question

SumnerAnn avatar image
0 Votes"
SumnerAnn asked saldana-msft edited

MECM / Windows Update Simplified Update KB5005031

So just looking at the new simplified deployment of the SSU and CU through MECM, I have enabled the "Windows Insider Pre-release Category" as suggested in the article published: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplified-deployment-of-windows-servicing-stack-updates-what-s/ba-p/2632102.

My 1909 device then shows as needing all 3 Aug patches, the combined and the separate SSU and CU's, which is great until you come to use ADR's, this means it will download and deploy more content than needed if we want to use just the combined update. We use a basic query on the ADR based on date released, number required, and classification for Critical and Security, as the updates all fall into the security classification is there any recommendations around this without being to restrictive on the ADR?

The other issue I have found is that after deploying the combined update, both the combined and the separate CU appears as installed but the SSU still shows as required, I then went on the device and tried to manually install the SSU and it does appears the device thinks it is needed, so it appears the Combined Aug patch has not done what it should have and installed the SSU as well. Has anyone else had this problem?

I have checked and the content download does appear to be the size of both the SSU and CU combined.

mem-cm-generalwindows-server-update-servicesmem-cm-updates
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered AllenLiu-MSFT edited

Hi, @SumnerAnn
Thank you for the feedback.

For the restrictive ADR, I think we can set the "title -cumulative update OR -servicing stack" to exclude CU and SSU updates.
125563-1.jpg

As for the issue the SSU still show required even the combined update has installed, you may try to add a comment in the article you are referencing to see if you can get a response.



1.jpg (42.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SumnerAnn avatar image
0 Votes"
SumnerAnn answered SumnerAnn edited

Hi, many thanks for your response.

For the ADR, adding the Product is going to be to restrictive as this will then exclude any other product that has a classification of Critical or Security that is required and therefore we will end up missing patches that need to be deployed, for example any .net updates that may be in the classification of critical or security.

Even with additional ADR's and phased running times, i,e we have an ADR for the product "Windows Insider Pre-release Category" to run as soon as the patches are released and then our non restrictive one to capture any other product runs a few days later, there will always be devices that show all 3 being required as they are not all guaranteed to patch and report back before the non restrictive ADR will run.

In relation to the SSU, is ignoring this not defeating the object of the new simplified method? Isnt the purpose of the update in the category "Windows Insider Pre-release Category" a combined update and should install both the SSU and CU? Or am I misunderstanding how this combined update should be working?

The commentary on article states "We shared a plan to ease the efforts of IT administrators by providing a single monthly update containing both the latest cumulative update (LCU) fixes as well as the latest SSU, if applicable. This single update package can be installed on a device to ensure that updates are applied in the correct order, thus reducing the chances of installation failures." In this instance the Aug CU and SSU are showing as applicable and it looks like the combined update did not install the SSU as the commentary suggests it should.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered

Hi, @SumnerAnn
Thank you for posting in Microsoft Q&A forum.

For the ADR, we may add the property filter Product="Windows Insider Pre-Release" to make sure we just use the combined update:
124888-1.jpg

For the second issue, I think we can ignore it, Servicing stack updates provide fixes to the servicing stack, the component that installs Windows updates. Servicing stack updates improve the reliability of the update process to mitigate potential issues while installing the latest quality updates and feature updates. So if the windows updates are installed, we can ignore whether SSU is installed.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



1.jpg (80.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.