• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 

Best practices for building update rings in Intune

Started by hinkleyw, October 28, 2022, 10:20:42 AM

Previous topic - Next topic

hinkleyw

I'm looking for possible guidance on the best way to build an update ring for Intune with all of our PMP updates and deployments. is it possible, has anyone done it any recommendations will help.   

Spencer (Patch My PC)

Hello Hinkleyw,

Thanks for reaching out here! Best example I can give for setting up a "Ringed Deployment" Method for Intune would be to create at least 2 or more Azure AD groups which will act as your "Rings".

Then when you're adding your groups for the initial deployments via the Publisher's "Manage Assignments" template you can specify those groups for the selected deployment (If deploying updates then these can be applied at the top All Products level under the Intune Updates tab, as a required deployment to ensure all selected updates receive those groups during Publishing).

Once your groups have been selected you can then use the "Availability" options to stagger out the deployment of the updates to the latter groups.

For example, you have 3 groups selected as a Required Deployment for Intune Updates that are the following:
- Patching - Pilot Group 1 - Availability Time - ASAP
- Patching - Broad Group 2 - Availability Time - 3 days
- Patching - Prod Group 3 Availability Time - 7 days

Ringed Intune Groups

Once you have those in place then all your updates will adhere to that set deployment schedule based on the time that they're published.

For more information, please see the following KB article: https://patchmypc.com/custom-options-available-for-third-party-updates-and-applications#ManageAssignments


hinkleyw

whats recommended for the publish sync when doing that if we have it set for daily and updates publish before the ring is completed does it override and start from square one? we are Trying to test everything listed above but figured if you had the answers it would save a ton of time.

Spencer (Patch My PC)

If you're going to do it that way, then I would set the Publisher sync to run at least once a week. If you do it more frequently and updates are published, then it will override that set ring schedule and start from scratch.

If you change some of the default option under the Options menu in either the Intune Apps or Updates tabs, then you can make it, so assignments never get copied over to new apps or updates. This of course is more manual work as you'll need to manage and assign the groups to every newly published update.

However, I think just by changing the Sync Schedule to run at least every week that should prevent those issues from occurring!

hinkleyw

thank you for the validation its really appreciated.

Spencer (Patch My PC)

My pleasure! If you have further questions always feel free to reach out on any of our Support methods! 😊

joeOPD

so if have 3 groups.
- Group 1: immediate
- Group 2:  3 days
- Group 3:  8 days (hypothetical)
- Sync run every 7 days and everyone is on Chrome 105

Chrome 106 comes out ->
day 1: group 1 gets it ->
Day 3 group 2 gets it
Day 4 Chrome 107 comes out on day 4;
Day 7 Sync runs and group 1 gets chrome 107

what happens on day 8?  The reason I ask is that printerlogic (which thank you for putting in there) updates about every 3 days.
 

Spencer (Patch My PC)

Hey joeOPD,

This is correct, if you have a group scheduled to deploy after 8 days and are syncing in new updates weekly (every 7 days) then that group will never receive those deployed updates.

You can mitigate that by changing the option for Automatically deleting assignments from older versions of the update/app when a newer version is published.

That way those group don't get removed and will still apply to the 8 Day staggered group when new updates are published. You will need to manually remove those group if you no longer need to deploy the update but that can easily be managed via our Intune Application Manager Utility: https://patchmypc.com/intune-application-manager-utility


This can be done globally in the Options menu or individually per app!

Global Options

Override Win32 Global Options