Run Software Update Evaluation After Updates Have Installed
The recent Servicing Stack Update released out of band in May was made a requirement for the June cumulative updates but itself did not require a reboot. This created a conundrum for organizations patching devices with maintenance windows. Because of the lack of reboot on the servicing stack update there was no option to run a full evaluation that would detect that the cumulative update was now applicable and install it within the same maintenance window.
A few ways to solve that problem but the one that strikes me as straight forward is to modify, extend, or duplicate the "if any update in this deployment requires a system restart, run updates deployment evaluation cycle after restart" feature introduced in CB 1606 to allow it to run a full evaluation after all of the updates have installed, regardless of the reboot condition. Where maintenance windows allow this would enable the user to install updates that are newly available regardless of reboot.
Bonus Points: Support an option that does so even if the updates fail. So many times simply retrying an install solves the problem.
This is the most important/missing feature today. This is right not only for servicing stack updates but also for regular updates. Currently there is no simple/builtin way to get (some) systems fully patched using a single deployment schedule within a single window, if some updates fail during the deployment, or if some updates cause WU client to detect new updates in next scan cycle.
The problem is that a deployment may show as compliant, let's say in the morning after patching, but later it the same deployment shows as non-compliant. This is because the re-scan or re-evaluation cycle occurs after the maintenance window ends. According to the documentation the interval between 2 scan cycles or 2 deployment re-evaluations cycles cannot be set to less than 1 day. The documentation states that if the interval is set to less than 1 day it is reset automatically to 1 day.
There a lot of workarounds to get deployment re-scheduled again or creating multiple deployments or multiple cycles, but this get complicated and causes a an administrative overhead, instead of packing multiple cycles into a single step.
@Hermann, I agree, integrating the SSU into the CU is the better solution but it's not one the ConfigMgr product team can do. Since the SSU updates the mechanisms used to install the CUs who knows if that's even technical possible.
I'm not sure I understand your endless loop comment though. The loop will end when either the maintenance window finishes or all applicable updates are installed. To clarify, we're not talking about full evals after _each_ update, just after _all_ the updates have been installed.
Would be nice, if servicing stack update be integrated in cumulative Updates (Pre-Install), because this doesn't need any reboots. Suggestion that it starts a full evaluation after applying updates could have big negative impact on Servers (endless loops).