This post covers the steps to deploy updates to Microsoft Edge browser using SCCM ADR (Automatic Deployment Rule). This is the easiest way to keep your Edge browser updated on all the machines.
In this past I have published several posts on deploying updates using Configuration Manager (Including third-party updates). Some of them were focused on Automatic Deployment Rules. In my opinion, ADR’s are really powerful because they have the ability to automatically approve updates and deploy them.
Using ADR’s saves lot of your time because you create an ADR only once defining all the settings and it runs based on the schedule. Unlike the manual updates deployment where you select set of software updates is selected the ConfigMgr console and these updates are deployed to the target collection.
A very nice feature in SCCM 1910 is you can create Edge application and deploy it to your estate. However there is one thing that you need to keep in mind. The Edge application that Configuration Manager creates for you is actually a PowerShell script. This script turns off automatic updates for Edge so they can be managed with Configuration Manager.
In this post I will be covering the steps to deploy Edge updates using SCCM ADR. If you are looking to deploy Microsoft Edge using Microsoft Intune, check this post.
- First of all to create an Edge application and deploy it using Configuration Manager, refer these posts. This guide assumes that you already have the Edge browser deployed to all the machines.
- Ensure you have installed and configured the Software Update Point role.
- Most of all, if you don’t see Microsoft Edge updates in the console, ensure you have enabled the Updates classification under Software Update Point properties > Classifications. In addition to that under Software Update Point properties > Products, select the Microsoft Edge product for synchronization. If it’s already selected, proceed with the deployment.
In the next step, you will learn how to deploy the latest updates to Edge browser.
Create Automatic Deployment Rule for Microsoft Edge
Before you deploy Edge browser updates, create SCCM ADR (Automatic Deployment Rule) using the below steps.
- Launch Configuration Manager console.
- Go to Software Library > Overview > Software Updates.
- Right click Automatic Deployment Rules and click Create Automatic Deployment Rule.
Create new Software Update Group
On the General page, specify the name for this ADR. For Template, click the drop-down and select Patch Tuesday. Next, click Browse and select the target device collection.
Every time this rule runs and finds new updates, you may either choose add it to existing Software Update Group or create a new Software Update Group every time. Select Create a new Software Update Group. Click Next.
On the Deployment Settings page, choose the detail level as Only success and error messages. Next, select Automatically deploy all software updates found by this rule and approve any license agreements. Click Next.
Software Updates – Property Filters and Search Criteria
This section here – Software Updates is important. A subset of the filter criteria is displayed on this page, where you select and define the criteria for finding the updates for inclusion in the update deployment.
I am going to select following property filters. In your case you may alter the criteria based on your requirements.
- Date Released or Revised – Last 2 weeks (14 days)
- Product – Microsoft Edge
- Update Classification – Updates
After you make the above selection, click Preview.
Based on the property filters and search criteria that you defined above, in the preview updates window you can see the applicable or relevant updates. Since you have specified only Microsoft Edge as the product, it lists the updates for Beta, Dev and stable channel.
ADR Evaluation Schedule
On the Evaluation Schedule page, you need to define when this ADR runs. I am going to select Run this rule on a schedule option. On the Custom Schedule box, select recurrence schedule to Monthly and recur every 1 month. To be more precise I want to run this SCCM ADR on every second Wednesday of the month.
We know that Patch Tuesday is always the second Tuesday of every month. It is also referred to as Update Tuesday. So let’s assume that we have a patch Tuesday updates released for Edge and we deploy the same updates the very next day.
Note – You can change this schedule and set it according to your requirements. Not every organization would want to deploy the patch Tuesday updates very next day. Since I am testing the Edge ADR Updates deployment in my SCCM lab setup, I am going to go with this configuration.
ADR Deployment Schedule for Edge Updates
On the Deployment Schedule page, set Time based on to Client Local Time. Choose the Software available time to As soon as possible and Installation deadline to 7 days (this is by default). However 7 days is a lot of time, so I am going to select As soon as possible. Click Next.
User Experience – Choose the settings as shown in the below screenshot and click Next.
Create Edge Updates Deployment Package
The deployment package consists of Edge updates and you must create a new deployment package. Select Create a new deployment package and specify Name and Description.
Next, specify the package source. Specify a folder to store Edge Updates. When the SCCM ADR runs, it downloads the Edge updates to this folder.
Click Add button and specify the distribution point or DP groups to host this content. Click Next.
For download location, select Download software updates from the internet. Click Next.
On the Download Settings page, click Next.
Finally on the Summary page, verify all the details. You may save it as a Template. Click Next.
The SCCM ADR for Microsoft Edge updates is ready. You just need to wait for this ADR to run and deploy the Edge updates.
When the ADR runs, it downloads the Edge updates and stores in the folder specified in Deployment Package step.
Monitor Edge Updates Deployments
In order to speed up the updates deployment, I altered the deployment schedule and triggered this ADR manually. As per our settings, whenever the ADR runs and downloads the updates, it puts them into new Software Update Group.
If you visit Monitoring > Overview > Deployments, you should see the new ADR deployment entry. Right click the software update deployment and click View Status.
In my case the ADR has successfully done it’s job and we can see that all the machines within that device collection show as Compliant.
You may go to any of the client computer and open WUAHandler.log file. When I deployed Edge browser using SCCM, I remember I deployed a stable build and the version was 79.0.309.68.
In the log file you can clearly see that new build 80.0.361.62 is deployed over the existing build. The update ID here is ddaec3b6-3757-4951-81c4-cd4117876d11.
1. Update (Missing): Microsoft Edge-Stable Channel Version 80 Update for x64 based Editions (Build 80.0.361.62) (ddaec3b6-3757-4951-81c4-cd4117876d11, 201) WUAHandler Async installation of updates started. WUAHandler Update 1 (ddaec3b6-3757-4951-81c4-cd4117876d11) finished installing (0x00000000), Reboot Required? No WUAHandler Async install completed. WUAHandler Installation of updates completed. WUAHandler
You can also open the Edge browser and check the version to determine if you are running the latest build.
Now that we know the ADR has deployed the Edge browser updates, you can also find more information about this deployment by visiting the Reports section.
Go to Reports > Software Updates – B Deployment Management. Click Management 3 – Updates in a deployment.
In the report select the deployment and you will find more details about the updates in this deployment. Note that only Stable channel updates were deployed to 4 of my computers. And for rest for the builds, it is listed as Not Required.