SCCM – How do I Setup SCCM Properly for Windows Updates

Ok so how does the new dangled Dual Scan functions work. For what matter  – how does Microsoft Updates work in Windows 10 1607 and higher??

Well , you see, there are  3 ways in which Windows updates work (or don’t as the case may be…) especially if you are using SCCM

  1. OS Updates – These are the ones that show in the Setup Event log as having been install
  2. Application Updates – These are the ones that show in the Application Event log as having been installed aka legacy applications aka non-modern apps
  3. Modern apps – These are the ones via Windows Store and show in Microsoft-Windows-AppXDeploymentServer/Operational event log as being installed.

First thing you need to understand is that : “While system specific updates will still reach out to WSUS or SCCM, or against Microsoft Update if the machine is configured to use Microsoft Update instead of Windows Update, the Store App updates are not yet cached or supported on WSUS or SCCM yet. Ref: Why WSUS and SCCM managed clients are reaching out to Microsoft Online

SO if you want your appx apps to be updated DO NOT  enable “Do not connect to any Windows Update Internet locations” it will stopp APppX apps being updated

To get updates working with SCCM, all you need to do  is disable two settings and make sure all the others are un-configured  AND you have no legacy registry settings interfering with your settings

The first setting stops users getting the prompts that your updates are out of date

The second just stops any configuring of automatic update.

This sounds counter-intuitive for SCCM, but the reality  is SCCM uses Local Group Policy Settings to configure Automatic updates not GPO

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.