSTEM accounts is to grant permissions to the "Domain Computers" AD group.
Feedback and support
Support or troubleshooting
Sometimes, things can go wrong. If your Visual Studio installation fails, see Troubleshoot Visual Studio installation and upgrade issues for step-by-step guidance.
Here are a few more support options:
- We also offer an installation chat (English only) support option for installation-related issues.
- Report product issues to us via the Report a Problem tool that appears both in the Visual Studio Installer and in the Visual Studio IDE. If you're an IT Administrator and don't have Visual Studio installed, you can submit IT Admin feedback here.
- Suggest a feature, track product issues, and find answers in the Visual Studio Developer Community.
You can use the following methods to provide feedback about Visual Studio administrator updates or report issues that affect the updates:
- Refer to the Troubleshooting Visual Studio installation and upgrade issues guidance.
- Ask questions to the community at the Visual Studio Setup Q&A Forum.
- Go to the Visual Studio support page, and check whether your issue is listed in the FAQ. You can also select the Support Link button for chat help.
- Provide feature feedback or report a problem to the Visual Studio team regarding this experience of enabling administrator updates.
- Contact your organization’s technical account manager for Microsoft.
- Applying administrator updates
- Visual Studio administrator guide
- Visual Studio Product Lifecycle and Servicing
- Install Visual Studio
- Update Visual Studio
- Microsoft Update Catalog FAQ
- What is Windows Update for Business
- Intune fundamentals
- Microsoft Endpoint Configuration Manager (SCCM) documentation
- Import updates from Microsoft Catalog into Configuration Manager
- Windows Server Update Services (WSUS) documentation
Submit and view feedback for