I’d love any input on this.
- We’re small (~25 Win 10 1803 machines, DC and WSUS are on Server 2008 r2).
- Hybrid: our AD is linked to Azure, with a Security EMS 3 subscription (by virtue of Azure sponsorship for nonprofits). I see our users, groups, and devices in Azure AD
- Group Policy/WSUS is handling Microsoft patches.
- Every other week I’ll approve critical and security patches in WSUS, honestly I don’t think I’ve ever not approved a patch, but we’re recently all upgraded to Win10.
In InTune:
- I configured a Software Update Ring
- Assigned it to an Azure Group.
- Added two users to that group.
- I've exempted those two users from our WSUS group policy.
- I've deployed Microsoft Monitoring Agent (MMA) to six computers, logging in as one of those two...
