In this article, I will show you how to deploy Microsoft Edge updates using SCCM ADR (Automatic Deployment Rule). By deploying MS Edge updates with SCCM ADR, you can update the Edge browser to the latest version on all computers.
The Edge browser can be updated to the most recent version using SCCM in two different ways: manually and automatically. Both approaches have advantages and disadvantages, but in my opinion, using Configuration Manager ADR to roll out MS Edge updates is simpler than doing so manually.
When you deploy MS Edge updates using Configuration Manager, you get better control over the deployment. You can specially choose the Edge version that you wish to update to and achieve a better compliance.
With manual software update deployment, you have to choose the updates from the software library and send them to the computers. When you only have one update to deploy, this may seem normal, but as more MS Edge updates are released each week, administrators will find it difficult to handle this task.
Switch to Microsoft Edge as Internet Explorer Support Ends
Microsoft recently made an announcement about Internet Explorer announcing its end of support. With Microsoft Edge capable of assuming this responsibility, the Internet Explorer 11 desktop application will be retired and go out of support on June 15, 2022, for certain versions of Windows 10. Therefore, you can now look to disable Internet Explorer using group policy.
Microsoft Edge has Internet Explorer mode built in, so you can access those legacy Internet Explorer-based websites and applications straight from Microsoft Edge. To achieve that, ensure you enable the IE mode within the Edge browser.
We know that Configuration Manager makes it easier to deploy software updates including third-party updates. Using the Automatic Deployment Rules, you can define the rules for patching MS Edge browser in SCCM. Getting the Microsoft Edge browser updated to latest version on all computers is the primary goal of deploying the ADR.
Why should you use ADR to deploy MS Edge Updates?
With SCCM, the best way to deploy MS Edge updates is through ADR rules that do it automatically. You can save a ton of time by using an ADR because you only need to create the Edge ADR once, define all the settings once, and it runs in accordance with the schedule. If you are new to the concept of ADR, refer to the detailed guide on how to create Automatic Deployment Rules in SCCM.
Unlike the manual updates deployment where you select and deploy a set of software updates in the ConfigMgr console, the SCCM ADR will automatically deploy MS Edge updates based on the criteria and rules that you specify in the ADR. With SCCM, you can automatically update Microsoft Edge to the latest version. Microsoft recommends using the most recent version of the Edge browser on enterprise computers.
Creating MS Edge Application in Configuration Manager
An essential feature introduced in SCCM version 1910 allows you to create MS Edge application directly in the console and deploy it to your computers. Creating an MS Edge application in SCCM is easy and takes only a few minutes of your time.
An alternative method for creating Microsoft Edge applications is to download the most recent Edge installer from the Microsoft website and package it in Configuration Manager as a new application. Once the MS Edge application has been created, it can be deployed to a device collection, and deployments can be monitored through the Configuration Manager console.
After you have deployed the MS Edge application to computers, you can create a device collection for Microsoft Edge in SCCM. You can have multiple device collections for Microsoft Edge based on multiple versions of browser.
Now I’ll go over the steps of creating an SCCM ADR to deploy MS Edge updates. If you are looking to deploy Microsoft Edge using Microsoft Intune, have a look at Edge Browser deployment with Intune.
Prerequisites to Deploy MS Edge Updates
Before we deploy MS updates using SCCM ADR, let’s have a look at the prerequisites.
- This guide assumes that you already have the Microsoft Edge browser deployed to all the machines. Windows 11 computers comes pre-installed with Edge browser.
- Ensure you have installed and configured the Software Update Point role which is a critical component for deploying the software updates.
- Most of all, if you don’t see Microsoft Edge updates in the console, make sure you have enabled the Updates classification under Software Update Point properties > Classifications. In addition to that, under Software Update Point properties > Products, select the Microsoft Edge product for synchronization. If it’s already selected, proceed with the deployment. Here is an easy guide that shows how to enable Edge product in SCCM SUP.
In the next section, I will demonstrate how to deploy MS Edge updates using SCCM ADR. I will also share the steps to create an ADR. So let’s get started.
