Enable Windows 11 Patching using SCCM WSUS |

Let’s understand how to enable Windows 11 patching using SCCM and WSUS. It’s time to prepare for Windows 11 now. You will need to get ready for Windows 11 upgrade and then regular maintenance of the Windows 11 operating system through monthly patching.

You can use the same device management infrastructure to upgrade and maintain Windows 11 operating system. There are different ways to upgrade to Windows 11. If you use an on-prem device management solution like SCCM, you can use the same methods to upgrade to Windows 10.

Windows 11 upgrade is free; however, there is a hardware requirement. After you evaluate your hardware to see if it meets the requirements for Windows 11, you can check Windows 10 21H2 deployment options for the commercial build. End to end patch management process for Windows 11 is explained in the following post – Windows 11 Patch Deployment Using SCCM.

SCCM allows you to patch third-party applications as well using the SCCM Third-Party Software Updates Setup. The 3rd party patching using SCCM is supported for Windows 11 PCs as well.

Patch My PC

Enable Windows 11 Product Category

Let’s learn how to enable Windows 11 product category from the SCCM 2107 console. The same can be applied to WSUS as well. The prerequisite for Windows 11 patching is similar to Windows 10 patching. Your management tool like SCCM should be ready with end to end patch management process.

You will need to enable Windows 11 product category before you can start patching Windows 11 PCs in your environment. Let’s follow the steps to enable Windows 11 product category.

  • Launch the Configuration Manager console.
  • Navigate to \Administration\Overview\Site Configuration\Sites.
  • Select the primary server and click on Configure Site Component.
  • Select Software Update Point from the drop-down menu.
Enable Windows 11 Patching using SCCM WSUS
Enable Windows 11 Patching using SCCM WSUS

You have software update point component properties opened now. You will have to navigate to the products listing of the latest version of SCCM. There are many products listed down in the list with all Microsoft products. Even the product list contains third-party application categories as well when you enable third-party patching from SCCM.

  • From Software Update point component properties – select the Products tab.
  • Scroll down to the Windows product listing.
  • Select Windows 11 product category.
  • Click OK to continue.
Enable Windows 11 Patching using SCCM WSUS | Enable Windows Insider Pre-release Patching using SCCM
Enable Windows 11 Patching using SCCM WSUS | Enable Windows Insider Pre-release Patching using SCCM

GDR (General Distribution Release) Dynamic Update for Windows 11 is also useful to enable if you would like to have Windows 11 dynamic updates.

GDR (General Distribution Release) Dynamic Update for Windows 11
GDR (General Distribution Release) Dynamic Update for Windows 11

SCCM SUP Product List Filtering option with 2203 version Onwards

Let’s see what is new with the 2203 version of Configuration Manager (aka SCCM). The SCCM SUP Product List filtering option is available from SCCM 2203 and later. So, you can directly search for the product that you are looking for.

  • You can search with Windows 11 as a filter and press enter to have the filtered list.
SCCM SUP Product List Filtering option with 2203 version Onwards
SCCM SUP Product List Filtering option with 2203 version Onwards

Enable Windows Insider Pre-release Patching using SCCM

I have enabled the Windows Insider pre-release product first and then did sync before Windows 11 showed up in the products list. Window insider prerelease is needed only when you want to test prerelease versions of Windows 10 and Windows 11 patches in your environment.

This is the process to enable the Windows Insider Pre-release Patching using SCCM.

  • From Software Update point component properties – select the Products tab.
  • Scroll down to the Windows product listing.
  • Select the Windows Insider Pre-Release product category.
  • Click OK to continue.

Since Windows 11 is released in production on 4th Oct 2021. You don’t have to enable Windows Insider pre-release product to show up Windows 11 updates.

Enable Windows Insider Pre-release Patching using SCCM
Enable Windows Insider Pre-release Patching using SCCM

Sync to add Windows 11 to the Products List

You can now go back to the Software update node and navigate to All software updates to initiate a manual Software update sync. You will need to perform the sync twice to get Windows 11 updates/patches in the console.

During the first WSUS sync from the All Software Updates node, you will see Windows 11 product is getting added to the products list. You can check with the keyword Requested categories to find out whether the Windows 11 category is added or not.

Requested categories: Product=Windows 10, version 1903 and later, Servicing Drivers, Product=Windows Server, version 1903 and later, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=Locally published packages, Product=Windows 11, Product=Windows 10, Product=Windows 10, version 1903 and later, Product=Windows Insider Pre-Release, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Service Packs, UpdateClassification=Tools, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates

You will need to give time to complete the first sync before starting the second sync. Once the sync is initiated, you can check the SCCM log file called WSYNCMGR.log to confirm the Windows 11 upgrade updates.

You can see the following entries related to Windows 11 upgrade in the wsyncmgr.log. There are consumer versions and business versions of Windows 11.

