To help provide additional protection from potential malware attacks, Microsoft recommends using HTTPS with Windows Server Update Services (WSUS).
In this post, we will walk you through the steps r...
Updated Aug 13, 2020
Version 2.0
Blog Post
The_Smart_One I am aware we are offtopic discussing DO for most time, yet I find it important because the thing is yes WSUS is scifi class "Lost tech"
I've seen this comparison you brough up long ago.
I can pretty much recall it because the funny scifi classification.
"WU+DO doesn't. (1) The only choice it gives you is to check for updates for all supported Microsoft products, not just Windows. (2) It checks for update whenever it likes and downloads them immediately, (3 and 4) won't give you any chance to test or approve them, and (5) installs them immediately. You might be able to emulate #3 and #4 using Group Policy and Intune"
you can
- setup groups and rings via GPO and control install and download time, and enforcements (watch enforcements will disable any set time)
- thus you can test using WU+DO, it does not mean everyone gets same updates at a time. Use GPO and security groups to apply on computer accounts. Use DO GPO to control peer to peer.
- dashboard: Desktop Health dashboard in Azure / Analytics (paid per use)
you cannot:
- manage to approve updates - this is by design - Microsoft wants us to stop doing that and rather using policies. install on the 1st week of months of prev. updates is fine with most scenarios. One week earlier for testing.
- revoke updates / uninstall updates at scale without powershell scripting.