SCCM ADR Automatic Deployment Rule Creation Process

Let’s learn more details of the SCCM ADR Automatic Deployment Rule creation process in this post. I will cover the Windows 11 and Windows 10 ADR creation process in this post. Microsoft released Windows 11 production version, and you will have to follow the steps mentioned below to carry out the patching of Windows 11 OS.

ConfigMgr ADRs are Automatic Deployment Rules created for automatic deployment of Software Updates (monthly patches). Let’s learn to create SCCM Automatic Deployment Rule (ADR) to make monthly patching easy for Configuration Manager Admins.

The assumption here is that you already have a manual patching process in place for your organization. Now the requirement is to take the monthly patching process to the next level by using ADR.

Patch My PC

The end-to-end SCCM patching or software update deployment process is covered in the two video tutorials and blog posts below. SCCM ADR is going to work if you have all these prerequisites in place.

Watch this video on YouTube.
SCCM ADR Automatic Deployment Rule Creation Process

Create SCCM ADR Automatic Deployment Rule

Let’s start creating automatic deployment rules for monthly patching scenarios. You should have appropriate access to create SCCM ADR rules for Windows 10, Windows 11, or Windows Server 2022 patches.

  • Launch ConfigMgr Console.
  • Navigate to \Software Library\Overview\Software Updates\Automatic Deployment Rules
  • Right-click on Automatic Deployment Rules node and Select Create Automatic Deployment Rule.
Create SCCM Automatic Deployment Rule | ADR | ConfigMgr
Create SCCM Automatic Deployment Rule | ADR | ConfigMgr

General Settings Page

Let’s understand the general settings of the Automatic Deployment Rule. The following settings are the best options for some scenarios. I would recommend you try testing different combinations for several months before deciding on one particular option.

1E Nomad

One example is Create a New Software Update Group. Creating a new SUG is the best option in my experience for many scenarios. But some of you might have a different opinion & experience. Please feel to share in the comments if you like.

  • Enter the Name for ConfigMgr ADR rule
    • HTMD ADR for Windows 10 Monthly Security Patches.
  • Enter the Description – So that your colleagues can understand what is this ADR
    • “Sample Text – Pilot – Monthly security Patches for HTMD Team. Please create another ADR for different departs. Don’t change the ADR without notifying the following teams.”
  • Select the Device collection you want to deploy the monthly security patches.
    • I normally select pilot collection with fewer devices and then production deployment will be a different one.
  • Now, you need to tell the ADR that what it should do when?
    • Each Time the rule runs and finds new updates
    • I select Create a new Software Update Group.
  • Make sure you select the checkmark to Enable the Deployment after this rule is run for pilot deploy.
    • For production, if you want you can uncheck this option to be safer.
  • Click on the Next button to continue.
SCCM ADR Automatic Deployment Rule Creation Process
SCCM ADR Automatic Deployment Rule Creation Process

Deployment Settings

The patch deployment process is explained for all the operating systems, including Windows 10 and Windows 11.

Choose How many state details do you want the client to report back for deployment created by this ADR? Details Level – I selected the default one.

Only Error Messages – Some Software updates include license agreements. This option is to approve any license agreements automatically.

I select the default option – Automatically deploy all software updates found by this ADR and approve any license agreement.

Click on the Next button to continue.

Create SCCM Automatic Deployment Rule | ADR | ConfigMgr
Create SCCM Automatic Deployment Rule | ADR | ConfigMgr

Select Software Updates using ADR Criteria

This is the brain of SCCM ADR for Windows 11 and Windows 10 operating systems. You have to select according to your requirements. The filter criteria for me are not probably suitable for your organization.

I have given a couple of options here as examples. You will have to select the best-suited one for you as SCCM ADR filter criteria.

The brain of ADR – Let’s select the criteria you want to deploy using SCCM ADR.

