NEW Software Update Deployments Best Practices?

[derekhansell]

Howdy all!

I want to preface this question by saying we're not using ADRs. We're investigating this, but, for now we prefer to manually review updates and place them in Software Update Groups ourselves.

We've set up our Software Update Groups for servers thusly

• Current Month Microsoft Software Updates (1 month lag)
• Microsoft Software Update Baseline yyyy-mm (contains up to 1000 previous monthly updates - we create a new one when the existing Group reaches 1000 updates or every Jan 1st)
• Current Month Third-Party Software Updates (up to real-time - we use Patch My PC)
• Third-Party Software Update Baseline yyyy-mm (contains up to 1000 previous monthly updates - we create a new one when the existing Group reaches 1000 updates or every Jan 1st)

We have maintenance windows configured for device collections tied to overnights Tuesday into Wednesday for Weeks 1-4, where each device collection also has a maintenance window in the weeks following their original of the month; i.e., in Week 3, there are Maintenance Windows for Week 1, 2, and 3 Servers.

We have corresponding deployments that we configured this month (the first month we're patching servers with MECM), e.g., Current Month Microsoft Software Updates to Week 3 Servers.

My question is -
Can we continue to use the same deployments every month? If so, should we just update the Available Time to reflect the new month? Or is it best practice to create a new deployment every month, even though the Update Group and Collection being deployed to don't change?

Also, for the each Baseline Software Update Group, can we just "permanently" deploy this Update Group so any updates that are lagging just get installed during the next available maintenance window?

Thanks for your time and feedback!