Automate Windows and SharePoint Security Updates ?! RRS feed

  • Question

  • We have multiple SharePoint 2013 & 2016 Farms and in each Farm we are applying Windows and then SharePoint Security updates manually once in 3 months.

    We first install Windows updates followed by SharePoint security updates and then run SharePoint configuration wizard.
    This entire process is taking time to troubleshoot and fix the errors (if any) like "Failed to install SharePoint Security updates" and "SharePoint config wizard Failed" etc.

    For SharePoint 2013 servers : I would need advise on the following:
    Can we setup Windows and SharePoint updates to install automatically? what is the best practice? is it recommended to automate?

    For sharePoint 2016 servers :
    I thought that it's recommended to don't include the SharePoint Security Fixes with the windows update. 

    But in SharePoint 2016 servers, we are not able to manually pick & choose the Windows updates and SharePoint updates to selectively install one after the other. So we are installing wndows & SharePoint security updates together manually. 
    Are there any options to separate windows & SP security updates? what are the best practices.

    The overall goal is to minimize the maintenance/administrative efforts for installing periodic windows & SP security updates (if it is okay to automate in test and production servers).

    Thank you for your time.


    Wednesday, July 18, 2018 4:22 AM

All replies

  • Hi Shruthi,

    Starting with February 2015 CU SharePoint Product Updates including non-security product updates will be made available via Windows Update. Refer to SharePoint CUs and Windows Update.

    You can configure Windows Server Update Services (WSUS) to manage and distribute updates.

    Here is a blog with some information and suggestions for the change to the patch delivery strategy, which would help you:


    Best regards,

    Linda Zhang

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, July 19, 2018 2:20 AM
  • Dear Shruthi,

    I recommend always update your SharePoint farms manually.

    Because if you update fails, it may bring your site down or crash the farm,

    So better execute the update on demo/test farm before updating the production.

    in SharePoint CU update process the binaries[.cab/.exe] installation will take a long time to reduce the downtime you can do as follows

    1. First install all the binaries[.cab/.exe] files on all the SharePoint[App, WFE] servers, you can execute this job while working hours[no need of down time]

    2. Run the configuration wizard in the maintenance window[need down time]

    3. we can reduce this downtime even if you have more than 1 WFE server and your farm is running on Load Balancer, we can stop one WFE on Load balance and  can run the configuration wizard on one server at a time, while another server is serving the portal

    Karim... Please remember to mark your question as answered, if this solves your problem.

    Thursday, July 19, 2018 7:53 AM