Key features

• The Deployment Schedule will deploy a new version of a given application based on the Deployment Schedule configuration assigned to a given application when updated. This allows users to deploy a new version utilizing a phased roll-out.
• Each Deployment Schedule has a name, a number of phases and a trigger.
• A phase has a name, an Assignment Profile that will be assigned to the application when the phase becomes active, an offset in days and a requirement script. The requirement script allows to only install/patch the new version on devices that have the application installed already.
• The defined offset for the initial phase is derived from the trigger, the offset for the remaining phases is based off of the initial phase.
• If the requirement script radio button is toggled on, then the phase will affect only the users/devices where the requirement.ps1 script returns 1.
• The trigger for a deployment schedule will decide when and how a deployment schedule is initiated, there are 3 options:
  1. When a new version is uploaded: the Deployment Schedule will start whenever a newer version of that application is uploaded.
  2. Weekly: the Deployment Schedule will start every week on the day specified. This allows you to deploy all new application versions starting on a given day of the week.
  3. Monthly: the deployment schedule will start every month in a specified week day of one of the first 4 weeks at 00:00. E.g. (first Monday of the month or third Wednesday of the month).
• When creating a new deployment schedule, the name and the Assignment Profile for each existing phase is required.
• An application can have only 1 deployment schedule at any given time.
• An application has to be deployed or else you can not assign a deployment schedule to it.
• You can not have a deployment schedule with less than 1 phase.
• You can not have a deployment schedule with more than 28 phases.
• The number of phases depends on the offset and on the trigger option, those 2 above are the minimum and maximum limits.
• If the trigger is set on Weekly, the maximum number of phases can not exceed 7. This is to ensure patch capability when new updates are made more than once a week.

---

Smart Patching

Smart Patching can be enabled for a Deployment Schedule. This creates a final phase called a Smart Patch phase. The Smart Patch phase ensures that the application that the schedule is assigned to will only have devices assigned as Required if the devices are detected to have the application installed, as this is the final phase, it will be applied at the end of the Deployment Schedule. All devices that are not detected to have the application installed will not be assigned or have their assignments removed from the application using the schedule.

Smart Patching Background

Patching devices in Endpoint Admin depends on having a patch application instance that includes a requirement script. This setup ensures that only devices with the specific application already installed will be patched. As a result, even if a user installed the application through the Company Portal or by other means, it will still be patched.

To optimize device resource utilization, we identify which devices actually have the software installed, so we can limit the scope of the patch deployment to only those devices. The Installations Dashboard already has the ability to map a specific Endpoint Admin application to the Discovered Apps on each device. We use this data to create an Entra ID group which contains the devices known to have the application installed.

When this approach is applied only to the Patch Application instance, users can still uninstall available applications via the Base Application instance in the Company Portal. In such cases, the Patch Application won’t be applied because its requirement script will no longer detect the app as installed. Therefore, there’s no conflict – even if there’s a delay between when a user uninstalls an application and when their device is removed from the Smart Patch application group.

For the Smart Patch functionality to work, the application must be properly installed on the endpoint and appear in the “Add or Remove Programs” (appwiz.cpl) list. Otherwise, it won’t be reported in Intune’s Discovered Apps list, and we won’t be able to detect its installation. Since some applications don’t register themselves in this way, the Smart Patch solution won’t be applicable to all applications.