Deploy Windows 11 Updates Using ConfigMgr ADR

Let’s learn how to deploy Windows 11 updates using ConfigMgr ADR. We will create automatic deployment (ADR) rule in SCCM and deploy Windows 11 updates.

If you are managing Windows 11 devices using ConfigMgr, you can now deploy Windows 11 updates too. Patching Windows 11 computers ensures the devices are installed with the latest updates.

Using ConfigMgr ADR to deploy Windows 11 computers is the best option because the ADR automatically approves the updates and deploys them. You create ADR once, schedule it and the updates will be deployed as per the schedule.

If you are new to updates deployment in SCCM, I recommend reading how to Create Automatic Deployment Rule In SCCM. And to get started with updates deployment, read how to deploy software updates using SCCM.

Generally, there are two ways to deploy updates in SCCM.

  1. Automatic – This method is most preferred because it saves your time. You create an ADR, define the rules, specify the deployment schedule and that’s it. The rule runs based on the schedule.
  2. Manual – This method is tiresome as it requires you to select updates manually and deploy it to computers every time.

Although, Windows 11 updates can be manually deployed using SCCM however I recommend using ADR. This should save your time and the updates deployment process becomes so easy.

Microsoft released two new updates this week for Windows 11, and they are as follows. We should see more Windows 11 updates by Microsoft in coming months.

2021-10 Cumulative Update for Windows 11 for x64-based Systems (KB5006674)
2021-10 Cumulative Update for Windows 11 for ARM64-based Systems (KB5006674)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 for x64 (KB5005537)
2021-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 11 for ARM64 (KB5005537)

Step 1 – Install and Configure Software Update Point Role

Before you deploy Windows 11 updates using ConfigMgr ADR, your setup must be ready to deploy updates. I have published a step-by-step guide on how to install and configure software update point role in SCCM. Use the guide to set up the SUP role in SCCM.

Step 2 – Enable Windows 11 Product in SCCM

After you have installed and configured SUP, you next task is to enable the Windows 11 product. The Windows 11 updates will appear in the ConfigMgr console only when you enable Windows 11 product.

  • In the ConfigMgr console, go to Administration\Overview\Site Configuration\Sites.
  • Click Configure Site components on top ribbon and select Software Update Point.
  • On the Software Update Point Component properties window, click the Products tab.
  • Scroll down and select or enable Windows 11 product. Click Apply and OK.
Windows 11 Patching using SCCM Snap1
Enable Windows 11 Product in SCCM

Step 3 – Create ConfigMgr ADR to deploy Windows 11 Updates

Let’s create an ADR in ConfigMgr to deploy Windows 11 updates with following steps.

  • Launch the Configuration Manager console.
  • Navigate to Software Library > Overview > Software Updates > Automatic Deployment Rules.
  • To create a new ADR for Windows 11, right click on Automatic Deployment Rules and click Create Automatic Deployment Rule.
Create ConfigMgr ADR to deploy Windows 11 Updates
Create ConfigMgr ADR to deploy Windows 11 Updates

On the General window, specify the name for the ConfigMgr ADR as Deploy Windows 11 updates. Select the Template as Patch Tuesday. If you already have a saved template, click Manage Templates and select it.

Next, you must specify the target collection for the software update deployment. Click Browse and select Windows 11 device collection.

Tip – If you haven’t created a device collection for Windows 11 yet, refer the following guide to create Windows 11 SCCM device collection.

You must choose what happens when the ADR runs and finds new updates.

  • Add to an existing Software Update Group
  • Create a new Software Update Group

You can also turn on the option to enable the Windows 11 updates deployment after this rule is run. Click Next.

ConfigMgr ADR Settings
ConfigMgr ADR Settings

On the Deployment Settings window, you specify the additional settings for the Automatic Deployment Rule.

Type of deployment – Choose between Available and Required. I am going to select Available because at the end, I want to show you the Windows 11 updates that appear in Software Center for installation.

Detail level – leave this option to default “Only success and error message”.

For license agreement, select Automatically deploy all software updates found by this rule, and approve any license agreement. Click Next.

Deploy Windows 11 Updates Using ConfigMgr ADR
Deploy Windows 11 Updates Using ConfigMgr ADR

When you want to deploy Windows 11 updates using SCCM, you need to be specific with what you want to include in the deployment.

On the Software Updates window, select the following criteria for Windows 11.

  • Date Released or Revised – Last 1 month (You can choose other options too and go back up to a year).
  • Product – Select Windows 11 as product.
  • Update Classification – select Critical Updates OR Security Updates OR Updates.

Click the Preview button.

