Setting Up Automatic Deployment Rules (ADRs) in SCCM

Are you tired of manual deployments slowing down your software release cycle? Automatic Deployment Rules (ADR’s) could be the game-changer you’ve been looking for.   

ADRs are a powerful tool that lets you automate the deployment process, freeing you up to focus on more strategic tasks.

Moreover, these powerful tools allow developers and operations teams to set predefined conditions that trigger code deployments, ensuring faster, more consistent, and less error-prone releases.

Let’s say you’ve already established a manual patching workflow for your organization. Now, it’s time to elevate your game on Windows 10 and Windows 11.

Therefore, it’s time to elevate your game. We’ll show you how to leverage Automatic Deployment Rules (ADR’s)  to take your monthly patching for Windows 10 and Windows 11 to new heights of efficiency and reliability.

Consequently, get ready to free up valuable time and reduce human error in your update management strategy for these modern Windows operating systems.

How to create Automatic Deployment Rule in SCCM ?

Keeping your systems updated can feel like a constant battle. Indeed, new security patches, software updates, and driver fixes emerge seemingly every day. As a result, manually deploying them all can be a tedious and error-prone process.

Enter Automatic Deployment Rules (ADRs) – your secret weapon for IT efficiency! Specifically, ADRs automate the software update deployment process in Microsoft Configuration Manager (SCCM), freeing you up for more strategic tasks.

In this section we will walk you through the detailed steps of creating ADRs in SCCM:

1. Accessing the ADR Wizard

• Firstly, launch the SCCM console and navigate to Software Library > Overview > Software Updates > Automatic Deployment Rules.

2. Start the Automatic Deployment Rule Wizard

• Create a new ADR: Next, in the ribbon at the top, click Create Automatic Deployment Rule to start the wizard.

3. Specify the General Information

• Name: First, provide a descriptive name that reflects the purpose of the ADR (e.g., “Critical Security Updates – Servers”).

• Description: Additionally, provide an overview of the ADR, including details that differentiate it from other rules. Optional, 256-character limit, blank by default.

• Collection: Furthermore, click Browse to select the target collection. This is the group of computers to which the updates will be deployed.

• Template: Moreover, choose a deployment template for applying saved ADR configurations. Templates ensure consistency and save time. Options include:

• Patch Tuesday: Monthly software updates.Office 365 Client Updates: Updates for Microsoft 365 Apps clients.

• SCEP and Windows Defender Antivirus Updates: Endpoint Protection definition updates.

• Collection: In addition, specify the target collection for the deployment. Members receive the defined software updates.

• Lastly, decide whether to add updates to a new or existing software update group. Typically, create a new group unless the rule runs frequently (e.g., daily definition updates).

4. Define the Deployment Settings:

Deployment Settings

• Action: Select “Install” if you want to deploy updates, or “Uninstall” if you need to remove updates.

• Type: Choose whether this deployment is Required or Available. Required updates install automatically, while available updates can be installed manually by users.

• Deadline: Set a deadline for the installation of updates. After the deadline, updates will be installed automatically.

Also Check: How to download and Install MSSQL management studio ?

5. On the Software Updates page

This is where you define the criteria for the updates the ADR will target. You have a wide range of filtering options:

• Classifications: Select the update classifications you want to target (e.g., Critical, Security Updates).

• Products: Choose specific products or product categories (e.g., Windows 10, Microsoft Office).

• Severity: Filter updates based on their severity level (e.g., Critical, High).

• Release Date: Specify a date range to target updates released within that timeframe (useful for deploying recently released patches).

• Detection Method: Define how SCCM should identify applicable updates (e.g., based on classification or product). This helps ensure the ADR targets the intended updates.

• More Properties: Utilize additional filters for even more control. These include language, applicability rules (to target specific configurations), or supersedence rules (to ensure updates replace older versions).

6. Configure Update Filters

Criteria:

Set criteria for the updates you want to include. Criteria can be based on:

• Product: Specific products like Windows 10, Office 365.

• Classification: Types of updates such as security updates, critical updates.

• Language: The language version of the updates.

Preview:

• Click on Preview to see a list of updates that match your criteria. This helps in verifying that the correct updates are selected.

7. Evaluation Schedule

This section defines how often the ADR will automatically check for new updates that meet the configured criteria. You can choose:  

• Daily: Ideal for frequently released updates like security patches.

• Weekly: Suitable for a regular cadence of update evaluation.

• Custom: Allows you to define a specific schedule (e.g., every other day). It’s important to consider the frequency of update releases and your organization’s needs when setting the evaluation schedule.

8. Configure User Experience (User Experience Page): (Optional)

On the User Experience page, you can control how the deployment interacts with users on the target devices:

• User notifications: Determine if users should receive notifications about the deployment.

• Restart behavior: Specify how and when device restarts should occur after the deployment.

9. Set the Alerts and Client Notification

Alerts:

• Configure alert settings to notify administrators of any issues with the deployment. This can include warnings or critical alerts.

Client Notification:

• Optionally, configure notifications to be displayed on client machines, informing users about the deployment.

