Automatic Deployment Rules (ADR) and ConfigMgr and why you should use them

by | Jun 13, 2023 | Tech Blog

Patch Tuesday Webinar

Join Patch My PC's Jordan Benzing and Bryan Dam every Thursday succeeding Patch Tuesday for the Patch Tuesday Support Group Webinar.

Patch Tuesday Releases

Tech Blogs

Critical Patches

In this blog we will review Automatic Deployment Rules (ADRs) and how they can be used to simplify and automate your patching processes in Microsoft Configuration manager.

What is an ADR

When a Software Update Group (SUG) is deployed as a result of an ADR evaluation, updates can be automatically deployed to devices in a target collection. This means that you don’t have to manually select which updates to deploy, resulting in a huge time saving effort

Additionally, by using an ADR to create deployments, you can ensure that all of the devices in your environment are kept up to date with the latest security patches and other important updates. This is critical for maintaining a secure and compliant environment.

 

Getting Started with ADRs

1. Launch your ConfigMgr Console

2. Configure the Software Update Point Role within your ConfigMgr Console. You must have at least one Software Update point defined in your hierachy.

Validating your Software Update point Role is defined.

3. Define the classifications for patching, select what you require. Selecting un-needed classifications will add un-necessary bloat in the Windows Server Update Server (WSUS) database.

Select as required

4. Now align your products as required. Again, be selective here select what you require and ideally nothing more.

Selecting products used in your environment

5. Define your Sync Schedule as required according to your company’s policy.

Overall Sync Schedule when reach out to Micrsoft to pull those updates down as selected

For clarity you want to align patching process and if possible, with your evaluation schedule of your ADR rule. More to come on this further in the document.

Creating and Defining an ADR

Within your ConfigMgr console, select Software Library > Overview > Software Updates > Automatic Deployment Rules.

If you right click on the Automatic Deployment Rules Icon, you should get a popup window.

Creating a new ADR rule

Provide a Name and select a Collection, ideally a test one to being with. Choose whether you want to create a new Software Update Group (SUG) each time the ADR is evaluated or if you want to use the same one each time.

Provide a Name, target a test collection ideally, and I create a new Software Update Group for new ADR rules

Set your type of deployment. I set REQUIRED as I am targeting a test group to validate those updates.

Set your deployment type, I set REQUIRED as I am targeting a test group to validate those updates

Here by using set filters it allows you to be granular and specific on the output. Use the preview button here to see excepted results.

Here by using set filters it allows you to be granular and specific on the output.  Use the preview button here to see excepted results

Define here how you require those updates to be evaluated. This is critical on how you would like those ADR to perform.

Define here how you require those updates to be evaluated. Thís is critical on how you would like those ADR to perform
Starting in version 2203, the Software available time and Installation deadline for deployments created by an ADR are now calculated based on the time the ADR evaluation is scheduled and starts. Previously, these times were calculated based on when the ADE evaluation completed. This change makes the Software available time and Installation deadline consistent and predictable for deployments.

An ADR evaluation can run as often as 3 times a day. 

Software Updates when available you control here, as well as the desired deadlines

Define when you want the software updates to be available and the deadline for installation.

How updates are shown in Software Center, what happens after the deadline is reached, and restart options based OS.

Define how updates are shown in the Software Center, what happens after the deadline is reached. Also define the restart options based on the OS type (server vs workstation).

Generate alerts in Console as well sending alerts to SCOM if required

Generate alerts in Console as well sending alerts to SCOM if required.

What are Deployment Packages?

Similar to software distribution packages, deployment packages are simply the collection of files needed for a set of updates. They must have a source folder and be available to clients by assigning them to distribution points. There is no way to create a deployment package from the console, you can only create one using the Deploy Software Updates Wizard or the Download Software Updates Wizard.

Create your Deployment package. I created a new deployment package to align with a NEW universal naming convention UNC share for ADR rules associated with PMPC.

I create a UNC share where the binaries go for that ADR rule being set

I create a UNC share where the binaries go for that ADR rule being set.

Here I target what distribution point I want the content to flow to

Here I target what distribution point I want the content to flow to.

The default is fine here, unless your Software Update Point does not have access outbound

The default is fine here, unless your Software Update Point does not have access outbound.

