lang="en-US">▷ Deploy Windows 11 Updates using SCCM / Configuration Manager

Deploy Windows 11 Updates using SCCM / Configuration Manager

In this article we are going to learn how to deploy Windows 11 Updates with SCCM / Configuration Manager / MEMCM using ADR or SUG.

Once you’re managing Windows 11 devices using SCCM / ConfigMgr, you can deploy Windows 11 updates to be protected from the latest security flaws.

Before you can distribute security updates for Windows 11 in Configuration Manager, you need to make sure that you’re syncing Windows 11 security patches.

When Windows 11 updates appear in the SCCM console, you can manually create a Windows 11 Software Update Group or create an ADR for Windows 11 that automatically deploy Windows 11 updates every month (recommended).

Include Windows 11 in the Software Update Point as a Product to sync

Configuration Manager – Software Update Point Component Properties – Products – Windows 11

Now that Windows 11 has been added to the Product list of your Software Update Point, the internal WSUS will sync Windows 11’s patches and appear in the SCCM console. You can force update synchronization in “Software Library \ Overview \ Software Updates \ All Software Updates \ Synchronize Software Updates

Force Update Synchronization in SCCM / Configuration Manager

In case the updates you want to include don’t appear, you can manually import updates into WSUS and SCCM.

Create a Windows 11 Software Update Group in SCCM / Configuration Manager

Windows 11 – Create Software Update Group – Criteria

Create Windows 11 Automatic Deployment Rule (ADR) in SCCM / Configuration Manager

SCCM ADR – Windows 11 – General
SCCM ADR – Windows 11 – Deployment Settings
SCCM ADR – Windows 11 – Search criteria
SCCM ADR – Windows 11 – Preview Updates
SCCM ADR – Windows 11 – Evaluation Schedule – Custom Schedule
SCCM ADR – Windows 11 – Deployment Schedule
SCCM ADR – Windows 11 – User Experience
SCCM ADR – Windows 11 – Alerts
SCCM ADR – Windows 11 – Create Deployment Package
SCCM ADR – Windows 11 – Distribution Points
SCCM ADR – Windows 11 – Download Location
SCCM ADR – Windows 11 – Language Selection
SCCM ADR – Windows 11 – Download Settings
SCCM ADR – Windows 11 – Summary

After a few seconds, the Windows 11 ADR should be created in SCCM and you can click “Close“:

SCCM ADR – Windows 11 – Completion
SCCM ADR – Windows 11 – Run Now

Troubleshooting ADR error Windows 11 in SCCM

In case the execution of the Windows 11 ADR fails, we can see what is happening in the log “ruleengine.log“. This log is located in the Configuration Manager installation folder, in the “Logs” folder. In my case the path is “D:\Program Files\Microsoft Configuration Manager\Logs\ruleengine.log”.


The log ruleengine.log records all the steps performed by the ADR: identification of patches, downloading content, creating the Software Update Group and creating the Deploy. Here’s a guide to troubleshooting Automatic Deployment Rule download failed errors.

Install Windows 11 Updates in Software Center

Whether we have deployed Windows 11 updates as an SUG or with ADR, the updates will appear in the Software Center whenever we have decided to show them.

SCCM – Software Center – Windows 11 Updates

If the deadline (indicated in “Status”) arrives or you install the updates by clicking Install, the Software Center will notify the user that must restart the computer:

SCCM – Software Center – Restart

Monitoring Windows updates in SCCM

Finally, in the Configuration Manager console, you can see what status Windows updates are in. See the deploy in “Monitoring \ Overview \ Deployments“:

You can also see how many computers in your SCCM require the patch or not in “Software Library \ Overview \ Software Updates \ Software Update Groups” by selecting the SUG you have created (either manually or using the ADR):

With this, you will already be updating your Windows 11 and safe against monthly security flaws. Any questions or suggestions can be left in the comments.

Exit mobile version