  • The software updates that meet the specified criteria are added to the associated software update group
    • Properties filters – You can select from the following list:
      • Article ID
      • Bulletin ID
      • Content Size (KB)
      • Custom Severity
      • Date Released or Reviewed
      • Description
      • Is Deployed
      • Language
      • Product
      • Required
      • Severity
      • Superseded
      • Title
      • Update Classification
      • UUP Preference
      • Vendor
    • Select the value for the filters you want for each filter
      • (Refer to the screenshot to get more details about the filters which I used for pilot deployment SCCM ADR rule).
  • Architecture: “x64”
  • Date Released or Revised: Last 2 months
  • Is Deployed: No
  • Product: “Windows 10, version 1903 and later”
  • Superseded: No
  • Update Classification: “Security Updates”
  • Required Greater than or equal to 1
Create SCCM Automatic Deployment Rule | ADR | ConfigMgr
SCCM ADR Automatic Deployment Rule Creation Process

Platform Details

You can also add additional settings like mentioned below to filter out Windows 11 updates. There are various options to select the Windows updates that you want to include in the ADR rules.

  • Date Released or Revised: Last 2 Months
  • Is Deployed: No (optional)
  • Product: Windows 11 (only required if you are creating different Software Update Group for different OS products)
  • Superseded: No
  • Required: Greater than or equal to 1
  • Update Classification: “Critical Updates” OR “Security Updates”
SCCM ADR Automatic Deployment Rule Creation Process 2
SCCM ADR Automatic Deployment Rule Creation Process

Preview Software Updates

The preview button is a very useful option while creating SCCM automatic deployment rules. You can check which KB articles are included in the filter criteria. You can also use similar ADR rules for Windows Server 2022 version.

  • Click on the Preview button to check and confirm whether you are using the filters correctly and to avoid accidental deployment errors.
  • Click on the CLOSE button.
  • Click on the next button to continue.
Create ConfigMgr Automatic Deployment Rule | ADR | SCCM
Create ConfigMgr Automatic Deployment Rule | ADR | SCCM

ADR Evaluation Schedule Settings

Now, let’s set up a monthly second Tuesday schedule for ConfigMgr Automatic Deployment Rule (ADR).

  • Select Run the Rule on a Schedule.
  • Click on the Customize button to schedule.
SCCM ADR Automatic Deployment Rule Creation Process 3
SCCM ADR Automatic Deployment Rule Creation Process 24

Custom Schedule Second Tuesday for ADR

  • Select the Custom Schedule for the ADR evaluation schedule.
    • Select Time – Select the time you want to start custom schedule
    • Reoccurrence pattern
    • Configure the recurrence schedule
      • Monthly The Second Tuesday
      • Click OK
Create ConfigMgr Automatic Deployment Rule | ADR | SCCM
SCCM ADR Automatic Deployment Rule Creation Process
  • Occurs the Second Tuesday of every 1 months effective 6/26/2020 3:51 PM
  • Click the Next button to continue
SCCM ADR Automatic Deployment Rule Creation Process 4
SCCM ADR Automatic Deployment Rule Creation Process

Deployment Schedule for SCCM ADR

Scheduling options are important for Windows 11 and Windows 10 operating systems patch deployment process.

  • Specify if the schedule for this deployment is evaluated based upon UTC or local client time.
    • I select default option Time Based onClient Local Time
  • Software available time.
    • As Soon As Possible – or select the hours
  • Installation Deadline.
    • Specific Time – 7 Days – Better to use Hours (56 hours) instead of Days.
  • Click the NEXT button.

NOTE! – You can enable the feature to Delay enforcement of this deployment according to user preferences up to the grace period defined in client settings.

Create ConfigMgr Automatic Deployment Rule | ADR | SCCM
SCCM ADR Automatic Deployment Rule Creation Process

User Experience – ADR Template

I always keep the user experience as the default unless you have a specific business requirement.

SCCM ADR Automatic Deployment Rule Creation Process 5
SCCM ADR Automatic Deployment Rule Creation Process

Setup Alerts for Automatic Deployment Rule (ADR)

Set the alerts using the following option.

Generate an alert when this Rule fails

Click the Next button.

SCCM ADR Automatic Deployment Rule Creation Process 6
SCCM ADR Automatic Deployment Rule Creation Process 25

Package Creation Process

I prefer the NO deployment package option wherever possible in the Work from the Home scenario. But, if you are already working from an office scenario, on-prem DPs are a better option.

