First, let me start by saying this is the best blog post I've read to better understand the update behavior when deploying office updates using ConfigMgr. [Microsoft Blog]
And this is the second best thing I've read which goes into great detail. [SystemCenterDudes Blog].
In this post, I'm going to do a simple "How-to" on creating an ADR and deploying it to your devices. I'm not going to go into the depth that those other 2 posts do.. because I'm not a huge fan of reinventing the wheel. I'll have a little overlap, but will keep it simple.
Administration > Site Configuration > Sites. Home tab, in the Settings group, click Configure Site Components, and then click Software Update Point. [MS Docs]
Ok, now that we have that done, the office 365 updates will start becoming available. Lets create the ADR (you might need to wait a bit for everything to sync).
Ok, no one wants to manage patches, and ADRs make it all happen magically. Office is simple with Office 365, there are only a few patches that will be available to your machines, so lets take a look. [MS Docs - ADR]
I then like to limit the updates I deploy down to this mix. If you have other flavors, you'll need to change to accommodate. You can see I only have 5 updates to deal with, and I don't mind if they are made available to all workstations, as it doesn't bloat the policy like hundreds of updates used to.
Let's take a look a the preview without those
So while 24 still isn't bad, by adding a couple more items to criteria to better match my environment, it really keeps things clean.
I pick the schedule to evaluate weekly on Wednesday night. Works good for me. I don't want to tie office updates to OS updates, they are different products and I want them to patch at different times. I'd rather get office updates out to my users quicker, make them available and let the users pick when to install via the ribbon in the app.
This is actually the default for the provided Office 365 template, and it works great for me. Once again, this first deployment you might be setting up for your Test Collection, perhaps you want to set your deadline in 1 day, to make sure your test groups is patched ASAP and can alert you of any issues before the other deployments you setup go out to the general public. I'll go into this more a bit lower in the post.
I've chosen to hide the updates in software center. Users can still update via the ribbon in the Office Application, which I feel provides a better experience.
I'm setting this to "No deployment package" and allowing the machines to pull from the MS cloud. Make sure you've configured delivery optimization if you do this. Here at Recast Software, all of our users are working from home anyway, so it makes sense. In organizations where you need to control your source and data transmissions, you'll probably have it set to a deployment package.
These are the defaults, then next, next finish.
For our environment, I've setup 3 Deployments on the ADR.
Here in the software update group created when the ADR Ran, you can see the 5 updates, so the preview function didn't lie. Machines are getting patched!
You can see the client versions... lets see if we can map the data and make better sense of it.
Ok, now you can see how we're doing, mapped that data from the Dashboard to the Update Group.
Lets figure out which machine needs that patch... by clicking on the "Red" slice, which is for the machine with older build, it shows me the computer.
Then using Remote Software Center, I can see if the patch is available on that machine:
Let's trigger an inventory on that and see if CM updates the status.
So we've confirmed it patched (thanks to our ADR) now we just need the data to sync with the serve and update the dashboard.. and within a couple minutes:
Alright, now we can see that all our systems are patched. We have 3 different build versions, which correspond to the different channels, and all are running the latest version! Yippy, we're patched and secure. It's time for the weekend.
Check out all posts in this series:
Thanks for joining this Office 365 series, hit me up on Twitter anytime!