Synchronizing update da45a5ae-c974-4b4c-b24b-b0961067ed5c - Upgrade to Windows 11 (business editions) fi-fi arm64
Synchronizing update ec2fa73a-604c-4b6c-98a8-fa5bfb648e87 - Upgrade to Windows 11 (consumer editions) ru-ru x64
Synchronizing update ce1d2103-f224-4c7f-aa68-bf54f20a88e0 - Upgrade to Windows 11 (consumer editions) es-es x64
Synchronizing update ccc71dad-9ee2-445f-846e-209ae4044dba - Upgrade to Windows 11 (consumer editions) lt-lt x64
Synchronizing update bf3c0e4c-75db-4caf-92ed-aab6e202b06e - Upgrade to Windows 11 (business editions) sr-latn-rs x64
Synchronizing update b61208f7-c252-4f91-b0a9-d7bac58e5a73 - Upgrade to Windows 11 (consumer editions) zh-cn x64
Synchronizing update 87bba5f5-20ce-4d78-b61b-feab29c364d6 - Upgrade to Windows 11 (business editions) hr-hr arm64
Synchronizing update c00b2b23-5388-4259-ba45-9631b8781db5 - Upgrade to Windows 11 (business editions) da-dk arm64
Synchronizing update 72dc96dc-d411-4e09-87e2-e9bf62deff06 - Upgrade to Windows 11 (consumer editions) sr-latn-rs x64
Enable Windows 11 Patching using SCCM WSUS
Enable Windows 11 Patching using SCCM WSUS

You can also see the Windows 11 Cumulative Updates are getting synced. But as noted in the below section, these updates are part of the Windows Insider pre-release version.

Synchronizing update ea341e1a-3956-4d62-b161-c33d503f9e21 - 2021-09 Dynamic Cumulative Update for Windows 11 for x64-based Systems (KB5005635)
Synchronizing update 510962ba-2c06-4217-87ca-f71abfcd7b7e - 2021-09 Cumulative Update for Windows 11 for ARM64-based Systems (KB5005635)
Synchronizing update 408235fa-3652-4136-8acd-703184b19945 - 2021-09 Cumulative Update for Windows 11 for x64-based Systems (KB5005635)

Windows 11 Patching using SCCM

You can now use Windows 11 filter based on products from the SCCM console All software updates node to show the Windows 11 updates available in your SCCM environment.

NOTE! – I don’t think Microsoft released any Windows 11 patches and upgrades. It seems that I can’t see any updates in the All Software Updates for Windows 11.

Enable Windows 11 Patching using SCCM WSUS
Enable Windows 11 Patching using SCCM WSUS Enable Windows Insider Pre-release Patching using SCCM

I have seen some Windows 11 updates in the console but remember those are Windows Insider Pre-release patches. These patches are already expired and not applicable for the Windows 11 production version of the operating system.

NOTE! – Don’t get confused with the updates shown in the console and blogs. We will see whether there will be any Cumulative update for Windows 11 on the second Tuesday or Patch Tuesday!

Enable Windows Insider Pre-release Patching using SCCM
Enable Windows Insider Pre-release Patching using SCCM

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

6 thoughts on “Enable Windows 11 Patching using SCCM WSUS |”

  1. HI Anoop
    Can i get the windows 11 build release through Microsoft catlog for offline download and install the patch through SCCm

    Reply
  2. Once Windows 11 updates are enabled in the ‘Software Update Point’ and synced will client devices start seeing a link to upgrade to Windows 11 in Windows Update settings? Just like I saw on my home computer that Microsoft pushed to allow me to upgrade from Windows 10.
    I hope not, and that this setting only pushes updates to devices already running Windows 11. As the place I work probably won’t start moving device to Windows 11 until late fall of 2022.
    Ideally, I want to learn how to build an upgrade package for Win11 for Win10 devices so I can do testing and learn more about Win11 and Win11 GPOs before mass deployment takes place. But instead, only allow 1 or 2 devices to do the upgrade not every device that is able to upgrade.

    Reply
  3. Hi, I get the following when i enable Windows 11 patching – the synch fails and the WSYNCMGR.log logfile says:

    Failed to sync update fcb09771-63f8-47af-8d93-c45b564be8f0. Error: The Microsoft Software License Terms have not been completely downloaded and~~cannot be accepted. Source: Microsoft.UpdateServices.Internal.BaseApi.LicenseAgreement.GetById

    anybody seen this or know the solution?

    I’ve tried deselect classifications – synching and doing wsusutil reset and re-synching and slowly adding classifications… to no avail

    any help appreciated!

    Reply
    • I hope the following solution still works – Thank Jason Sandys for this.

      On the system hosting the WSUS instance, run wsustil reset.

      Alternatively, you can go into WSUS proper, find the updates that don’t have their EULAs accepted (there’s a big icon next to them), right-click on them, and select Approve.

      Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.