10. Define the Deployment Package

Deployment Package:

• Choose or create a package: Select an existing deployment package or create a new one.

Package Source:

• Specify the source location where the updates will be stored. This should be a network share that the SCCM server can access.

Distribution Points:

• Select the distribution points (DPs) where the package will be distributed. DPs are the servers that clients will download the updates from.   

11. Configure the Download Settings

Download Settings:

• Configure settings for how and where updates should be downloaded.

• Download from the internet: Choose this if you want SCCM to download updates from Microsoft’s update servers.

• Download from a local source: If you have a local WSUS server or other update sources, specify them here.

Language:

• Specify the languages for the updates. Ensure the selected languages match the configurations of your client systems.

Also Check: How to fix issues caused by the KB5034763 update ?

12. Review and Complete

Summary:

• Review all the settings you have configured in the previous steps. Ensure everything is correct and as per your requirements.

Finish:

• Click Next and then Close to complete the wizard. The ADR will now be created and will run according to the schedule you specified.

How to add a new deployment to an existing Automatic Deployment Rules (ADR’s) ?

Adding a new deployment to an existing Automatic Deployment Rule (ADR) in Configuration Manager can streamline the process of ensuring your systems remain up-to-date with the latest patches and software.

In this section, we’ll walk you through the steps to seamlessly integrate a new deployment into your ADR setup. Follow the below mentioned steps:

Launch Configuration Manager Console

• First, open the Configuration Manager console on your device.

Navigate to Software Updates

• In the console’s left pane, expand the Software Library workspace.

• Then, click on Software Updates.

Select the ADR

• Under Software Updates, locate the Automatic Deployment Rules node.

• Next, right-click on the specific ADR to which you want to add a new deployment.

Add Deployment

• From the context menu, choose Add Deployment. This will launch the Add Deployment Wizard.

Configure Deployment Settings (General Page)

On the General page, you have several options to configure:

• Deployment Name: First, assign a descriptive name for this deployment (e.g., “June Security Updates – Test Collection”).

• Collection: Next, select the device collection to which you want to deploy the updates defined by this ADR.

• Deployment Purpose: Then, choose the purpose of this deployment (e.g., Required, Available).

• Deployment Deadline (Optional): Finally, set a deadline by which devices in the collection must complete the deployment.

Configure Schedules (Schedule Page): (Optional)

On the Schedule page, you can define when the deployment should occur:

• Automatic Deployment Rule: Firstly, select this option to leverage the existing schedule defined in the ADR itself.

• Custom Schedule: Alternatively, if you prefer a customized schedule for this deployment, choose this option and configure the desired schedule details.

Configure User Experience (User Experience Page): (Optional)

On the User Experience page, you can control how the deployment interacts with users on the target devices:

• User notifications: To begin with, determine if users should receive notifications about the deployment.

• Restart behavior: Additionally, specify how and when device restarts should occur after the deployment.

Review and Complete (Summary Page)

• On the Summary page, review the configuration details for this new deployment.
• Then, click Next to confirm and proceed.

Close the Wizard

• The wizard will complete the process of adding the new deployment to the ADR. Finally, click Close to exit the wizard.  

Also Check: How to fix install error -0x80070002 ?

How do I disable ADR in SCCM ?

Here’s how to disable an Automatic Deployment Rule (ADR) in SCCM with detailed steps:

Using the Configuration Manager Console

• Firstly, open the Configuration Manager console on your device.

Next, in the console’s left pane, expand the Software Library workspace.

• Then, click on Software Updates.

• After that, under Software Updates, find the Automatic Deployment Rules node.

• Subsequently, right-click on the specific ADR you want to disable.

• Finally, from the context menu, choose Disable. This will immediately stop the ADR from running on its schedule.

Using PowerShell (Optional)

• To begin, open the PowerShell console with administrative privileges (Run as administrator).

• Next, import the Configuration Manager cmdlets using the following command:

• Import-Module ConfigurationManager

• Then, use the Disable-CMSoftwareUpdateAutoDeploymentRule cmdlet to disable the ADR. You’ll need the ADR’s name:

• Disable-CMSoftwareUpdateAutoDeploymentRule -Name “<ADR Name>”

• Lastly, replace <ADR Name> with the actual name of the ADR you want to disable.

Conclusion

Automatic Deployment Rules (ADRs) in SCCM are a game-changer for IT professionals looking to streamline their software update process.

By automating the deployment of updates for Windows 10 and Windows 11, ADRs not only save time but also reduce errors, and consequently ensure consistent system maintenance across your organization.

Throughout this guide, we’ve walked you through the steps to create and manage ADRs, from accessing the wizard to configuring deployment settings and update filters.

Remember, the key to successful ADRs lies in careful planning and regular monitoring. Therefore, take time to define your criteria, set appropriate schedules, and review the results.

As you implement ADRs, you’ll find yourself spending less time on manual updates and more time on strategic IT initiatives.

Reference:

Frequently Asked Question’s (FAQ’s)