Hey everyone! I'm currently working as a WSUS admin, and I've run into some challenges with managing Windows Update for Business (WUFB) and Autopatch. Our client is considering making us Intune admins for these systems, but it's still unclear if they actually utilize Autopatch.
After doing some research, it seems like the only way to avoid problematic KBs is to pause all updates or uninstall bad patches after they've been applied. This puts us in a tough spot—we either leave devices unpatched, risking security vulnerabilities, or push updates and deal with the aftermath of broken KBs, which has been a regular issue every month.
So, I'm wondering if I've got this right or if there's a strategy I haven't discovered to prevent these bad updates from making it through? I'd like to keep using WSUS, but it seems like WUFB takes precedence, making it difficult to reject patches effectively. Any advice would be appreciated!
1 Answer
You're spot on about the limitations with WUFB and Autopatch. Right now, it’s tricky since there's no real way to block specific problematic KBs without hitting the pause button on all updates. Many IT teams I know use solid communication channels and quick ticketing systems to deal with issues post-deployment. Tools like Siit can really help streamline tracking and resolving those issues, especially if you’re managing a lot of devices. It won’t stop the bad patches from going out, but it can help handle the chaos afterward and speed up the response time.
So basically, it comes down to waiting for fixes or just rolling the dice? With over 15K devices, that sounds rough!