SOLVED

Software update evaluation cycle schedule

%3CLINGO-SUB%20id%3D%22lingo-sub-638722%22%20slang%3D%22en-US%22%3ESoftware%20update%20evaluation%20cycle%20schedule%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-638722%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20wanted%20to%20know%20what%20is%20the%20schedule%20that%20you%20guys%20use%20for%20the%26nbsp%3BSoftware%20update%20evaluation%20cycle%20and%20more%20importantly%20why%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20currently%20do%20it%20everyday%2C%20but%20are%20looking%20to%20change%20that%2C%20to%20make%20sure%20that%20we%20can%20patch%20anything%20right%20after%20patch%20Tuesday%20and%20to%20check%20if%20the%20the%20servicing%20stack%20updates%20have%20been%20installed%20(when%20they're%20not%20technically%20a%20pre-requisite%20for%20the%20cumulative%20updates)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-638722%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECM%20current%20branch%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESoftware%20Update%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-638974%22%20slang%3D%22en-US%22%3ERe%3A%20Software%20update%20evaluation%20cycle%20schedule%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-638974%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F99115%22%20target%3D%22_blank%22%3E%40Stephane%20Lalancette%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Stephane.%20On%20the%20surface%2C%20a%20deceptively%20simple%20question%2C%20but%20there's%20much%20more%20%22behind%20the%20curtain%22%20when%20it%20comes%20to%20patch%20updating%2C%20cycles%2C%20delivery%2C%20etc.%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20you've%20tagged%20this%20with%20SCCM%20I'm%20assuming%20you're%20looking%20for%20advice%20on%20patching%20at%20scale.%20Not%20sure%20if%20I'm%20allowed%20to%20include%20this%2C%20and%20if%20not%20a%20moderator%20will%20flag%2C%20but%20I%20highly%20recommend%20joining%20the%20following%20patch%20management%20listserv%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fwww.patchmanagement.org%2Fdefault.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Fwww.patchmanagement.org%2Fdefault.html%3C%2FA%3E%3C%2FP%3E%3CP%3Eimho%2C%20one%20of%20the%20best%20patch%20in%20existence%20--%20Susan%20Bradley%20and%20team%20do%20a%20great%20job%20moderating%2C%20contributors%20run%20the%20gamut%20from%20managing%20hundreds%20of%20endpoints%20to%2010's%20of%20thousands%2C%20and%20compared%20to%20other%20lists%2C%20very%20helpful%20and%20non-egotistical%20group%20of%20folks.%3C%2FP%3E%3CP%3EIt%20can%20be%20a%20little%20noisy%20at%20times%2C%20especially%20Patch%20Tuesday%20weeks%2C%20but%20well%20worth%20your%20time%20to%20review.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDisclaimer%20--%20I%20have%20no%20personal%2C%20business%20or%20financial%20interests%20in%20patchmanagement.org%20--%20group%20has%20been%20helpful%20to%20me%20and%20just%20paying%20it%20forward.%20Hope%20this%20helps.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E--ty%20don%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20this%20helps%20--%20don%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-645744%22%20slang%3D%22en-US%22%3ERe%3A%20Software%20update%20evaluation%20cycle%20schedule%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-645744%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F99115%22%20target%3D%22_blank%22%3E%40Stephane%20Lalancette%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIMO%2C%20the%20best%20schedule%20here%20is%20the%20default%20of%20every%207%20days.%20Here's%20an%20older%20blog%20post%20I%20put%20together%20with%20a%20lot%20of%20info%20on%20the%20scan%20cycle%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fhome.configmgrftw.com%2Fnotes-software-update-scan-cycle%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fhome.configmgrftw.com%2Fnotes-software-update-scan-cycle%2F%3C%2FA%3E.%20The%20main%20point%20is%20that%20the%20scan%20cycle%20doesn't%20do%20what%20you%20think%20it%20does%3B%20basically%2C%20the%20scheduled%20software%20update%20scan%20cycle%20is%20*not*%20critical%20to%20deploying%20updates%20in%20ConfigMgr.%20The%20scheduled%20update%20scan%20cycle%20is%20simply%20about%20returning%20compliance%20info%20to%20the%20site%20for%20updates%20that%20are%20not%20deployed.%3C%2FP%3E%0A%3CP%3EThe%20installation%20of%20deployed%20updates%20occurs%20regardless%20of%20the%20scheduled%20update%20scan%20cycle.%20Thus%2C%20having%20this%20scan%20cycle%20run%20every%20day%20is%20simply%20wasted%20resources%3B%20e.g.%2C%20network%2C%20compute%2C%20etc.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-658437%22%20slang%3D%22en-US%22%3ERe%3A%20Software%20update%20evaluation%20cycle%20schedule%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-658437%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F117994%22%20target%3D%22_blank%22%3E%40Jason%20Sandys%3C%2FA%3E%26nbsp%3BThank%20you%20for%20the%20answer%20and%20the%20post%2C%20very%20informative.%20We%20will%20change%20the%20schedule%20for%20this%20action.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20about%20the%20Software%20updates%20deployment%20evaluation%20cycle%3F%3C%2FP%3E%3CP%3EI'm%20asking%20because%20we%20provide%20the%20option%20to%20our%20clients%20to%20deploy%20validated%20updates%20on%20demand%20(on%20top%20of%20the%20regular%20enforcement%20deadline).%3C%2FP%3E%3CP%3ESo%20if%20we%20want%20them%20to%20see%20that%20they%20have%20missing%20updates%20the%20day%20after%20patch%20tuesday%2C%20or%202%20days%2C%20we%20need%20to%20have%20this%20action%20set%20to%20run%20each%20day%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi, I wanted to know what is the schedule that you guys use for the Software update evaluation cycle and more importantly why?

 

We currently do it everyday, but are looking to change that, to make sure that we can patch anything right after patch Tuesday and to check if the the servicing stack updates have been installed (when they're not technically a pre-requisite for the cumulative updates)

 

Thks

2 Replies
Highlighted

@Stephane Lalancette 

 

Hi Stephane. On the surface, a deceptively simple question, but there's much more "behind the curtain" when it comes to patch updating, cycles, delivery, etc. 

As you've tagged this with SCCM I'm assuming you're looking for advice on patching at scale. Not sure if I'm allowed to include this, and if not a moderator will flag, but I highly recommend joining the following patch management listserv:

http://www.patchmanagement.org/default.html

imho, one of the best patch in existence -- Susan Bradley and team do a great job moderating, contributors run the gamut from managing hundreds of endpoints to 10's of thousands, and compared to other lists, very helpful and non-egotistical group of folks.

It can be a little noisy at times, especially Patch Tuesday weeks, but well worth your time to review.

 

Disclaimer -- I have no personal, business or financial interests in patchmanagement.org -- group has been helpful to me and just paying it forward. Hope this helps.

 

--ty don

 

Hope this helps -- don

Highlighted
Best Response confirmed by Stephane Lalancette (Contributor)
Solution

@Stephane Lalancette 

IMO, the best schedule here is the default of every 7 days. Here's an older blog post I put together with a lot of info on the scan cycle: https://home.configmgrftw.com/notes-software-update-scan-cycle/. The main point is that the scan cycle doesn't do what you think it does; basically, the scheduled software update scan cycle is *not* critical to deploying updates in ConfigMgr. The scheduled update scan cycle is simply about returning compliance info to the site for updates that are not deployed.

The installation of deployed updates occurs regardless of the scheduled update scan cycle. Thus, having this scan cycle run every day is simply wasted resources; e.g., network, compute, etc.