Let’s learn how to deploy Windows 11 updates using ConfigMgr ADR. We will create automatic deployment (ADR) rule in SCCM and deploy Windows 11 updates.
If you are managing Windows 11 devices using ConfigMgr, you can now deploy Windows 11 updates too. Patching Windows 11 computers ensures the devices are installed with the latest updates.
Using ConfigMgr ADR to deploy Windows 11 computers is the best option because the ADR automatically approves the updates and deploys them. You create ADR once, schedule it and the updates will be deployed as per the schedule.
If you are new to updates deployment in SCCM, I recommend reading how to Create Automatic Deployment Rule In SCCM. And to get started with updates deployment, read how to deploy software updates using SCCM.
Generally, there are two ways to deploy updates in SCCM.
- Automatic – This method is most preferred because it saves your time. You create an ADR, define the rules, specify the deployment schedule and that’s it. The rule runs based on the schedule.
- Manual – This method is tiresome as it requires you to select updates manually and deploy it to computers every time.
Although, Windows 11 updates can be manually deployed using SCCM however I recommend using ADR. This should save your time and the updates deployment process becomes so easy.
Microsoft released two new updates this week for Windows 11, and they are as follows. We should see more Windows 11 updates by Microsoft in coming months.
2021-10 Cumulative Update for Windows 11 for x64-based Systems (KB5006674)
2021-10 Cumulative Update for Windows 11 for ARM64-based Systems (KB5006674)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 for x64 (KB5005537)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 for ARM64 (KB5005537)
Step 1 – Install and Configure Software Update Point Role
Before you deploy Windows 11 updates using ConfigMgr ADR, your setup must be ready to deploy updates. I have published a step-by-step guide on how to install and configure software update point role in SCCM. Use the guide to set up the SUP role in SCCM.
Step 2 – Enable Windows 11 Product in SCCM
After you have installed and configured SUP, you next task is to enable the Windows 11 product. The Windows 11 updates will appear in the ConfigMgr console only when you enable Windows 11 product.
- In the ConfigMgr console, go to Administration\Overview\Site Configuration\Sites.
- Click Configure Site components on top ribbon and select Software Update Point.
- On the Software Update Point Component properties window, click the Products tab.
- Scroll down and select or enable Windows 11 product. Click Apply and OK.
Step 3 – Create ConfigMgr ADR to deploy Windows 11 Updates
Let’s create an ADR in ConfigMgr to deploy Windows 11 updates with following steps.
- Launch the Configuration Manager console.
- Navigate to Software Library > Overview > Software Updates > Automatic Deployment Rules.
- To create a new ADR for Windows 11, right click on Automatic Deployment Rules and click Create Automatic Deployment Rule.
On the General window, specify the name for the ConfigMgr ADR as Deploy Windows 11 updates. Select the Template as Patch Tuesday. If you already have a saved template, click Manage Templates and select it.
Next, you must specify the target collection for the software update deployment. Click Browse and select Windows 11 device collection.
Tip – If you haven’t created a device collection for Windows 11 yet, refer the following guide to create Windows 11 SCCM device collection.
You must choose what happens when the ADR runs and finds new updates.
- Add to an existing Software Update Group
- Create a new Software Update Group
You can also turn on the option to enable the Windows 11 updates deployment after this rule is run. Click Next.
On the Deployment Settings window, you specify the additional settings for the Automatic Deployment Rule.
Type of deployment – Choose between Available and Required. I am going to select Available because at the end, I want to show you the Windows 11 updates that appear in Software Center for installation.
Detail level – leave this option to default “Only success and error message”.
For license agreement, select Automatically deploy all software updates found by this rule, and approve any license agreement. Click Next.
When you want to deploy Windows 11 updates using SCCM, you need to be specific with what you want to include in the deployment.
On the Software Updates window, select the following criteria for Windows 11.
- Date Released or Revised – Last 1 month (You can choose other options too and go back up to a year).
- Product – Select Windows 11 as product.
- Update Classification – select Critical Updates OR Security Updates OR Updates.
Click the Preview button.
Based on the search criteria that we defined, the preview updates window shows the applicable updates. We have got 4 Windows 11 updates that can be deployed. Click Close.
The Evaluation Schedule settings allow you to choose how often or when you want the ConfigMgr ADR to run.
- Do not run this rule automatically – Select this option to run the rule manually every time.
- Run the rule after any software update point synchronizations – Runs the ADR after every SUP synchronization.
- Run the rule on a schedule – Define a schedule to run the ConfigMgr ADR.
Based on your requirements, select the desired option and click Next.
On the Deployment Settings window, you define the schedule for Windows 11 updates deployment. Select the Time based on to Client Local Time.
Software Available Time – You specify when the software updates are available. You can either select the software updates to be made available as soon as possible or at a specific time.
I have selected software available time to As soon as possible because I am deploying the Windows 11 updates in my lab. For production environment, always choose specific time and allow at least 4 hours to make the updates available.
Click Next.
You can define the user experience settings and choose the user settings. Click Next.
On the Alerts window, you can specify the software update alert options for the deployment. I am not going to select any options here, click Next.
Let’s create a new Windows 11 updates deployment package. A deployment package contains the software updates that are associated with this rule.
Select Create a new deployment package and add a brief description. Specify the package source, a folder path that should contain Windows 11 updates.
Click Next.
Select the Distribution Points to host the Windows 11 updates. Click Next.
Specify the download location for the ConfigMgr ADR. Select Download Software Updates from the Internet. Click Next.
On Language Selection window, you can select additional languages for the products. Click Next.
On the Summary window, you can confirm the settings and click Next.
We have successfully created Automatic Deployment Rule in ConfigMgr to deploy Windows 11 updates.
Step 4 – Test the Windows 11 Updates Deployment
In the above step, we created a ConfigMgr ADR to deploy Windows 11 updates to our endpoints. Let’s test the Windows 11 updates deployment on client computers.
On the client computer, the Windows 11 updates should appear in software center. You can manually initiate the software updates deployment evaluation cycle from ConfigMgr client properties.
Launch the software center and select updates tab. The software are available to install because we chose the updates to be made available in our ADR.
Select any Windows 11 update and click Install. The update downloads and installs on Windows 11 computer.
That completes the steps to deploy Windows 11 updates using ConfigMgr ADR. The last section I want to cover is about the troubleshooting updates.
Troubleshooting Windows 11 Updates Deployment in SCCM
This final section includes some tips to troubleshoot the Windows 11 updates deployment. This is a vast topic and not everything can be covered here.
After you deploy Windows 11 updates via ConfigMgr ADR, you must first review the ruleengine.log. The ruleengine.log records details about automatic deployment rules for the identification, content download, and software update group and deployment creation.
If the ADR fails to run, the errors should be logged in ruleengine.log.
On the client computer, there are multiple ConfigMgr log files that you must review to troubleshoot updates deployment. Refer to the following guide for SCCM client logs for troubleshooting software updates deployments.