Create an Automatic Deployment Rule for Microsoft Edge
Before you deploy MS Edge updates, you must create an SCCM ADR (Automatic Deployment Rule) using the following steps:
- Launch the Configuration Manager console.
- Go to Software Library > Overview > Software Updates.
- Right-click on Automatic Deployment Rules and click Create Automatic Deployment Rule.
On the General page of the Create Automatic Deployment Rule Wizard, specify the name for the ADR. For example, you can specify the ADR name as “Microsoft Edge Updates” or “Deploy MS Edge Updates” or something similar.
You may add a brief description about this ADR. Configuration Manager comes with set of built-in templates that has predefined configuration settings for the deployment. Click the drop-down and select Patch Tuesday as the Template.
Click Browse button and select a target collection to deploy MS Edge updates. This device collection should have at least few computers so that ADR run and patch updates to Edge browser.
You have the option to add new updates discovered by this rule to an existing Software Update Group or to create a new Software Update Group each time it runs. I prefer to create a new software update group for every product. Select Create a new software update group and click Next.
On the Deployment Settings page, choose the detail level as Only success and error messages. Next, select Automatically deploy all software updates found by this rule and approve any license agreements. Click Next.
Software Updates Property Filters and Search Criteria
This section here – Software Updates, is important. A subset of the filter criteria is displayed on this page, where you select and define the criteria for finding the updates for inclusion in the update deployment.
I am going to select the following property filters. In your case, you may alter the criteria based on your requirements.
- Date Released or Revised – Last 2 weeks (14 days)
- Product – Microsoft Edge
- Update Classification – Updates
After you make the above selection, click Preview.
Based on the property filters and search criteria that you defined above, in the preview updates window you can see the applicable or relevant Microsoft Edge updates. Since you have specified only Microsoft Edge as the product, it lists the updates for Beta, Dev, and stable channels. When you deploy Microsoft Edge updates using SCCM, only the relevant build updates will be deployed.
MS Edge Updates ADR Evaluation Schedule
On the Evaluation Schedule page, you need to define the schedule for ADR. I am going to enable the option “Run this rule on a schedule“. In the Custom Schedule box, select the recurrence schedule to “Monthly,” and it will recur every “1” month. To be more precise, I want to run this SCCM ADR on every second Wednesday of the month.
We know that Patch Tuesday is always the second Tuesday of every month, and that’s when Microsoft releases updates. It is also referred to as Update Tuesday. So let’s assume that we have a patch Tuesday update released for MS Edge, and we deploy the same update the very next day.
Note: You can choose the ADR schedule and set it according to your requirements. If you want to avoid deploying MS Edge updates very often, you can alter the schedule and adjust it. Not every organization would want to immediately implement the Patch Tuesday updates. Since I am testing the MS Edge ADR Updates deployment in my SCCM lab setup, I am going to go with the above configuration.
Click OK to save the changes and click Next to continue to the next step.
Configure ADR Deployment Schedule for MS Edge Updates
On the Deployment Schedule page, set the Time based on the Client Local Time. Select the Software Available Time to As Soon as possible and the Installation deadline to 7 days (this is by default). However, 7 days is a lot of time, so I am going to select As soon as possible. Click Next.
User Experience: On the User Experience window, you can configure user visual experience, deadline behavior, Device restart behavior. Choose the settings as shown in the below screenshot and click Next.
Create Microsoft Edge Updates Deployment Package
The deployment package that we create contains the MS Edge software updates downloaded by ADR and the same set of updates are deployed to computers. I recommend creating a new deployment package for Microsoft Edge updates because you can later verify the updates included in the deployment package.
Select Create a new deployment package and specify a Name and Description. Next, specify the package source which is a folder location on your server or a shared location. When the SCCM ADR runs, it downloads the MS Edge updates to this folder. Click Next.
Click the Add button and specify the distribution point or DP groups to host this content. When you deploy MS Edge updates to SCCM clients, the updates are downloaded from the local distribution point server. Therefore, it is important to distribute the updates to all the required distribution points. Click Next.
In this step, you specify the download location for the SCCM ADR and define where to download the Microsoft Edge updates from. Select Download software updates from the internet and click Next.
