Can I stop the autodeployment of Intune patches?

[mconwell]

I've just started using PmPC with Intune and have run into the following:

PmPC downloads and publishes the Update for the app and then PmPC seems to assign the patch to all of my endpoints automatically.  In this case it is for Acrobat Reader DC, but it happening to other products too.

My problem is that before I am allowed to push updates to "all" I have to run through a multi-ring testing cycle. 

I can see work being done in the Intune audit logs with respect to "Create MobileAppAssignments" being done by the "Patch My PC - Intune Connector".

I believe that the older update is having its assignments removed by PmPC too but I haven't seen the Audit log to prove that yet.

I'm assuming this is something I have done wrong or is configured incorrectly.

How can I regain control over this auto-assignment for new updates and stop the auto-removal of the assignments for older updates in Intune?

[Michiel (Patch My PC)]

Hi @mconwell, based on your problem description, it looks like you are using our on-premises Patch My PC Publisher solution to deploy your Intune apps and updates. To modify the application/update retention and assignment settings, select the Intune Apps or Intune Updates tab, and click the Intune Options button. Under the Intune Win32 Application Options header, you'll find the "Delete any previously created applications when an updated application is published" and "Delete any previously created updates when a new update is published" options. Each one of these has a "Retain up to X previously created applications/updates" option as well. There's also a "Delete the assignments from previously created applications or updates when an updated application is created" option you might want to look into. See Intune Application Creation Options Explained for more information about using these options.

Assignments for Intune Apps or Intune Updates can be specified at the All Products level, at the vendor level, and even at the individual product level. Instead of assigning your updates to All Users or All Devices immediately, you'll probably want to configure a staged deployment to different collections with increasing delay times. See Right-Click Options Available for Updates and Applications: Manage assignments for more information about that.