Starting in November 2022, IT Administrators can now deploy Visual Studio administrator security updates throughout their organization to cloud connected devices that are configured to use Windows Update for Business (WUfB) and are managed by mobile device management solutions such as Microsoft Endpoint Manager (also known as Intune). This solution applies to all security updates for all supported versions of Visual Studio, making it easier for organizations to always stay updated and secure.
How It Works
Client Machine Configuration
In order to take advantage of this new capability, the IT Administrator will need to appropriately configure the client machines in the following manner.
- Ensure the client machines are connected to the cloud (i.e. have internet access), be either Azure Active Directory (Azure AD) or Active Directory (AD) joined to your organization, and be visible as a client to Microsoft Endpoint Manager.
- Enable and appropriately enroll the client machines into Windows Update for Business. In particular, the AllowMUUpdateService policy must be turned on in order for the client machine to receive updates through Microsoft Update.
- Configure the client machines to receive Visual Studio Administrator updates by having the Visual Studio AdministratorUpdatesEnabled policy set to “2”.
Automatically Updating in the Background
Once the client machines are configured correctly, then every time a Visual Studio security update is released, the clients will automatically detect and install the update silently in the background, like all other updates delivered through Windows Update for Business. Most users won’t even be aware that the update has taken place.
Updating On Demand
Users can also manually initiate the update themselves by invoking the Windows Updates UI and pressing the button to “Check for updates”. Visual Studio administrator updates are delivered through the setting “Receive updates for other Microsoft Products”. If a Visual Studio administrator security update is available and applicable to what’s installed on the client machine, then it will be delivered and installed immediately. This experience is illustrated in the picture below.
Installing Visual Studio administrator updates through Microsoft Update “Check for Updates”
There are a few common scenarios where the update may be temporarily blocked from installing, such as if Visual Studio is in use. In these cases, the update will simply try again at a later point.
Additional Functionality that Complements the Experience
There are a couple of other new capabilities now available that you may also be interested in:
- We just started packaging and releasing Visual Studio ADMX templates, which simplifies IT Administrators ability to discover and configure Visual Studio policies. You can use these templates along with Microsoft Endpoint Manager to easily control the policy settings on your client machines.
- We’re now providing a way to bulk remove, during every update operation, all components installed by Visual Studio that maybe have transitioned to an out-of-support state. IT Administrators will be able to control this configuration via policy, which will further help with the goal of keeping client machines in a secure state.
Summary
We encourage all organizations that use Visual Studio to stay updated and secure, and we hope that this solution will make it easier for you to manage and maintain your cloud connected devices. Further details and information for IT Administrators can be found in the Visual Studio Administrators Guide.
For devices that are joined to an Active Directory (AD) network, you can continue to deploy the Visual Studio administrator updates that are available via the Microsoft Catalog or Windows Server Update Services (WSUS) and deployable via System Center Configuration Manager (SCCM). We announced this capability back in April 2021 and nothing here has changed.
We welcome your feedback on this experience. Feel free to add comments to this blog post, submit a problem report on the Visual Studio IT Administrator feedback page, or leave a suggestion for another experience you’d like us to deliver.
0 comments