My company recently migrated to Intune for deploying Windows updates. We have a couple of groups we'd like to deploy updates to first, before pushing them out to all the devices in our environment. We're trying to use the "Excluded groups" option to separate these groups, but this ends up blocking update policies to our 2 test groups.
The result is that the machines in the Test and Pilot groups never receive any of the update policies and updates aren't installed.
If we don't exclude the Pilot and Test groups, the machines in these groups end up with an update policy conflict and updates aren't installed.
Any recommendations for the best way to accomplish our goal of pushing updates to a couple of groups initially and then to all devices in our environment?
Is there a way to create a dynamic group by excluding the members of another group?
- Update Ring “Test”
- A small, manually created group of 10 test machines which receives all updates, including feature updates, immediately after they’re released.
- Included groups: Intune | Update Group | Test
- Excluded groups: Intune | Update Group | Pilot, Intune | Update Group | Prod
- A small, manually created group of 10 test machines which receives all updates, including feature updates, immediately after they’re released.
- Update Ring “Pilot”
- A manually created group of ~300 pilot machines. This group receives quality updates in 7 days and feature updates 30 days after their release.
- Included groups: Intune | Update Group | Pilot
- Excluded groups: Intune | Update Group | Test, Intune | Update Group | Prod
- A manually created group of ~300 pilot machines. This group receives quality updates in 7 days and feature updates 30 days after their release.
- Update Ring “Prod”
- A dynamic group that includes all Windows devices, including workstations in our Test and Pilot groups. This group receives quality updates in 14 days and feature updates 60 days after their release.
- Included groups: Intune | Update Group | Prod
- Excluded groups: Intune | Update Group | Test, Intune | Update Group | Pilot
- A dynamic group that includes all Windows devices, including workstations in our Test and Pilot groups. This group receives quality updates in 14 days and feature updates 60 days after their release.
The result is that the machines in the Test and Pilot groups never receive any of the update policies and updates aren't installed.
If we don't exclude the Pilot and Test groups, the machines in these groups end up with an update policy conflict and updates aren't installed.
Any recommendations for the best way to accomplish our goal of pushing updates to a couple of groups initially and then to all devices in our environment?
Is there a way to create a dynamic group by excluding the members of another group?
