In this blog post, I will discuss Expedite Windows Quality Update deployment using Microsoft Intune. Expediting Windows Quality Updates is crucial for maintaining the security and performance of enterprise devices, especially when critical vulnerabilities are discovered.
Windows Quality Updates generally include security fixes, performance improvements, and bug fixes and typically follow a monthly release schedule (often called Patch Tuesday). However, there may be instances when IT administrators need to accelerate the deployment of these updates across their device fleet.
This can be achieved using Microsoft Intune or Windows Update for Business(WUfB), which offer granular control over how updates are managed and deployed to endpoints. Expediting these updates helps reduce the exposure window to security threats, ensuring systems remain protected against the latest vulnerabilities.
Moreover, Intune allows IT teams to monitor the status of updates across their managed devices in real-time. By generating reports, admins can see which devices have successfully installed the update and which are pending, helping them address any issues that might arise during the deployment.
Table of Contents
Prerequisites For Expedite Windows Quality Update
Several prerequisites must be met before expediting Windows Quality Updates using Intune to ensure a successful and seamless deployment. These prerequisites cover the device setup, configuration settings, and licensing requirements. Below is an overview of the key prerequisites.
Intune provides a streamlined way to expedite Windows Quality Updates without disrupting regular user workflows. Admins can create Update Rings that define policies around when and how devices should install updates.
The patching visibility ensures a smooth and efficient rollout process, reducing the likelihood of compliance issues or security breaches. Overall, expediting Windows Quality Updates is critical for keeping devices secure, minimizing downtime, and ensuring the enterprise environment remains resilient to evolving cybersecurity threats.
| Prerequisites | Details |
|---|---|
| Windows Version Requirements | Devices must be running Windows 10, version 20H2 or later, or Windows 11 to support the expedite update feature. Both the Windows Update service and the Windows Update for Business policies need to be properly configured on these devices for the updates to be managed via Intune. |
| Licensing Requirements | To use the expedite feature in Intune, your organization must have the appropriate licensing, specifically:Microsoft Intune licenses. Windows 10/11 Enterprise E3 or E5 licenses. Alternatively, Microsoft 365 E3 or E5 subscriptions, which include both Intune and Windows licensing, can also fulfill the licensing requirements. |
| Device Management via Intune | Devices must be enrolled and managed by Microsoft Intune. MDM (Mobile Device Management) policies should be active, and devices must be properly assigned to update rings in Intune. This allows the IT administrator to push update policies to the devices. |
| Windows Update Settings Configuration | Windows Update for Business settings should be configured within Intune to manage the update policies. Devices should have their Delivery Optimization set up correctly to ensure faster download and installation of updates, especially in distributed networks. Devices need to be online and have access to the Windows Update service for the expedited updates to be delivered. |
- Best Way for Windows 11 24H2 Upgrade using Intune and Windows Update for Business WUfB Deployment
- Windows Update Logs Deep Dive with Microsoft
- Best Guide to Remove Windows Update Features Access with Intune
Create an Expedite Windows Quality Update Profile with Intune
Here are the steps to create an Expedite Windows Quality Update Profile with Intune. Let’s discuss the step-by-step method to create the profile.
- Sign In to the Microsoft Intune admin center
- Navigate to Devices > Windows > Manage Updates > Windows 10 and later updates.
- Click on Quality Updates > +Create Profile
In the Settings pane, fill in the details below. In this example, we are going for the latest Expedite update for October. You also see 09/10/2024 – 2024.09 B SecurityUpdate for Windows 10 and later update available in Intune.
- Name: Expedite Windows Quality Update – Policy
- Expedite installation of quality updates if device OS version less than 10/08/2024 – 2024.10 B SecurityUpdate for Windows 10 and later
- Number of days to wait before restart is enforced : 0 days
On the next page, leave the Scope tags as Default. You can also select any other custom scope tags available to the tenant based on your requirements.
Click on Next and assign the profile to HTMD – Test Computers. Then click Add Groups and select the required device group in the Included Groups option.
On the Review + Create page, carefully review all the settings you’ve defined for the Expedite Windows Quality Update. Select Create to implement the changes once you’ve confirmed everything is correct.
- How to Set App Defaults using Intune | Export the Default XML File & Encode it in Base64 format
- Top Windows Update Issues and Fixes Revealed by Microsoft
Monitor the Expedite Windows Quality Update Deployment Status
The profile has been deployed to the Microsoft Entra ID groups. The policy will take effect as soon as the device is synced.
Follow the steps below to generate a report on the Windows feature update status and monitor the profile deployment status from the Intune Portal.
Navigate to Reports > Windows updates> Reports tab > Select Windows Expedite Update Report.
Under the Expedited update policy, choose the Expedited update deployments as Expedite Windows Quality Update – Policy. Click on OK. Leave Update aggregated status and Ownership as “All” and click on Generate report.
End User Experience – Best Way for Windows 11 24H2 Upgrade using Intune
Now, we have to check whether the Expedite Windows Quality Update profile deployment is working correctly. Log in to one of the policy-targeted devices.
Click on the Search Icon and Settings > Windows Update> Quality Updates. You can see that the 2024-10 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5044285) has been successfully installed on our device.
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Vaishnav K has over 11 years of experience in SCCM, Device Management, and Automation Solutions. He writes and imparts knowledge about Microsoft Intune, Azure, PowerShell scripting, and automation. Check out his profile on LinkedIn.