Let’s understand how to enable Windows 11 patching using SCCM and WSUS. It’s time to prepare for Windows 11 now. You will need to get ready for Windows 11 upgrade and then regular maintenance of the Windows 11 operating system through monthly patching.
You can use the same device management infrastructure to upgrade and maintain Windows 11 operating system. There are different ways to upgrade to Windows 11. If you use an on-prem device management solution like SCCM, you can use the same methods to upgrade to Windows 10.
Windows 11 upgrade is free; however, there is a hardware requirement. After you evaluate your hardware to see if it meets the requirements for Windows 11, you can check Windows 10 21H2 deployment options for the commercial build. End to end patch management process for Windows 11 is explained in the following post – Windows 11 Patch Deployment Using SCCM.
SCCM allows you to patch third-party applications as well using the SCCM Third-Party Software Updates Setup. The 3rd party patching using SCCM is supported for Windows 11 PCs as well.
- Fix: Windows Update Issues For Windows 11 Errors Troubleshooting Tips
- Fix Windows 11 Upgrade Error 0xc11900130
Enable Windows 11 Product Category
Let’s learn how to enable Windows 11 product category from the SCCM 2107 console. The same can be applied to WSUS as well. The prerequisite for Windows 11 patching is similar to Windows 10 patching. Your management tool like SCCM should be ready with end to end patch management process.
You will need to enable Windows 11 product category before you can start patching Windows 11 PCs in your environment. Let’s follow the steps to enable Windows 11 product category.
- Launch the Configuration Manager console.
- Navigate to \Administration\Overview\Site Configuration\Sites.
- Select the primary server and click on Configure Site Component.
- Select Software Update Point from the drop-down menu.
You have software update point component properties opened now. You will have to navigate to the products listing of the latest version of SCCM. There are many products listed down in the list with all Microsoft products. Even the product list contains third-party application categories as well when you enable third-party patching from SCCM.
- From Software Update point component properties – select the Products tab.
- Scroll down to the Windows product listing.
- Select Windows 11 product category.
- Click OK to continue.
GDR (General Distribution Release) Dynamic Update for Windows 11 is also useful to enable if you would like to have Windows 11 dynamic updates.
SCCM SUP Product List Filtering option with 2203 version Onwards
Let’s see what is new with the 2203 version of Configuration Manager (aka SCCM). The SCCM SUP Product List filtering option is available from SCCM 2203 and later. So, you can directly search for the product that you are looking for.
- You can search with Windows 11 as a filter and press enter to have the filtered list.
Enable Windows Insider Pre-release Patching using SCCM
I have enabled the Windows Insider pre-release product first and then did sync before Windows 11 showed up in the products list. Window insider prerelease is needed only when you want to test prerelease versions of Windows 10 and Windows 11 patches in your environment.
This is the process to enable the Windows Insider Pre-release Patching using SCCM.
- From Software Update point component properties – select the Products tab.
- Scroll down to the Windows product listing.
- Select the Windows Insider Pre-Release product category.
- Click OK to continue.
Since Windows 11 is released in production on 4th Oct 2021. You don’t have to enable Windows Insider pre-release product to show up Windows 11 updates.
Sync to add Windows 11 to the Products List
You can now go back to the Software update node and navigate to All software updates to initiate a manual Software update sync. You will need to perform the sync twice to get Windows 11 updates/patches in the console.
During the first WSUS sync from the All Software Updates node, you will see Windows 11 product is getting added to the products list. You can check with the keyword Requested categories to find out whether the Windows 11 category is added or not.
Requested categories: Product=Windows 10, version 1903 and later, Servicing Drivers, Product=Windows Server, version 1903 and later, Product=Microsoft 365 Apps/Office 2019/Office LTSC, Product=Locally published packages, Product=Windows 11, Product=Windows 10, Product=Windows 10, version 1903 and later, Product=Windows Insider Pre-Release, UpdateClassification=Security Updates, UpdateClassification=Update Rollups, UpdateClassification=Upgrades, UpdateClassification=Service Packs, UpdateClassification=Tools, UpdateClassification=Feature Packs, UpdateClassification=Updates, UpdateClassification=Definition Updates, UpdateClassification=Critical Updates
You will need to give time to complete the first sync before starting the second sync. Once the sync is initiated, you can check the SCCM log file called WSYNCMGR.log to confirm the Windows 11 upgrade updates.
You can see the following entries related to Windows 11 upgrade in the wsyncmgr.log. There are consumer versions and business versions of Windows 11.