Select the option – Create a new Deployment Package

Enter the Package name – Windows 10 Security Patches

Enter the package source location – \\CMMEMCM\Sources\Patches\Security Patch

Make sure you enable the option called – Enable binary differential replication.

Click the next button.

NOTE! – Select the NO Deployment Option if you want to use Microsoft cloud instead of on-prem DPs for patching. Use Existing SCCM Config To Help To Reduce VPN Bandwidth | ConfigMgr

Create ConfigMgr Automatic Deployment Rule | ADR | SCCM
Create ConfigMgr Automatic Deployment Rule | ADR | SCCM

Distribute the Package

There is no need to create a package in no package scenario because the patches will get downloaded directly from Microsoft updates.

  • Select the Distribution Point you want to distribute the package.
  • Click Add and Select the available distribution point.
  • Click ok.
  • Click the Next button to continue.
SCCM ADR Automatic Deployment Rule Creation Process 7
SCCM ADR Automatic Deployment Rule Creation Process 26

Download Options

Select the option to download the updates from Microsoft cloud. You will need to have all the proxy and firewall ports opened for this scenario to work.

SCCM ADR Automatic Deployment Rule Creation Process 8
Create ConfigMgr Automatic Deployment Rule | ADR | SCCM

Language Selection

If you are a global organization, you will need to select different languages.

  • This is the option to select Language Selection.
    • Windows Update Language = English.
    • Office 365 Client Update = English (United States).
SCCM ADR Automatic Deployment Rule Creation Process 9
SCCM ADR Automatic Deployment Rule Creation Process 27

Client Download Settings

The client download settings are also important for the SCCM ADR creation scenario. You will need to follow the settings as per your best practices.

  • Select Download settings for the client.
    • Deployment Options
      • Do not install software updates
    • Deployment options
      • Download and Install software updates from all distribution points in site default boundary group
    • Click on the Next button

NOTE! – You should use the NO Package option.

SCCM ADR Automatic Deployment Rule Creation Process 10
SCCM ADR Automatic Deployment Rule Creation Process 28

Click Next, Next, and Close.

Create ConfigMgr Automatic Deployment Rule | ADR | SCCM
Create ConfigMgr Automatic Deployment Rule | ADR | SCCM

Results – SCCM ADR Rule

Let’s check the results ADR results here. You can check and monitor the SCCM ADR rule status from the Automatic Deployment Rule (SCCM ADR) itself.

The last Error Description column in the ADR node gives you the error details of the ADR rule.

SCCM ADR Automatic Deployment Rule Creation Process 11
SCCM ADR Automatic Deployment Rule Creation Process 29

SCCM ADR Log File

You can check the SCCM logs also to get confirmation on the successful creation of the Software Update Group and Patch package for Windows 11, Windows 10, or Windows Server 2022 operating systems. More details on SCCM Logs Files are available in this post.

  • Check the log file called ruleengine.log on site server.

Downloading contents (count = 1) for UpdateID 16783343 List of update content(s) which match the content rule criteria = {16780582} Successfully downloaded the update content with ID 16780611 from internet. Updated Success Information for Rule: 1

Create ConfigMgr Automatic Deployment Rule | ADR | SCCM
Create ConfigMgr Automatic Deployment Rule | ADR | SCCM

Software Update Group by ADR

Software Update Group got created using SCCM ADR.

Create SCCM Automatic Deployment Rule | ADR | Configmgr
Create SCCM Automatic Deployment Rule | ADR | Configmgr

Deployment Package Created by ADR

The deployment package got created using the SCCM ADR!

Create SCCM Automatic Deployment Rule | ADR | Configmgr
Create SCCM Automatic Deployment Rule | ADR | Configmgr

Resources

Author

Anoop is Microsoft MVP! He is a Solution Architect on enterprise client management with over 17 years of experience (calculation done in 2018). He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, Intune. He writes about technologies like ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, ACD, etc.…

2 thoughts on “SCCM ADR Automatic Deployment Rule Creation Process”

  1. Hi Anoop,
    I have followed the steps mentioned and created an ADR for updating windows updates. However, the software update group is not created. Can you suggest what could have gone wrong.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.