Can select additional languages as required, this increases the content significantly here

You can select additional languages as required, this increases the content significantly here.

New feature allowing cloud based as a preferred source. Other factors come to play here, such as split tunnelling

New feature allowing cloud based as a preferred source. Other factors come to play here, such as split tunneling.

Summary on that ADR creation.

Summary on that ADR creation.

For the Progress and Completion, just select next.

Congratulations, you have now created an ADR rule to help deploy software updates to your organization!  Now you can add additional deployments to that rule allowing for more control on how those updates go out.

Tech Blog

PowerShell Uses - Feature Image

PowerShell Uses – Things to Start Doing, Things to Stop Doing

There are some things in PowerShell that you need to start doing but also stop doing. What is PowerShell and some of the best practices?

Intune Win32 Apps Guide to Availability and Deadlines Feature Image

Intune Win32 apps: A Strategic Guide to Availability and Deadlines

Discover the ins and outs of Intune Management Extension in our latest blog post. We’re exploring its behavior with scheduled win32 app...

Windows Defender Exploit Guard breaks Google Chrome

Often, blog titles are sensationalised and designed to draw the readers attention. In September 2023, we did actually observe the behavior described...
Discovery Apps - Intune Software Inventory - Feature Image

Discovered Apps – The Intune Software Inventory

Is there an Intune Software Inventory? How does Intune detect apps installed in my tenant? Find out everything you need to know about Discovered...

Intune Scope Tags and Role-Based Access Control Explained

In today's interconnected era, it has become increasingly common for large organizations to have multiple IT departments and workers spread across...

Intune Discovered Apps – Missing Inventory Data

At the tail end of June 2023 and into the first week of July 2023, many admins started to report that application inventory data was missing in...
Intune Discovery Apps - Detecting your applications and gaining back control Feature Image

Intune Discovered Apps – Detecting your applications and gaining back control

Learn more about the power of Intune Discovered Apps for application inventory management. Detect and manage your software inventory...

Intune Microsoft Store Integration App Migration Failures (0x87D1041C)

In July 2021, Microsoft announced that both Microsoft Store for Business and Education would be deprecated on March 31, 2023. While Microsoft has...

How to use PowerShell to install Windows updates & ensure long-term compliance

In this post I will walk you through how to install Windows updates and report on patch compliance using Windows PowerShell. We will be using:...

Mastering ConfigMgr Client Actions

In this blog post, we’ll take a deep dive into the various SCCM client actions, including when to use them, what they do, and which log files...

PowerShell Uses – Things to Start Doing, Things to Stop Doing

There are some things in PowerShell that you need to start doing but also stop doing. What is PowerShell and some of the best practices?

Intune Win32 apps: A Strategic Guide to Availability and Deadlines

Discover the ins and outs of Intune Management Extension in our latest blog post. We’re exploring its behavior with scheduled win32 app...

Windows Defender Exploit Guard breaks Google Chrome

Often, blog titles are sensationalised and designed to draw the readers attention. In September 2023, we did actually observe the behavior described...

Discovered Apps – The Intune Software Inventory

Is there an Intune Software Inventory? How does Intune detect apps installed in my tenant? Find out everything you need to know about Discovered...

Intune Scope Tags and Role-Based Access Control Explained

In today's interconnected era, it has become increasingly common for large organizations to have multiple IT departments and workers spread across...

Intune Discovered Apps – Missing Inventory Data

At the tail end of June 2023 and into the first week of July 2023, many admins started to report that application inventory data was missing in...

Intune Discovered Apps – Detecting your applications and gaining back control

Learn more about the power of Intune Discovered Apps for application inventory management. Detect and manage your software inventory...

Intune Microsoft Store Integration App Migration Failures (0x87D1041C)

In July 2021, Microsoft announced that both Microsoft Store for Business and Education would be deprecated on March 31, 2023. While Microsoft has...

How to use PowerShell to install Windows updates & ensure long-term compliance

In this post I will walk you through how to install Windows updates and report on patch compliance using Windows PowerShell. We will be using:...

Mastering ConfigMgr Client Actions

In this blog post, we’ll take a deep dive into the various SCCM client actions, including when to use them, what they do, and which log files...