• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 

update assignment confusion.

Started by Steven Alexander, February 09, 2021, 09:30:46 PM

Previous topic - Next topic

Steven Alexander

<Environment is: PMPC in "intune only" mode, all client PCs are Azure / intune joined and managed in Endpoint manager>
Hi all,

I have  some confusion over how updates should be assigned in the PMPC console and I'm not finding anything in the documentation to clear things up. Apologies in advance if my caffeine addled brain has missed something.

If I have an app selected in PMPC and have marked it's assignment as "available" (not required) for all users, how should the corresponding updates for this app be assigned?
As there is no "available" option on the updates assignment tab, should I be marking these as "required" for all users? Will PMPC / Intune try to force install patches on client PCs that do not have that particular app installed?
It might be helpful to understand how PMPC / Intune is selecting which PCs get updates vs. which ones don't.

TY!

Ben Reader (Patch My PC)

Hey Steven - good question!

The short answer is Updates can be assigned to EVERYONE / EVERYTHING, as they check to see if they are required to run on the device before they actually attempt to install.

The longer answer is - Applications as well as updates get new packages in your Intune environment whenever a new version is published. Applications can be made available OR required depending on business requirements.

Updates are entirely safe to set to required for all devices / users.

The key different between applications and updates is the custom "requirement" script that is packaged with the update package - the script validates whether or not the device it's running on has an old version of the application - if it doesn't nothing happens and the device is flagged as "not required".

The point here is the updates are not meant to be "interactive" - the end users shouldn't be aware of the updates. They are simply a mechanism to enforce version compliance.

Hope this helps out!

-- Ben

Steven Alexander

Very helpful, thank you.

A quick followup question:
Can I simply set ALL updates for ALL applicable apps to be "required" then? (this assumes I do not have any updates marked for "uninstall" anywhere)

Ben Reader (Patch My PC)

Also a good follow up question!
So, yes - set your updates to required, there really isn't any reason not to. However, if you have an update you need to roll back, meaning you already have it deployed and installed on a device. To uninstall or roll back the update, you need to remove the assignments on the update package and add a "required uninstall" assignment on the version of the application package.

This is because the update package contains a requirement script that will not let the package "run" if the app and version is detected on the machine.

Cheers,

Ben