Let’s see the Best Practice of Intune Driver Management shared by Microsoft. Microsoft Intune Windows Driver Update Management allows you to review, approve for deployment and pause deployments for driver updates for your managed Windows 10 and Windows 11 devices.
As per Microsoft, many customers use Model Based Groups for Intune driver management. They are different types of update policies such as Update Rings Policy, Feature Update Policy and Driver Update Policy. There are some Pros and Cons in Model-Based Groups.
The Best Practices of Intune Driver Management covers the Pros and Cons of Model-Based Groups. You will also get information such as the Typical Duration of Events and Reporting and Windows Data Collection from this blog post. This post is inspired from the Ryan Williams tech takeoff session (more details below).
Driver and Firmware management functionality in Intune makes it easier to keep Windows drivers on your devices (windows) up to date in two main ways. To control the driver updates with Intune policies, the latest updates are available in the following post – Efficient Management Of Windows Driver Firmware Updates From Intune Policy.
- Intune RBAC Role for Windows Drivers Update Management
- Intune Pivot Query Real-time Reporting Troubleshooting Capabilities
Best Practice of Intune Driver Management
Create driver policies aligned with Device models rather than how they have assigned devices in their other update rings. The Pros and Cons of Model-Based Groups based driver deployment is explained in the below section of the blog post.
Pros and Cons of Model-Based Groups
The Pros and Cons of Model-Based Groups consist of Main Deployment Rings Groups in Intune and Model-Based Rings Groups in Intune. On the left side, you can see the traditional update ring policies with devices aligned based on organizations on the right are driver policies created based on individual device models.
Microsoft doesn’t recommend to use model based groups for driver updates.
Model-based groups can help organizations with special needs with certain hardware or those that just want more details. The system takes care of deploying approved drivers to only applicable devices. It is the primary recommended way of doing it going forward.
| Pros of Model Based Groups | Pros of Model-Based Groups |
|---|---|
| Driver policy has fewer drivers to manage like devices will have more overlap on the drivers that are applicable for them | This makes more groups to manage, adding some complexity |
| It is easier to know devices are affected by the drivers available to the group | Users cant really align driver and quality deferrals |
| Most drivers will be available for a majority of the devices in the policy | Microsoft is planning to introduce a feature that will help align reboots and have driver policies aligned with quality update policy assignments |
Insights of Intune Driver Management Service
In the below section – Let’s understand the insights of Intune Driver Management Service from Microsoft. These insights are going to help Admins to design the Driver management approach in more appropriate way for your organization.
Typical Duration of Events
This section is discussed about Typical Duration Events. Typical duration of events that are the customer’s engagement points with the service. Typical Duration of Events includes Device Assignments, Device and Inventory, Approval and Offer Ready, and Device Scan and Client Events.
Device Assignment
Assigning devices to a driver policy, they are automatically enrolled into the service for driver management device assignment, and enrollment is typically completed within 3 hours. The Driver Settings in the Update Rings will be moved after 24 hours.
Device Scan and Inventory
Device Scanning behavior’s is varied, and it is based on device configuration. The Status is like it is on or off and if it is connected to the internet. Scanning can be done daily or even every couple of days. Device scanning is a requirement for generating inventory.
- Enrolled devices do scan Windows updates using the check for updates caller
- It will be sending results to our services, allowing us to curate a list of drivers available for all devices in your policy post-scan.
- Driver inventory should be available in your policy after approximately 6 hours
Approval and Offer Ready
Driver Approvals and offer ready after approval drivers are offered to applicable devices roughly 6 hours after the approved start date time has passed. For a driver to be approved for a device must have been scanned, and the service must have identified the approved. Each device’s driver’s approval should appear in the Intune report within 6 hours.
Device Scan Client Events
Device scan and client events, as with the earlier step, there is some variability to device scan time. But when devices with approved drivers scan the next time they will receive the update on their scan.
Peripherals like mouse keyboard video camera will only be offered to the device if it is still connected to the device at scan time for client events. You must ensure devices have the necessary Windows Diagnostic enabled for client treaty collection. More details are on the next slide.
- Intune Anomaly Detection Device and Advanced Analytics
- New Intune Reporting Changes and Details about Data Platform coming to you by 2024
Reporting and Windows Data Collection
Client events such as downloading, installing installed, waiting for restart, and errors are typically visible in Intune reports. Approximately 8 hours after the update is offered to the device after approving the drivers, the next thing you probably want to know is the status of drivers on the devices. A reporting setting is needed so that you can get that status for each device for each driver to enable.
- Open Intune Portal
- Enable Windows diagnostic data settings
After you go to the Intune portal and set the settings, it can take up to 24 hours before client devices can send the client telemetry. You will still see the reports and device status without setting the settings. It will only be service side events, and the last event that you will see is offer ready, which basically means that devices are now ready to get the drivers.
- Intune makes it easy for admins to know whether that setting is there or not
- To enable that, we have put a banner both in the list view of the policies and in the reporting view where if it is not set
- You will be able to click on the banner, go to Settings and enable it
Reference
Video – (2) The latest on managing Windows updates in Microsoft Intune – YouTube
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
Gopika S Nair is a computer enthusiast. She loves writing on Windows 11 and Intune related technologies. She is here to share quick tips and tricks with Windows 11 or Windows 10 users. She is Post Graduate Diploma Holder in Computer Science.