I am currently Running 11.3.2 and using Patch Policy for updates for Windows.

I have our computers Bios set to turn to power on in the middle of the night, Bundles also reboot any computers awake just before the power on. We have distribution rules, and launch rules scheduled shortly after. I disabled the "Run on Refresh" and just went with a schedule.

I have 2 patch policies, Patch policies are set to "Rebuild" and "Publish" on a schedule.

MS Critical
3rdParty Software

MS Critical is used to deploy all critical updates that are older than 7 days, and no older than 1 year. This deploys All critical updates to devices As needed. As new "Software installers" are available or I want to install the new version of IE or .Net etc... I add them to the members tab. Thus when the PP runs it installs these bundles.

3rd Party runs the pretty much the same way, it contains the updates for adobe(Flash, Shockwave, Air), 7zip, Notepadd++, etc.... The baseline installers are in the Members tab As some of the updates require a certain installer before the update will apply.

What I am curious about is best practices for "Recommended" updates. Does anyone apply recommended updates? If so, frequency? What kind of patch policy / schedule do you use? I had set an original patch policy that contained both Recommended and Critical, however it was quite large and took a bit of time to run. So I cleaned it up and went back to just Critical. I guess I could go back and do a separate "MS Recommended". Also by running critical without running the Recommended, will this cause any issues with "out of Sync" patch?

I will say so far I really like the new Patch Policy design. I have not had any major issues with it specifically that I could not work around.