SCCM Patch Deployment Process

Imagement Process


How Software Updates Work
Figure 1 shows a high level overview of the software updates process in Configuration Manager.
Figure 1: Software Updates Overview
Table 2 describes each step of the Software Update process in more detail.
Step Description
1. Configuration Manager Site Server triggers a synchronisation of the SUP. This is performed on a schedule, or can be
manually triggered using the Configuration Manager Administrator Console.
2. This signals WSUS on the SUP to contact the Microsoft Update servers and download Update Metadata on all
selected products and categories. No updates are downloaded to the SUP, just metadata describing the updates and
how to detect them, and any applicable license information.
3. The metadata is retrieved by the Configuration Manager site server and stored in the Configuration Manager
database. At this stage, clients can start to report information back to the Configuration Manager server on the patch
status. The clients contact the SUP in order to retrieve Update Metadata and the Update Agent can perform a scan.
This information is sent to Configuration Manager server where an IT Administrator can view the status of software
updates across the healthcare organisation’s infrastructure.
4. Having decided which software updates are required for the healthcare organisation, the IT Administrator can now
create Search Folders (to allow required updates to be viewed easily), Update Lists (which allow compliance reports
to be viewed and updates to be grouped) and Deployment Packages (which contain the binary files necessary to
update the clients). At this stage, the IT Administrator can either download the updates from the Microsoft Update,
ready for a deployment in the future, or create the deployment at the same time.

5. The IT Administrator creates the deployment. A deployment is carried out by specifying the Deployment Package
that will be deployed, associating that package with a Collection and specifying or creating a Deployment Template.
Once the deployment is configured, the Configuration Manager server will place all update files (If not already done)
on the required DPs. A policy will be created and placed on the Management Point (MP) so clients know the new
updates are available and where they should be installed from.
6. Clients perform a scheduled scan for new updates and retrieve the policy from the MP. If any updates are applicable
on the client, they will be installed from the closest DP. As the client scans for required updates and installs them,
State Messages are sent to the Configuration Manager infrastructure so the IT Administrator has an up-to-date view
of the status of the deployment.
7. Once the synchronisation at the Central Site has occurred, a site-to-site replication of a synchronisation request is
sent to the child sites. This triggers the same actions as steps 1 to 3, the only difference being that the lower level
SUP will synchronise data with its parent, rather than going directly to the Microsoft Update servers.

Published by Abheek Dutta

A perennial thrill-seeker with an avid interest in transforming and improving lives around the globe through the wonderful gift of technology, I am the Senior Vice President of Henson Group . My specialties include Leadership, problem-solving, and putting cutting-edge technology (Cloud, Artificial Intelligence, Machine Learning) in the hands of corporates, startups, and professionals. I have been obsessed with the idea of using technology to solve real-world problems. Having previously worked with global software giants like TCS and IBM, I now usually sit at my office at the World Trade Center, New York and Chandigarh , India. Among my greatest achievements, increasing the revenue of Henson Group by ten-folds in the past two years, remains my favorite along with the fact that Henson Group’s India center has now become ‘a center of excellence’ with its entire technical team being Microsoft certified. On the delivery side, I helped Henson Group attain the prestigious “ Azure Expert MSP Certification “ with Microsoft . Hailing from Jammu, my team has grown from five to 150 employees and associates in just two years. Even during COVID-19 era, our growth has soared while helping corporates, industries and startups to tide over many hurdles and challenges. Henson Group is recently featured at rank 132 in the Inc. 5000 Rating. Skillsets: Cloud Services, Managed Services Provider (MSP), Computers & Networks, Artificial Intelligence, Machine Learning, Project management, Leadership , Cyber Security Mr. Dutta manages and monitors the performance of consultants and partners on engagements, communicating with the account executive, project teams, and customers. Works in close collaboration with the Microsoft project manager, providing hands-on project management expertise as required. Mr. Dutta provides direct oversight over the MSP Client Operations team responsible for managing MSP relationships with existing MSP clients and day to day operations of these accounts. Mr. Dutta oversees the Centralized Delivery Team that is responsible for high volume cloud migrations and MSP delivery to current clients. Team consists of over 120+ engineers and project managers.

4 thoughts on “SCCM Patch Deployment Process

  1. Hi Abheek,
    I am beginner in SCCM. Your blog is helping me a lot. I have below question:
    How policy is created in Management point? Please explain me with an example

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: