I have been trying to create a pretty dynamic yet simple Search Folder to use for generating update lists and deployments, and I have started to wonder exactly what makes an update show as Required. I found a TechNet article that discusses Update Compliance and defines the state as "the software update is applicable and required on the client computer." It goes on to explain a few reasons to be assigned that state, like the update was deployed but not installed or the computer needs a reboot. However, I am looking for reasons why updates are marked as Required in the Software Update Repository.
My understanding is that once an update has been applied to all computers in the SCCM Site collections, then that update will no longer be listed as “Required” because all of the computers that _needed_ to install it _have_ installed it. Therefore the update is no longer required. Is that accurate?
So again, I wonder exactly when does an update get marked as required? Is it when Microsoft marks the update as Critical and scanned computers indicate they do not have that update?
If that is the case, then I should be able to use a search folder that shows only the updates that have a non-zero value for Required and then deploy only those required updates to my environment. Once they have been applied to my computers, then my search folder should be empty until a new update comes out or a new computer enters my sccm collections and is missing something.
Can anyone confirm?