Event banner
Event details
MECM, WSUS, Intune, WuFB, Windows Updates via Group policy, TPU's, Autopatch. What direction is the Microsoft recommended target path? (For all updates including drivers) For those of us using MECM with WSUS and TPU's currently, what should we be looking to go to. It feels like WSUS on the way out. What is the 'best' option to allow us to get updates to our users whether on-prem or off but still have enough control that if there is a problem update/driver etc, we can stop that going out and also allow us to push a vulnerability patch out of band quickly. Is there a comparison of all the various options you can do with the positives and negatives?
I have used the expedited OOB updates in my org during printnightmare and it worked beautifully. I have had a considerably smoother experience with WUfB and Intune for keeping things moving smoothly than I ever did with WSUS, primarily because it simplifies the experience and works independent of on-prem resources. We are lean on personnel so anything to make for lighter touch is beneficial. You can also pause and roll back quality updates. I usually just recommend a few days delay before a patch goes out so it's not bleeding edge anyway. the biggest drawback would be you cannot control individual patches, but on the workstation endpoints that's usually not as critical as the server side anyway.