On the Language Selection window, you can specify the update languages for the Microsoft Edge updates. Click Next.
On the Download Settings page, click Next.
Finally, on the Summary page, verify all the settings that you have configured to deploy MS Edge updates. You may save the ADR settings as a template, and you can use this template next time you create an ADR. Click Next.
This completes the steps to create an SCCM ADR to deploy MS Edge updates. Wait for the ADR to run, evaluate and deploy the Edge updates to your computers.
Verify MS Edge Updates Download
When the SCCM ADR runs, it downloads the Microsoft Edge updates and stores them in the folder specified in the Deployment Package step. In case you don’t see any Edge updates downloaded, ensure the ADR rule is running without any errors. Review the rulengine.log to determine errors and warnings related to Automatic deployment rules.
Monitor Microsoft Edge Updates Deployment in SCCM
In order to speed up the MS Edge updates deployment, I altered the deployment schedule and triggered this ADR manually. As per our settings, whenever the ADR runs and downloads the updates, it puts them into a new Software Update Group.
In the Configuration Manager console, navigate to Monitoring > Overview > Deployments. Here you should find the MS Edge ADR deployment details. Right-click the software update deployment and select View Status.
In the below screenshot, we see that the ADR has successfully done its job, and we can see that all the machines within that device collection show as Compliant. If the computers are already running the latest version of Microsoft Edge browser, they should be listed as Compliant.
Let me show you how to monitor the Edge browser updates deployment on client computers. Assuming that you have already deployed the Edge ADR to client computer, log in to one of the computer and open the WUAHandler.log file. At this point, you should know about the SCCM log files to review on server and clients.
When I deployed the MS Edge application with SCCM, it was basically a stable build and the Edge version was 79.0.309.68. In the log file we can clearly see that new Edge browser build 80.0.361.62 is deployed over the existing build. The update ID here is ddaec3b6-3757-4951-81c4-cd4117876d11.
1. Update (Missing): Microsoft Edge-Stable Channel Version 80 Update for x64 based Editions (Build 80.0.361.62) (ddaec3b6-3757-4951-81c4-cd4117876d11, 201) WUAHandler
Async installation of updates started. WUAHandler
Update 1 (ddaec3b6-3757-4951-81c4-cd4117876d11) finished installing (0x00000000), Reboot Required? No WUAHandler
Async install completed. WUAHandler
Installation of updates completed. WUAHandler
From the above screenshot, we see the ADR has patched the Microsoft Edge browser on the client computer to the latest build. Let’s launch the Microsoft Edge browser on the client computer and check the version. Launch the Microsoft Edge browser and check the version to determine if you are running the latest build. We see the client computer is running the latest version of Microsoft Edge browser.
SCCM Reports for MS Edge Updates Deployment
SCCM comes with 400+ built-in reports and there are several reports to monitor and get information on software update deployments. Now that we know the ADR has deployed the Edge browser updates, you can also find more information about this deployment by visiting the Reports section.
Go to Reports > Software Updates – B Deployment Management. Click Management 3 – Updates in a deployment.
In the report, select the deployment, and you will find more details about the MS Edge updates in this deployment. Note that only Edge stable channel updates were deployed to 4 of my computers. And for the rest of the builds, it is listed as not required because the Edge browser running on these computers is already on latest version.
Thanks for the guide – as the preview includes beta updates will these try install too? Any way to exclude Beta updates?
Hi Prajwal,
ADR is not working properly. Last ADR update time is 29 March in SCCM console. ADR is selected with time period of 1 day for mentioned product and classification.
Since 29 March, there are no entries for ADR in SCCM console and previously it was showing entries on daily basis. As checked, ADR is successfully enabled in SCCM console and properties are verified and SCCM sync looks like working fine however not able to see any definition updates in SCCM for below after SCCM sync.
Products: Microsoft Windows Defender
Classification: Definition updates
Above options are checked in SUP as well.
Please suggest what may be the cause and how can it be corrected?
Thanks. you are doing great job..
Do you need to set any additional settings via the Edge GPOs for this?