Endpoint Services, MECM, Software Updates
How to use MECM to manage Windows Updates on your endpoints.
Microsoft Endpoint Configuration Manager (MECM), formerly SCCM
University of Illinois IT Pros leveraging MECM, hosted by Technology Services' Endpoint Services team
MECM can be used to deploy Windows Updates to endpoints as an alternative to Campus WSUS. IT Pros can request which updates get deployed to which device collections, the schedule on which they run, and their installation behavior.
- As deployments will be configured according to provided criteria, IT Pros will be responsible for monitoring compliance and notifying EPS of any issues. As such, it is recommended that additional deployments to test collections with their own configurations also be requested.
- While deployed updates can be canceled, they cannot be uninstalled via this feature. When requesting a deployment schedule, consider offsetting update availability/deadlines from the release date.
- Any changes to active deployments need to be requested through EPS. You may still view the deployment configurations in your console.
In order to leverage this service the following steps must be taken:
- The MECM client must be installed on targeted endpoints
- Maintenance windows must be configured on the targeted endpoints.
- Client Policy must be configured to allow MECM to manage updates. Under "\Administration\Overview\Client Settings", either create or modify an existing policy and ensure that "Enable software updates on clients" under "Software Updates" is set to "Yes". Configure other settings as desired, then deploy this policy to the target collection/s.
- Targeted endpoints must not be receiving any Group Policy that governs Windows Updates, such as Campus WSUS, as Group Policy supersedes MECM policy. Please ensure that any conflicting Group Policy is removed or disinherited prior to using this feature.
- This includes Windows Update GPO settings that are "Disabled." Relevant GPOs must be set to "Not configured"
- Local Group Policy must be enabled for MECM Software Updates to work
|Windows 10 Cumulative Update
|Windows Server 2012 Monthly Quality Rollup|
|Windows Server 2012 Security-Only Quality Update|
|Windows Server 2012 R2 Monthly Quality Rollup|
|Windows Server 2012 R2 Security-Only Quality Update|
|Windows Server 2016 Cumulative Update|
|Windows Server 2019 Cumulative Update|
|.NET Framework Cumulative Updates for Workstations|
|Flash Player ActiveX Windows 10 Updates|
|Office 365 Updates - Monthly Channel|
|Office 2016 Updates|
|Windows Malicious Software Removal Tool|