Synchronizing update da45a5ae-c974-4b4c-b24b-b0961067ed5c - Upgrade to Windows 11 (business editions) fi-fi arm64 Synchronizing update ec2fa73a-604c-4b6c-98a8-fa5bfb648e87 - Upgrade to Windows 11 (consumer editions) ru-ru x64 Synchronizing update ce1d2103-f224-4c7f-aa68-bf54f20a88e0 - Upgrade to Windows 11 (consumer editions) es-es x64 Synchronizing update ccc71dad-9ee2-445f-846e-209ae4044dba - Upgrade to Windows 11 (consumer editions) lt-lt x64 Synchronizing update bf3c0e4c-75db-4caf-92ed-aab6e202b06e - Upgrade to Windows 11 (business editions) sr-latn-rs x64 Synchronizing update b61208f7-c252-4f91-b0a9-d7bac58e5a73 - Upgrade to Windows 11 (consumer editions) zh-cn x64 Synchronizing update 87bba5f5-20ce-4d78-b61b-feab29c364d6 - Upgrade to Windows 11 (business editions) hr-hr arm64 Synchronizing update c00b2b23-5388-4259-ba45-9631b8781db5 - Upgrade to Windows 11 (business editions) da-dk arm64 Synchronizing update 72dc96dc-d411-4e09-87e2-e9bf62deff06 - Upgrade to Windows 11 (consumer editions) sr-latn-rs x64
You can also see the Windows 11 Cumulative Updates are getting synced. But as noted in the below section, these updates are part of the Windows Insider pre-release version.
Synchronizing update ea341e1a-3956-4d62-b161-c33d503f9e21 - 2021-09 Dynamic Cumulative Update for Windows 11 for x64-based Systems (KB5005635) Synchronizing update 510962ba-2c06-4217-87ca-f71abfcd7b7e - 2021-09 Cumulative Update for Windows 11 for ARM64-based Systems (KB5005635) Synchronizing update 408235fa-3652-4136-8acd-703184b19945 - 2021-09 Cumulative Update for Windows 11 for x64-based Systems (KB5005635)
Windows 11 Patching using SCCM
You can now use Windows 11 filter based on products from the SCCM console All software updates node to show the Windows 11 updates available in your SCCM environment.
NOTE! – I don’t think Microsoft released any Windows 11 patches and upgrades. It seems that I can’t see any updates in the All Software Updates for Windows 11.
I have seen some Windows 11 updates in the console but remember those are Windows Insider Pre-release patches. These patches are already expired and not applicable for the Windows 11 production version of the operating system.
NOTE! – Don’t get confused with the updates shown in the console and blogs. We will see whether there will be any Cumulative update for Windows 11 on the second Tuesday or Patch Tuesday!
HI Anoop
Can i get the windows 11 build release through Microsoft catlog for offline download and install the patch through SCCm
Technically possible I think. But I never tried myself. If it’s possible for Windows 10 then it should be possible for Windows 11.
Once Windows 11 updates are enabled in the ‘Software Update Point’ and synced will client devices start seeing a link to upgrade to Windows 11 in Windows Update settings? Just like I saw on my home computer that Microsoft pushed to allow me to upgrade from Windows 10.
I hope not, and that this setting only pushes updates to devices already running Windows 11. As the place I work probably won’t start moving device to Windows 11 until late fall of 2022.
Ideally, I want to learn how to build an upgrade package for Win11 for Win10 devices so I can do testing and learn more about Win11 and Win11 GPOs before mass deployment takes place. But instead, only allow 1 or 2 devices to do the upgrade not every device that is able to upgrade.
We have sccm 2103 and we are able to patch Windows 11 machines. Is 2107 is required still?
Hi, I get the following when i enable Windows 11 patching – the synch fails and the WSYNCMGR.log logfile says:
Failed to sync update fcb09771-63f8-47af-8d93-c45b564be8f0. Error: The Microsoft Software License Terms have not been completely downloaded and~~cannot be accepted. Source: Microsoft.UpdateServices.Internal.BaseApi.LicenseAgreement.GetById
anybody seen this or know the solution?
I’ve tried deselect classifications – synching and doing wsusutil reset and re-synching and slowly adding classifications… to no avail
any help appreciated!
I hope the following solution still works – Thank Jason Sandys for this.
On the system hosting the WSUS instance, run wsustil reset.
Alternatively, you can go into WSUS proper, find the updates that don’t have their EULAs accepted (there’s a big icon next to them), right-click on them, and select Approve.
Did you find a fix for this, I have exact same error whenever i try and add Win11 category.
I have like you tried wsusutil reset and still same issue