We are planning to switch to using Intune for manging patches for Windows 10 and 11 devices. We have around 90 such devices; most of them are used remotely and many never need to connect to our network via VPN other than to run Windows Updates.
I have read a number of articles about Intune, for example this one: https://4sysops.com/archives/managing-windows-updates-with-microsoft-intune/
It is plain that the granularity of patch management we are used to in WSUS is not available with Intune. I closely follow Susan Bradley’s advice on patch approvals and from time to time I do hold back a Windows patch which Susan advises has problems.
It seems to me that the only option available in Intune is to postpose installing all Windows Quality patches for a longer period than normal to avoid a bad patch. (where “normal” means not approving any of the current month’s patches until the last few days of the month) But what happens if one of those patches is an urgently needed security patch whilst another one has problems? Aaaargh!
Am I correct in this assumption? Is there any way around this?
Arthur J Davis
UK
