How to Deploy Visual Studio Updates Using ConfigMgr

Here is good news! You can deploy Visual Studio updates using ConfigMgr. You can enable administrator updates to Visual Studio with Microsoft Endpoint Configuration Manager. This new feature was announced few days after the release of Configuration Manager 2103. So let’s explore how to deploy Visual Studio updates using SCCM.

First let’s read this big announcement from Microsoft. During the month of April 2021, Visual Studio will start publishing administrator updates to Visual Studio 2017 and Visual Studio 2019 via Windows Server Update Services (WSUS) and the Microsoft Update Catalog. Enterprises will be able to then use standard deployment tools like Microsoft Endpoint Configuration Manager to easily roll out these updates throughout their organization.

Ok that announcement was a great step towards managing Visual Studio updates on your client machines. I am not a coder and I don’t use Visual Studio much. However what’s interesting is you can easily deploy Visual Studio updates using ConfigMgr. If you don’t have SCCM installed in your setup, you can deploy the Visual Studio updates using WSUS.

Types of Visual Studio Administrator Updates

There are three types of Visual Studio administrator updates.

  • Security updates – These are very important updates and deliver fixes to security vulnerabilities in Visual Studio product.
  • Feature updates – The feature updates usually contain new features that gets added to current versions.
  • Quality updates – The quality updates contain targeted servicing bug fixes to a particular minor version.

The below table is provided by Microsoft and helps you to understand about types of Visual Studio Administrator Updates.

Types of Visual Studio Administrator Updates
Types of Visual Studio Administrator Updates

Enable Visual Studio Updates using WSUS

If you don’t have Configuration Manager installed and rely on WSUS for deploying updates, you must first enable Visual Studio updates in WSUS.

  • Login to WSUS server and launch the WSUS Console.
  • Click Options and select Products and Classifications.
  • In the Products tab, look for Developer Tools, Runtimes and Redistributables section.
  • Enable Visual Studio 2017 and Visual Studio 2019 updates.
Enable Visual Studio Updates using WSUS
Enable Visual Studio Updates using WSUS

Next, we also need to ensure the classifications (type of updates) are enabled. The Visual Studio updates are of three types – security updates, quality updates and feature updates. To know what each of these updates are, refer types of Visual Studio administrator updates table. You may enable all of them or enable the ones that your organizations permits. So under the classifications tab, select the type of updates that you want to deploy.

Enable Visual Studio Updates using WSUS
Enable Visual Studio Updates using WSUS

After you select the Visual Studio products, you must wait until the WSUS synchronization completes. You may also manually trigger the WSUS sync to see the Visual Studio administrator updates in WSUS console.

In the WSUS console, expand Updates and click All Updates. Use the search function to find all the Visual Studio updates. Since we have enabled both Visual Studio 2017 and 2019, we see those updates in WSUS console.

Visual Studio Updates in WSUS
Visual Studio Updates in WSUS

Enable Visual Studio Updates in ConfigMgr

Before you start to deploy Visual Studio updates using ConfigMgr (SCCM), you need to first enable the Visual Studio updates in ConfigMgr. This needs to be done in the Software Update Point properties.

  • Launch the Configuration Manager console.
  • Navigate to Administration\Overview\Site Configuration\Sites.
  • Select your site, right click and select Configure Site Components > Software Update Point.
  • In the Software Update Point component properties, select Products tab.
  • Enable Visual Studio 2017 and Visual Studio 2019.
Enable Visual Studio Updates in ConfigMgr
Enable Visual Studio Updates in ConfigMgr

Next click the Classifications tab and select the type of Visual Studio updates that you want to deploy. Click Apply and OK. Go to Software Library\Overview\Software Updates\All Software Updates and run Synchronize Software Updates.

Enable Visual Studio Updates in ConfigMgr
Enable Visual Studio Updates in ConfigMgr

Wait for the SUP sync to complete. You may have several updates in the list. To find all the Visual Studio administrator updates, type Visual Studio in the text box. This should list all the Visual Studio updates in SCCM console.

Visual Studio Updates in ConfigMgr
Visual Studio Updates in ConfigMgr

You can also create a SCCM device collection for Visual Studio. We will now deploy visual studio updates using ConfigMgr.

