As for the deployments, updates can only be deployed as required deployments. So if you wanted to cover your bases, what you can do is deploy all updates to All Users or All Devices and they will only install on clients when needed.
Hopefully that helps you here! However, if you have further questions or need more clarification please don't hesitate to reach back out! 😊
Hello, I have a general question and I'm not sure if it's answered elsewhere. If so, please do guide me to the relevant post/article/FAQ.
We're transitioning away from SCCM to Intune and have been using Patch My PC to publish apps and updates into Intune.
I'm just trying to understand the main differences between full "apps" and "updates" and how the deployment works. Ideally, I'd like to push all of the appropriate "updates" to our "All Windows PC" AAD group. What happens on PCs which don't require the update? Does the full content drop, a script run and then decide the update isn't required, or does it run the script and then pull the content if it is needed?
My ideal situation is to turn on all updates, but I don't want to drop content on thousands of PCs which isn't required just to patch a few hundred PCs. Equally, I don't want to be manually populating AAD groups for the apps which have a smaller footprint in our estate.
People seem to have asked about this before, but this is a program that should be supported in updater.
KeePass (the old original version) is supported, but not KeePassXC, the better, more secure, cross-platform version. I would like it for my home PC, but I can't even suggest getting PatchMyPC Enterprise if this is not included.