Can I use an Advanced Patch Policy to install Critical Windows Updates?
An advanced patch policy has the option to set the "Type" of Microsoft updates to "Critical Updates". Is this what I need to install Critical Windows Updates with an Advanced patch policy?
Advanced patch policies offer the most control over package targeting. One of the available targeting options is "Critical Updates". However, this might cause confusion when customizing a Advanced policy to patch only Critical severities:
When you select Package Targeting of Type (Windows Only): Critical Updates, the result does not filter on severity-related updates but the exact opposite and it will apply non-security related patches.
Microsoft taxonomy classifies a critical type of update as:
"A widely released fix for a specific problem that addresses a critical, non-security-related bug."
|Reference Microsoft's update Type classifications here: https://learn.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates|
Steps to resolution
In addition to using a By Severity patch policy, the Advanced patch policy allows for more granular control over the types of updates that are applied or filtered out.
To create an Advanced patch policy that only installs updates with a critical severity, use the following filters:
- Add a targeting filter that specifies Patch Severity as whatever severity desired (for example: "Critical")
- Add any other filters to the targeting selection.
This filter will only apply updates with a critical severity. To validate a package targeting filter at any time, click Preview Packages That Would Be Patched directly after the targeting menu.