Software Update Patch Tuesday Scheduling
It would be really great if when configuring an Automated Deployment Rule you could configure it to run based on the number of days / weeks since "patch Tuesday" (especially in countries other than the USA where "patch Tuesday" is actually a Wednesday and not necessarily the second Wednesday of each month). I currently get around this by having a script detect when patch Tuesday has passed and subsequently execute an ADR and create one or more deployments based on the number of weeks since that date. This works fine, but an in product solution would be better
Should be in 1801 tech preview.
Is there a way to schedule an SCCM report to execute at the 1st Monday of each month? In the Report Subscription Properties I can only choose a number of a week, not a day. But may be there's no Monday at the 1st week of the month, and that's a problem.
Can you share with some solution for this?
Thanks for advance!
Joohee Suh commented
Hello, the new type of ADR scheduling relative to Patch Tuesday is released as production in 1802. :) Here is the summary of our work.
Previous ADR Tuesday Patch problem:
MS patch update is scheduled every second Tuesday. Our clients set ADR scheduled every second Wednesday. But second Wednesday is not always after second Tuesday. For example, for March/2017 second Wed is 3/8 and second Tue is 3/14 which is after our ADR schedule.
The solution in 1802:
We provide a new type of scheduling which can set up the offset days relative to a specific date. For example, if you set up the 2 offset days relative to second Tuesday on every month. The ADR will be executed every second Thursday which is 2 days after the second Tuesday on a month. The maximum offset days are currently 6 days but it will be more flexible in 1806.
+1 @kedia990 on integrating this capability into maintenance windows.
really hope this makes it into the next full release of SCCM. It's long overdue
Great to see this be integrated with ADR deployment scheduling in TP 1801. Are there any plans to generalize this feature so it can be leveraged in other schedules as well (maintenance windows, task sequence assignments, application deployments being obvious examples)? Please ignore this comment if this has already been done (I haven't tested TP 1801 myself); the impression that I got from https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1801 was that this features is (as of now) available only for ADR scheduling.
Joakim Tomren commented
@djam when are this going to be released?
Is this still in the works?
Chad Sikorra commented
The "offset" scheduling is the best way to handle this, IMO. Being able to schedule for the second Tuesday of the month with an offset of weeks/days/etc. This is how I have had to script out the scheduling of this in previous patching implementations.
Is there any updates if that is on the planning?? Tired of running ADR's manually
@djam: I would ask to add one to your May list. Picking the right version of Office 365 Deferred Channel and Windows 10 Current Branch for Business. In both cases there's multiple builds in those channel/branch and there's no way to automate the selection of one of them. A title rule would only last until the next time a new build is introduced. So I'm not sure how to solve it ... maybe just some sort of Max/Min for those?
swilson, you're worried about two months of updates but I intentionally chose 2 months because I'm far more concerned about the opposite problem ... missing updates that were released shortly after the last 'Patch Tuesday'. If you are deploying Office 365 Deferred Channel or Windows 10 go look at the release times ... even in the PST time zone they've released them on Wednesday.
I like bdam's comment as well- 'Another related option might be to select updates release/updated since the last time the ADR ran.' Right now we use 'run 2nd Tuesday' and "since last month' option to run monthly ADR but that periodically collects 2 months worth of updates if the previous month had a late Tuesday (like June 13 2017).
Nathan Nitzel commented
The idea of having a logic type schedule may sound convoluted but it would be a huge help in automating things. Example logic: Patch this Device Collection on the 1st/2nd/3rd/4th *name of day* that occurs after *2nd Tuesday* + *Days/Hours* between the times of *1:00AM* and *5:00AM*. It could be something like how Outlook rules are setup with clickable drop downs for the different variables. I know this has been a huge struggle for us for getting testing done for 1 week then getting things patched within 30 days for things like PCI compliance.
It seems rather silly that this product has no ability to schedule something like 'the 1st saturday after the 2nd tuesday'. The world of patching revolves around patch Tuesday (used to, anyway), and for there to be no native way to schedule around that implies that the designers/marketers of this product do not understand how it is used.
Spent a lot of time talking about this w/ customers last week. Definitely a huge need:
I sum it up as these asks:
1) provide a offset for scheduling (2nd Tuesday + X days or hours)
2) improve filtering for architecture
3) improve filtering for language
4) possibly allow creating on deployments of updates not already deployed
Dennis Wendt commented
We use a Customized schedule to stagier updates for servers, and workstations. Also able to give any new patches that come out two weeks before deploying. System Center 2012 had this feature and it was removed in CB. Would love it back.
Jeroen Bakker commented
Since my previous comment things have changed. We are implementing Office 365. The updates are published later on patch Tuesday. The ADR schedule at end of patch Tuesday (Netherlands) now does not catch these updates. Because of this my need for flexible scheduling has increased.
Iain Fairbairn commented
I believe also something similar for some of the other updates release types as I believe some of the quality rollups and application updates come more towards the end of the month as opposed to just Patch Tuesday.
Iain Fairbairn commented
I absolutely agree this is a highly useful feature to implement, especially here in Australia as previously mentioned.
Robin Herbert commented
I think if you could specify the timezone for when the ADR should run, perhaps that would help? I.e. set to 'Redmond' time!
Obviously most ADRs are set around Microsoft's own timescales, not any other 3rd parties, so as long as Microsoft keeps to Patch Tuesday being the second Tuesday of the month we should all be fine with just the patch Tuesday concept.
This forum https://social.technet.microsoft.com/Forums/en-US/b87e83d6-e5da-41bc-ab99-8a4ab7eb58a7/sync-and-adr-scheduling-to-catch-all-patches?forum=ConfigMgrCompliance brought me to this User Voice. When might we see this in a TP and CB?