Let’s have a quick review of Intune Driver Firmware Update policies. Also, have a look into the following options to control the driver updates with Intune policies.
- Approve
- Schedule
- Suspend
Update: Driver Update policies are made available on 14th Feb 2023 if you are a Windows E3/E5/A3/A5 or Microsoft 365 Business Premium subscriber. Intune portal integration is coming soon. You need to use Graph API to Manage driver approvals using the Windows Update for Business deployment service.
Update: Microsoft added the release dates of Intune Driver Firmware Update Policies in their roadmap. You can scan for, approve, deploy, and monitor driver and firmware updates. The latest information is that:
- Preview: May 2023
- GA: July 2023
This blog post is based on the Ignite 2021 session by Thad Martin and Bryan Keller. You can refer to the session video Driver and firmware servicing in the enterprise – Microsoft Tech Community.
NOTE! – This feature is not available in Intune at this point in time but possible via Graph API (as per the update on 14th Feb 2023). When the Driver Update Policies will be available in Intune? Plan to launch all capabilities in public preview in July 2022, with a fully open-sourced web application?
Microsoft added additional details about the Driver updates using WUfB in the recent Ignite 2021 Nov edition. More details are available in the video Commercial driver and firmware servicing with the Windows Update for Business deployment service – Microsoft Tech Community
Current Driver Update Architecture
The following is the diagram shown in the Ignite session to explain the current architecture flow of Windows 10 Driver updates using Windows Update for Business. There are no selection and approval capabilities with the current driver update policies in Intune.
- Intune Admin configures and set the Windows 10 Update policy for managed devices.
- Devices Scan against Software Update in the cloud.
- All the available drivers are offered for those devices.
New Driver & Firmware Servicing Architecture
Now, let’s look at the architecture diagram provided by Microsoft to understand the new driver & firmware update flow.
- Intune Admin creates a new Windows 10 Driver Update policy.
- Intune Admin browse and select particular driver updates.
- Deploy to Azure AD device group.
- Devices scan against Software Update cloud service based on Windows 10 Driver update policy.
- Software Update cloud service sends the Scan results back to Intune.
- Intune populates available driver updates for those devices based on the data from the software update service.
- Intune Admin approves the selected driver updates and saves the Windows 10 Driver Update Policy.
- Devices scan against software update services based on the new approval (updated) policy.
- Only the approved Driver updates are offered to the devices by the Software Update service.
Intune Driver Firmware Updates
You can create a new Windows 10 Driver Update policy from the Devices node, as you can see in the below screen capture.
- Login to Endpoint.Microsoft.com.
- Navigate to the Devices node.
- Scroll down to the Policy section.
- Click on Windows 10 Driver Update policies blade to create a new Driver update policy.
There are two options when you create Intune Driver update policy for controlling Windows Update for Business driver updates.
- Automatically Deploy all applicable updates from Windows Update
- You have the option to Delay the Driver Update deployment to devices
- Deploy after (0 to 14 days)
- You have the option to Delay the Driver Update deployment to devices
- Deploy Only approved updates (Manual process)
- There is an option to notify me when new recommended updates become available
NOTE! – Microsoft recommends creating Azure AD groups with a similar model so that it will be easy to manage driver updates for those group devices.
Review – Approve – Schedule Driver Updates from Intune
Follow the steps to review, select, approve, and schedule driver updates from Intune.
- Click on New Updates (3), available under the New Updates column from Windows 10 Driver Update Policies blade.
This will take you to the available list of driver updates details page for this group of devices.
- You also have the following options to manage the Driver Update policy.
- Suspend the policy – If you hit some issue with the driver updates. To pause the deployment of Driver updates.
- Delete the Policy
- There are three sections on this page:
- Properties
- Recommended Updates
- Previously Approved Updates
- You will have the following details for each driver update.
- Driver Name
- Version Number of Driver update
- Driver Date
- Manufacturer – Intel/Realtek/DisplayLink
- Driver Class – Video/Sound/Networking
- Status – Approved or Available
- Devices Applicable
- Devices Installed
- Click on the Driver name where the status is Available.
- On the right side of the Endpoint Manager portal, you can see the Manage Deployment blade.
Click on the drop-down menu from the Action section and select Approve to approve this driver update deployment.
Now, let’s schedule the Windows 10 driver update from Intune.
- Under the Deploy section, you have an option to select a date.
- From this particular date whenever the client scans Windows Updates, this particular DisplayLink update will get offered to those 991 devices, as you see in the below screenshot.
- Click on Save to continue.
Suspend Driver Updates on Intune Managed Windows 10 Devices
Now, let’s understand what the options are to suspend the Windows 10 Driver update policy because of known issues with the driver updates. You can do this suspension from the same page mentioned in the above section.
- Click on the Driver Name that you want to suspend.
- Click on the drop-down menu from the Action section on the Manage Deployment blade.
- Select the action option called Suspend.
- Click the Save button to suspend the further deployment of that particular driver update.
Now you can see that the particular Driver status is changed to suspended.
Results
Let’s quickly check the resultant Windows 10 Driver update policy from the Endpoint Manager portal. The following are the details that you can see in the policy blade.
- Update Policy Name – Name of the policy.
- Type of Policy – Manual or Automatic.
- Devices Assigned – Devices assigned to this policy.
- Devices Reporting – Number of device scans & start reporting to Software Update (for Business) services with inventory details.
- New Updates – Once the scan is completed, the new updates will appear.
Resources
- Difference Between Windows Patch Management Using Intune Vs ConfigMgr | SCCM | Software Updates
- Windows 10 Software Update Patching Options with Intune WUfB
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
I do not see Windows 10 Driver Update Polices in the https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/overview
Blade
I don’t think this is released yet?
when is this coming out
Hi @Anoop C Nair Can you share with us if you know that when it should be released ? because this will be very helpful for companies. I look forward to this feature.
thanks
Unfortunately, it’s not something I have visibility. Even I’m waiting for the same.
It is strange because I cannot see this feature in roadmap here:
https://www.microsoft.com/cs-cz/microsoft-365/roadmap?rtc=3&filters=Microsoft%20Intune%2CMicrosoft%20Endpoint%20Manager
Updates on release dates can be found in this blog post:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/deployment-service-for-driver-updates-public-preview-coming-soon/ba-p/2914212
Is this one? -> plan to launch all capabilities in public preview in July 2022, with a fully open-sourced web application
It is still not there 🙁
I know they got into some critical issue during private preview I suppose. Hence this is delayed.
When is comming ?
What abot BIOS updates, and encrypted disks?