Intune - Apps v Updates?

Started by DanERM, May 22, 2023, 08:37:22 AM

Hello, I have a general question and I'm not sure if it's answered elsewhere.  If so, please do guide me to the relevant post/article/FAQ.

We're transitioning away from SCCM to Intune and have been using Patch My PC to publish apps and updates into Intune. 

I'm just trying to understand the main differences between full "apps" and "updates" and how the deployment works.  Ideally, I'd like to push all of the appropriate "updates" to our "All Windows PC" AAD group.  What happens on PCs which don't require the update?  Does the full content drop, a script run and then decide the update isn't required, or does it run the script and then pull the content if it is needed?

My ideal situation is to turn on all updates, but I don't want to drop content on thousands of PCs which isn't required just to patch a few hundred PCs.  Equally, I don't want to be manually populating AAD groups for the apps which have a smaller footprint in our estate.

Spencer (Patch My PC)

Hey Dan,

The way we handle our updates via Intune is by adding a Requirement script that will run first before the update is installed.

That script will first check if the application is installed on the client, and then will look at the version. If the version is less than that of the update then the update will install.

If not, then it will continue on to the next update. Updates that are not applicable on clients will show as such in the Endpoint Console (Intune).

Here is a KB article that will explain how our Intune Packages work in more detail:


As for the deployments, updates can only be deployed as required deployments. So if you wanted to cover your bases, what you can do is deploy all updates to All Users or All Devices and they will only install on clients when needed.

Hopefully that helps you here! However, if you have further questions or need more clarification please don't hesitate to reach back out! 😊