Windows 11 Updates Criteria
Windows 11 Updates Criteria

Based on the search criteria that we defined, the preview updates window shows the applicable updates. We have got 4 Windows 11 updates that can be deployed. Click Close.

Windows 11 Updates Deployment
Windows 11 Updates Deployment

The Evaluation Schedule settings allow you to choose how often or when you want the ConfigMgr ADR to run.

  • Do not run this rule automatically – Select this option to run the rule manually every time.
  • Run the rule after any software update point synchronizations – Runs the ADR after every SUP synchronization.
  • Run the rule on a schedule – Define a schedule to run the ConfigMgr ADR.

Based on your requirements, select the desired option and click Next.

ConfigMgr ADR Evaluation Schedule
ConfigMgr ADR Evaluation Schedule

On the Deployment Settings window, you define the schedule for Windows 11 updates deployment. Select the Time based on to Client Local Time.

Software Available Time – You specify when the software updates are available. You can either select the software updates to be made available as soon as possible or at a specific time.

I have selected software available time to As soon as possible because I am deploying the Windows 11 updates in my lab. For production environment, always choose specific time and allow at least 4 hours to make the updates available.

Click Next.

ConfigMgr Windows 11 Updates Deployment Schedule
ConfigMgr Windows 11 Updates Deployment Schedule

You can define the user experience settings and choose the user settings. Click Next.

ConfigMgr ADR User Experience Settings
ConfigMgr ADR User Experience Settings

On the Alerts window, you can specify the software update alert options for the deployment. I am not going to select any options here, click Next.

ADR Alerts
ADR Alerts

Let’s create a new Windows 11 updates deployment package. A deployment package contains the software updates that are associated with this rule.

Select Create a new deployment package and add a brief description. Specify the package source, a folder path that should contain Windows 11 updates.

Click Next.

Windows 11 Updates Deployment Package
Windows 11 Updates Deployment Package

Select the Distribution Points to host the Windows 11 updates. Click Next.

Specify the Distribution Points
Specify the Distribution Points

Specify the download location for the ConfigMgr ADR. Select Download Software Updates from the Internet. Click Next.

ADR Windows 11 Updates Download Location
ADR Windows 11 Updates Download Location

On Language Selection window, you can select additional languages for the products. Click Next.

Deploy Windows 11 Updates Using ConfigMgr ADR Snap13
Deploy Windows 11 Updates Using ConfigMgr ADR 20

On the Summary window, you can confirm the settings and click Next.

Deploy Windows 11 Updates Using ConfigMgr ADR
Deploy Windows 11 Updates Using ConfigMgr ADR

We have successfully created Automatic Deployment Rule in ConfigMgr to deploy Windows 11 updates.

Windows 11 Updates ConfigMgr ADR
Windows 11 Updates ConfigMgr ADR

Step 4 – Test the Windows 11 Updates Deployment

In the above step, we created a ConfigMgr ADR to deploy Windows 11 updates to our endpoints. Let’s test the Windows 11 updates deployment on client computers.

On the client computer, the Windows 11 updates should appear in software center. You can manually initiate the software updates deployment evaluation cycle from ConfigMgr client properties.

Launch the software center and select updates tab. The software are available to install because we chose the updates to be made available in our ADR.

Test the Windows 11 Updates Deployment
Test the Windows 11 Updates Deployment

Select any Windows 11 update and click Install. The update downloads and installs on Windows 11 computer.

Test the Windows 11 Updates Deployment
Test the Windows 11 Updates Deployment

That completes the steps to deploy Windows 11 updates using ConfigMgr ADR. The last section I want to cover is about the troubleshooting updates.

Troubleshooting Windows 11 Updates Deployment in SCCM

This final section includes some tips to troubleshoot the Windows 11 updates deployment. This is a vast topic and not everything can be covered here.

After you deploy Windows 11 updates via ConfigMgr ADR, you must first review the ruleengine.log. The ruleengine.log records details about automatic deployment rules for the identification, content download, and software update group and deployment creation.

If the ADR fails to run, the errors should be logged in ruleengine.log.

Troubleshooting Windows 11 Updates Deployment in SCCM
Troubleshooting Windows 11 Updates Deployment in SCCM

On the client computer, there are multiple ConfigMgr log files that you must review to troubleshoot updates deployment. Refer to the following guide for SCCM client logs for troubleshooting software updates deployments.

Prajwal Desai

Hi, I am Prajwal Desai. For last few years, I have been working on multiple technologies such as SCCM / Configuration Manager, Intune, Windows 11, Azure, Security etc. I created this site so that I can share valuable information with everyone.

Leave a Comment