Microsoft SCCM update deployment best practices

Blog SCCM

Microsoft SCCM update deployment best practices

Deploying updates with SCCM can always be tricky. Here are some of the Best Practices that Microsoft suggest when deploying Microsoft Updates.

  • Limit software updates to 1000 in a single software update deployment​
    • You must limit the number of software updates to 1000 for each software update deployment. When you create an automatic deployment rule, verify that the criteria that you specify does not result in more than 1000 software updates. When you manually deploy software updates, do not select more than 1000 updates to deploy.
  • Create a new software update group each time an automatic deployment rule runs for “Patch Tuesday” and for general deployment
    • There is a limit of 1000 software updates for a software update deployment. When you create an automatic deployment rule, you specify whether to use an existing update group or create a new update group each time the rule runs. When you specify criteria in an automatic deployment rule that results in multiple software updates and the rule runs on a recurring schedule, specify to create a new software update group each time the rule runs. This will prevent the deployment from surpassing the limit of 1000 software updates per deployment.
  • Use an existing software update group for automatic deployment rules for Endpoint Protection definition updates

    • Always use an existing software update group when you use an automatic deployment rule to deploy Endpoint Protection definition updates on a frequent basis. Otherwise, potentially hundreds of software update groups will be created over time. Typically, definition update publishers will set definition updates to expire when they are superseded by four newer updates. Therefore, the software update group that is created by the automatic deployment rule will never contain more than four definition updates for the publisher: one active and three superseded.