Deploy Visual Studio Updates Using ConfigMgr

Using ConfigMgr ADR (Automatic Deployment Rule) we will deploy Visual Studio updates to the computers.

  • Launch the ConfigMgr console.
  • Go to Software Library\Overview\Software Updates\Automatic Deployment Rules.
  • Right click Automatic Deployment Rules and click Create Automatic Deployment Rule.
  • Specify the ADR name as Deploy Visual Studio updates.

I am going to select Patch Tuesday template here and I will change few settings later (if required). Click Browse and select the device collection that contains computers installed with Visual Studio software. For the setting Each time the rule runs and finds new updates, select Create a new Software Update Group. Click Next.

Deploy Visual Studio Updates Using ConfigMgr
Deploy Visual Studio Updates Using ConfigMgr

On the Deployment Settings window select Automatically deploy all the software updates found by this rule and approve any license agreements. Click Next.

Deploy Visual Studio Updates Using ConfigMgr
Deploy Visual Studio Updates Using ConfigMgr

In this step you actually specify what’s going to be deployed to the endpoints. The search criteria in your case may differ from the one presented below due to different requirements. Following is the search criteria that I am using.

  • Data Released or Revised – Last 2 months.
  • Product – Visual Studio 2019.
  • Update Classification – Feature packs or Security Updates or Updates.

Click Next.

Visual Studio Updates Criteria
Visual Studio Updates Criteria

You can set the evaluation schedule based on your requirement. I am going to run the rule after software update point synchronization. Click Next.

ADR Evaluation Schedule
ADR Evaluation Schedule

Configure the deployment schedule for the visual studio updates deployment. Click Next.

Visual Studio Updates Deployment Schedule
Visual Studio Updates Deployment Schedule

Specify the user experience settings for the deployment. Ensure you suppress the reboots for workstations. Click Next.

User Experience Settings
User Experience Settings

In this step you can either create a new deployment package to deploy visual studio updates using ConfigMgr or select an existing deployment package. Click Next.

Specify Visual Studio Updates Deployment Package
Specify Visual Studio Updates Deployment Package

Set the download location to Download software updates from the internet. Click Next.

Specify Updates Download Location
Specify Updates Download Location

Specify the download settings as shown in the below screenshot. Click Next.

Deploy Visual Studio Updates Using ConfigMgr
Deploy Visual Studio Updates Using ConfigMgr

On the Completion window, click Close.

Deploy Visual Studio Updates Using ConfigMgr
Deploy Visual Studio Updates Using ConfigMgr

This actually completes the steps to deploy Visual Studio updates using ConfigMgr.

Visual Studio Updates on Client Computers

When I installed Visual Studio 2019 on my client computers, the executable downloaded the latest version and installed it along with updates. As you know there is no offline installer for Visual Studio 2019 and you cannot install old and outdated version by any means.

When I created the ADR I was hoping to see at least one computer that shows the visual studio updates. Later I found that all my client computers are running the latest version of Visual Studio 2019. The ADR did run successfully and the software update group had 7 visual studio updates. Out of 7 updates, 6 updates were compliant and one update was unknown.

I will keep this ADR enabled and for next few weeks I will monitor if new updates appear on client computers. If I see any new updates in the software center I will add the screenshots. I hope this post gives you an idea on how to enable Visual Studio updates in WSUS and ConfigMgr and deploy them to computers.

Deploy Visual Studio Updates Using ConfigMgr
Deploy Visual Studio Updates Using ConfigMgr

Update – The Visual Studio updates ADR that I created seems to be deploying updates successfully. Here is the screenshot of the Visual Studio 2019 version 16.9.0 to 16.9.5 update.

Deploy Visual Studio Updates Using ConfigMgr
Deploy Visual Studio Updates Using ConfigMgr

16 Comments

  1. Hello,
    Is connection to visualstudio.microsoft.com servers required during installing update through SCCM like updating it via VisualStudio Installer?
    I installed Visual Studio Client Directory Utility and set AdministratorUpdatesEnabled key in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\Setup as 1 and machines were firewall is blocking connection are failing.

