SCCM - Add Modern App updates into SCCM like IE or Windows Updates. Patients affected
We support 86,000 health care Windows 10 clients. Built IN Modern apps like Photos update randomly in the middle of the day TAKING down our entire WAN and LAN forcing emergency rooms to stop working.
This is due to 300MB per App per machine x 80,000+ machines = 24,000,000 MB of data coming through the Internet Gateway regularly with EACH app update. We have tracked this data all coming from the Microsoft App update servers.
We have to patch built in apps like Edge and Photos for health care security. Redundant apps have been uninstalled and Windows Store is blocked.
For Windows Updates we have SCCM distribution points at each LAN Active Directory Site and use Branch Cache. We schedule the updates for midnight for least impact to clients and we repress reboots if logged on so the clients can reboot only when it doesn't impact patient care.
We have opened a Microsoft ticket on this. So far the only 2 options Microsoft have given for our clients is
1> Continue to shut down health care computers to update apps mid-day and affect patient care
2> Block App updates using group policy which leads to Edge, an internet browser, being unpatched opening up risk of security breeches.
We currently have a Ferrari with SCCM, Distribution Points and Branch Cache to patch IE and Windows.
For Modern Apps Microsoft has provided business with a bicycle with one flat tire.