The Current Branch 2002 release introduced a feature to install SSUs first but only when triggered by the deadline.
From the docs:
"SSUs are installed first only for non-user initiated installs. For instance, if a user initiates an installation for multiple updates from Software Center, the SSU might not be installed first."

A lot of work has been put into encouraging user-participation in the patching process. I want the user to decide when they're ready to install the updates and avoid situations where the deadlines impact their work. In those scenarios the behavior introduced in 2002 therefore not helpful.

I realize that if a user manually triggers the installs one-by-one that there's not much you can do about it. However, in pretty much every other scenario I would like to see the SSU install first.

For example:
User schedules the install from the update notification dialog.
User clicks 'Install All'.
User select multiple updates, including an SSU.

For a Task Sequence, any content you have referenced and as long as you have "Download All Content Before Starting" set on the Deployment, it will download the Content into the CCMCache using BranchCache. However, we don't want to "Download all Content before Starting" in several situations, and in those cases, The Task Sequence doesn't leverage BranchCache at all for the download, which is VERY Bad.

Please enable the ability for a Task Sequence to leverage BranchCache during an active Task Sequence when it downloads content during the Task Sequence.

Priority 1, Make this work in Full OS
Priority 2, Make it work in WinPE

Different products teams decide how they will deploy there updates and various methods are needed to control deployments.
Example: MS 365 Apps, Edge, AIP are available as software updates which is very good. OneDrive they ask you to go out to this site and check when the update will be available to the enterprise ring. https://support.microsoft.com/en-us/office/onedrive-release-notes-845dcf18-f921-435e-bf28-4e24b95e5fc0?ui=en-us&rs=en-us&ad=us. You then have to download it and deploy it before the date to stop it from pulling down from the internet. Teams no way to control it and no idea when it will update. PowerBi have to go out download and deploy it. WhiteBoard app indicated to use Intune to control it or CM and go out and download and distribute every two weeks. Appstore apps have some control. You have no clear deployment strategy for many of your biggest products.

The idea is to have your product groups design the updates to work in Configuration Manager like MS 365 Apps, Edge and AIP a software update that comes out on a Tuesday.

When deploying third-party updates using CMG, the client will detect it's on the internet. In the CAS.log, you will see it things it should reach directly out to windows updates (WUMU) in the CAS.log. The DP returned on ContentLocation.log is actually the internal WSUS location of where the third-party update was downloaded. This path is not resolvable from an internet client and shouldn't be used.

If the client detects it's on the internet, it should never attempt to download from windows updates, since these updates are not applicable for that scenario. The update will timeout after 3 minutes and 3 download failures and will then fallback to CMG. This timeout can cause a lot of time.

For a repro, please see our YouTube video here: https://youtu.be/rZXexnGyee0?t=1041

Some of our customers work in the application model with available deployments. They would like to let the employees choose which application they want to install, but the update should be installed automatically if the user has already installed an application himself via the software center.

Let's assume that with the help of Supersedence we update Application with name "Av1.0" with a second Application named "Av1.1" via available deployment. Then the supersedence should recognize whether the product assigned with the help of the available deployments was installed on a client and if so, the update should take place automatically. if this is not the case, only the new version can be displayed in the software center (as the behavior is now)

Currently, when using the Run PowerShell Script step, you can specify a package and a script in that package, or you can use the entry box and enter custom powershell code there. It would be great to be able to specify package source AND use the custom code entry together. An example:

Run Command Line with a Package Source selected:

Powershell.exe -ExecutionPolicy Bypass Import-StartLayout -LayoutPath .\StartMenu.bin -MountPath C:\

Run PowerShell Script with Package selected:

Import-StartLayout -LayoutPath .\StartMenu.bin -MountPath C:\

To do this today using Run PowerShell Script, I would have to create a PS1 file in my Package source and select it as the script to use. This means that any script changes I make there would require updating the package source. If my package payload isn't changing and i just want to customize the script, using the Add Script option & Package source would be a great addition.