MicrosoftNir_FroimoviciI am not clear what the upgrade path from WSUS to Intune looks like for us. We deploy patches using SCCM and WSUS, can SCCM manage Autopatch? If we do not have A3+ licenses now, what's our path that doesn't involve a license upgrade?
moorewr questions I have:
you really need to manage which Single update hit which device, when? Or do you rather look for getting things patched as smooth and fast as possible without taking care about managing single KBs?
You can still use WuFB and WU policies and rings with on-prem managed devices. Leaving Configmgr and WSUS out of the quotation. Make sure to leverage delivery optimization.
This all does not require licensing or Intune.
In Admin.microsoft.com > Software Updates you will find your Patchmanagement dashboard for Intune and Hybrid joined devices.
eventually MS is forcing user use their Azure AD with premium service and then paid for another Intune or AutoPatch, what i wish is China develope another OS that able to replace Windows, i believe pricing will be more cheaper that MS
Karl-WEI think you are asking if I wish to continue to have control over which patches are deployed to our clients, as we do now with WSUS and SCCM. Yes, my question is about the migration path to maintain the functionality we have now.
I am afraid this is not intended with Microsoft products for Windows Clients. The idea is to invest lesser time and budget into managing updates, contrary focusing of getting Patchmanagement done as less intrusive and effective as possible.
Of course you can define rings and some blockers in Intune. But there is no list of patches you are going to hand pick.
Based on your licensing Autopatch intensifies automation and uses global and your telemetry to define reliable secure holds for certain patches when incompatible states are known. Intune also offers Firmware and Driver Support of verified packages by the OEM (not comparable to WSUS drivers, which has been a horrible experience).
Same for Windows Server not using Intune but Azure Update Manager, included for free of use with active Windows Server Software Assurance.
Here you can fine grain define rings, deployment windows and restart options without the burden of picking patches.
In opposite to Intune, hand picking updates this is possible and manageable at scale, if you really want to, then you would choose for a rather manual approach.
Does this help?
If I am understanding your response, not only is there no direct upgrade path from WSUS, there's no equivalent Patch Management product even with a different user license?
To pick one common SCCM patch management scenario, how would I decide when a set of Windows 11 systems would receive a feature update with or without InTune?
