Summary

I have been asked to exclude a group from patching for a month by a few customers while they run end of year reporting in their finance departments. This can be done several different ways, but the important thing is to make sure your organization signs off on the change. What I have done is permanently set a group in Microsoft Endpoint Manager as exclusion group. In this case, I created a ExlusionGroup and FinanceDevices groups. I will be automating the FinanceDevices group to be added to the ExclusionGroup based on the month and removing the following month.

Prerequisite

• AddgrouptoExclusionGroup.ps1
• Using Power Automate or some other tool that allows you to run jobs on a schedule

Steps

1. Navigate to the MEM Portal
2. Navigate to Tenant Administration then select Roles
3. Select Scope(Tags), click Create
4. Name your group, for my example we are calling them Finance Devices, select Next to continue
5. Clcik Add Groups, in the search box type the name of your group. Double click it then click select
6. Select Next to proceed
7. Click Create
8. Navigate to Tenant Administration > Filters then click create
9. Name the filter, for my example we will call it financedevices, Select the platform to Windows 10 and later then click next