SCCM - How to automatically manage application updates without ADR

[altu]

Hi,

This post is just an inquiry for information and to gain some insights on best practices and to see how others are doing stuff.

During our onboarding session a couple of months ago, we didn't enable Updates for SCCM.
Meaning: Only Applications will be updated.
Also, I am one of those who is not a fan of ADRs anyway.

However, PMPC does not deploy the new versions automatically to the same collections as a previous version, like it is the case in Intune.

We have, during our onboarding session, set this option:
Create a new application without modifying any previous applications.

The default option, which is "Update existing applications metadata, deployment type, etc..." doesn't sit right with me.
I feel more comfortable having one or two previous versions of the application, just in case I need it.

I am wondering if ADRs are really the only feasible way to automate this in SCCM? Or should I change the way SCCM Applications are deployed.

I like what is happening in Intune...
You have a regular app and an Update app. The Update app has a requirement script which makes sure the app is only updated if the requirement is met.

[Adam Cook (Patch My PC)]

Hey altu,

What you've observed is expected behaviour; we do not have have anything in the Publisher to manage deployments for ConfigMgr Apps like we do for Intune.

Like you've alluded to, SCCM has built-in capabilities to automate the deployment of software updates via ADRs. Software updates are also the best way to do patching with SCCM, instead of Applications.

Software updates have built-in logic to only apply the update to devices which need it; this enables you to deploy any third-party software update in SCCM to all devices, and the patches will only install on devices requiring the update. For example, if you deployed a Google Chrome x64 third-party software update from SCCM to a device which does not have  Google Chrome x64 installed, the update will do nothing have return "not required" / "not applicable".

You also don't have to use ADRs to deploy software updates with SCCM, you can deploy software updates just like you do any other Microsoft updates in SCCM; you could manually create the SUG, add updates to it, deploy it to a collection, download updates into a Deployment Package and distribute it to your DPs. However, ADRs do automate all of this effort.

You can even automate waved / ringed / phased deployments with software updates in SCCM, and especially so using ADRs, which you cannot with Applications - this is (IMO) an industry-wide best practice for patching; to deploy updates to test devices or power users first, before deploying them to everyone else.

The functionality to preconfigure the assignments for Intune exists in our product because Intune has no concept for automatic assignments, like SCCM does with ADRs.

If your SCCM devices are co-managed and the Client Apps workload is moved to Intune, you can absolutely start leveraging our Intune integration. If you prefer to keep things with SCCM for now, then of course it's possible.

We have an article here which discusses configuring an ADRs in SCCM, specifically for third-party updates:

• https://patchmypc.com/how-to-use-automatic-deployment-rules-adrs-with-patch-my-pc

I hope this helps.