Forum Discussion
Patching
What is the best practice for Patching via config manager? And best practice to manage 3rd party app patching.
3 Replies
John WilcoxMicrosoft
Hi Ashish
We published a doc on best practice monthly patches last month that you can find here :
It covers a number of options, including our recommendations
I would also recommend you look optimizing the device for velocity, which can be found here:
https://www.microsoft.com/en-us/download/confirmation.aspx?id=101056
- Danny_GuilloryHere is the detail on how to get started with 3rd party patching: https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/third-party-software-updates. If your interest is around the 3rd party patching in this remote world make sure you subscribe to a catalog and provide those 3rd party patches on the CMG/CDP, windows update would not be able to facilitate the google, firefox, etc. product patches. Here is another link to the CMG video on the business continuity site. https://techcommunity.microsoft.com/t5/business-continuity-and-disaster/cloud-management-gateway-what-you-need-to-know-amp-what-s-next/m-p/1358533. Another good link is @Rob York's blog that covers patching in the remote/wfh state we are in today.
- There are many ways and depends on complexity and configuration of your environment.
What I would recommend is to deploy updates for small group first and monitor if they are working fine and expand deployment if there is no error.
Check with teams and if they are in production and reaching deadlines, then you might hold patching unless if there is critical one.
It is same for third-party patching, you should be careful of possible conflict and also driver deployment and make sure you have backup policy and be ready in case of failure.
Also, always check release notes before deploying updates.
Make sure deploy Anti-Malware and security updates first .