  2. Followed the above steps and added the registry key AdministratorUpdatesEnabled on all the hives mentioned, but getting the below error. Kindly help me on this issue.

    The client machine must be enabled to receive this administrator update

  3. Hi
    The Update Pack run in this errors :
    Installation Failure: Windows failed to install the following update with error 0x80070643: Visual Studio 2017 version 15.9.0 to 15.9.35 update.
    Installation Failure: Windows failed to install the following update with error 0x80070643: Visual Studio 2019 version 16.8.0 to 16.8.7 update.

    Any Ideas zo fix it ?

  4. Hello
    Thanks Parjwal, the solution works for me. But if I want to update the build version. example of going from 16.0.22 to 16.10.0, how should I proceed

    1. HI What was the solution for this faliure?

  5. Avatar photo Josh Rogan says:

    Is there a way to install Visual Studio 2019 updates without an ADR?

      1. Avatar photo Josh Rogan says:

        Thank you for the response, Prajwal. I tried that, but the updates never completed. My guess is because the clients do not report as needing the updates. I know this is not reality, because I have about 14 computers all in need of VS updates. Do you know if a reason why the clients would be reporting to the server that there are 0 required?
        By the way, I have been following this blog for a long time and used it countless times to help me with various SCCM challenges over the years. Thank you.

  6. Avatar photo tom jerry says:

    what happened to my question?

  7. Avatar photo tom jerry says:

    I have been trying to deploy these updates without an ADR. The problem is, I think, that it appears that all of my clients which have VS installed show as 0 required. Di you know why my clients would report that the update is not required?

    1. Avatar photo Techie SCCM says:

      You might need to wait until the updates are ready. Initially it may show updates not required but later the updates will be applied.

    2. For me it working after modify registre @David

    3. Hi Tom Jerry,

      I think there are multiple things going on here. First, you probably need to create a configuration baseline to detect if Visual Studio is installed or not. Then, use the link that @David provided to set the opt in parameter. If this is not set, you will not get updates. This is something I am working on with the Visual Studio team at Microsoft. It makes sense from a programming perspective not to get updates automatically, but from an Admins perspective it just causes more work. It can be a bit confusing so I’ll try to explain it a bit.

      First, you will need to create a detection Configuration Item(CI). I called mine CI – Detect Visual Studio and Create Admin Registry Key. I know it’s subtle. You will be checking if the HKLM:SOFTWARE\Policies\Microsoft\VisualStudio\Setup admin key exists. We detect here because the article actually lists 3 places the key could exist. Based off my testing, this location covers them all.

      Setting Type: Script
      Data Type: String

      Discovery Script:
      If (Get-ItemProperty -Path ‘HKLM:SOFTWARE\Policies\Microsoft\VisualStudio\Setup’ -Name ‘AdministratorUpdatesEnabled’ -ErrorAction SilentlyContinue) {

      Write-Output ‘Compliant’

      } Else {

      Write-Output ‘Not Compliant’

      }

      Remediation Script:
      New-Item ‘HKLM:SOFTWARE\Policies\Microsoft\VisualStudio\Setup’ -Force | New-ItemProperty -Name ‘AdministratorUpdatesEnabled’ -Value ‘1’ -PropertyType ‘DWORD’ -Force | Out-Null

      Compliance Rules:
      Name: Check if Administrator Enabled Key is Compliant
      Rule type: Value
      Operator: Equals
      For the following values: Compliant
      Check the box to Run the specified remediation script when this setting is noncompliant.

      Once you are done with this, you will need to create a Configuration Baseline to deploy to a collection. I would install VS on a test machine, and ensure the detection and discovery scripts are work. You can also run them manually to test. Once this is deployed and installed along with setting the Admin Key, you should be all set.

      You’re not done yet if you have older VS installs. You’ll need to bring them current. There is a client called the Visual Studio Client Detector Utility that has to be installed as well. This ensures each machine knows how to report is needs the update. It’s actually listed, at this time, as Article ID 5001148 Visual Studio Client Directory Utility.

      1. Nathan, thanks for your guidance, very helpful!

      2. Amazing, you’re great! Thanks a lot 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *