Microsoft has announced the General Availability of Windows Driver Firmware Management Integration with Intune on June 26th, 2023. Windows Driver and Firmware update management policies and reports in Microsoft Intune!
As per Microsoft, this new Driver and Firmware management functionality in Intune make it easier to keep Windows drivers on your devices (windows) up to date in two main ways. So, you can say bye-bye to all the manual and scripted tasks for Driver management.
There are two parts to it. The manual work of downloading, repackaging, and deploying drivers using generic tools. Using the Intune integration, you can take advantage of driver update management policies and reports built on the Windows Update for Business deployment service.
Let’s have a quick review of Intune Driver Firmware Update policies. Also, have a look into the following options to control the driver updates with Intune policies. The latest updates are available in the following post – Efficient Management Of Windows Driver Firmware Updates From Intune Policy.
Update: Driver Update policies are made available on 14th Feb 2023 if you are a Windows E3/E5/A3/A5 or Microsoft 365 Business Premium subscriber. Intune portal integration happened on 26th June 2023.
Update: Microsoft added the release dates of Intune Driver Firmware Update Policies in their roadmap. You can scan for, approve, deploy, and monitor driver and firmware updates. The latest information is that:
- Preview: May 2023
- GA: July 2023
This blog post is based on the Ignite 2021 session by Thad Martin and Bryan Keller. You can refer to the session video Driver and firmware servicing in the enterprise – Microsoft Tech Community.
NOTE! – This feature is not available in Intune at this point in time but possible via Graph API (as per the update on 14th Feb 2023). When the Driver Update Policies will be available in Intune? Plan to launch all capabilities in public preview in July 2022, with a fully open-sourced web application?
Microsoft added additional details about the Driver updates using WUfB in the recent Ignite 2021 Nov edition. More details are available in the video Commercial driver and firmware servicing with the Windows Update for Business deployment service – Microsoft Tech Community
Current Driver Update Architecture
The following is the diagram shown in the Ignite session to explain the current architecture flow of Windows 10 Driver updates using Windows Update for Business. There are no selection and approval capabilities with the current driver update policies in Intune.
- Intune Admin configures and set the Windows 10 Update policy for managed devices.
- Devices Scan against Software Update in the cloud.
- All the available drivers are offered for those devices.
New Driver & Firmware Servicing Architecture
Now, let’s look at the architecture diagram provided by Microsoft to understand the new driver & firmware update flow.
- Intune Admin creates a new Windows 10 Driver Update policy.
- Intune Admin browse and select particular driver updates.
- Deploy to Azure AD device group.
- Devices scan against Software Update cloud service based on Windows 10 Driver update policy.
- Software Update cloud service sends the Scan results back to Intune.
- Intune populates available driver updates for those devices based on the data from the software update service.
- Intune Admin approves the selected driver updates and saves the Windows 10 Driver Update Policy.
- Devices scan against software update services based on the new approval (updated) policy.
- Only the approved Driver updates are offered to the devices by the Software Update service.
Intune Driver Firmware Updates
You can create a new Windows 10 Driver Update policy from the Devices node, as you can see in the below screen capture.
- Login to Endpoint.Microsoft.com.
- Navigate to the Devices node.
- Scroll down to the Policy section.
- Click on Windows 10 Driver Update policies blade to create a new Driver update policy.
There are two options when you create Intune Driver update policy for controlling Windows Update for Business driver updates.
- Automatically Deploy all applicable updates from Windows Update
- You have the option to Delay the Driver Update deployment to devices
- Deploy after (0 to 14 days)
- You have the option to Delay the Driver Update deployment to devices
- Deploy Only approved updates (Manual process)
- There is an option to notify me when new recommended updates become available
NOTE! – Microsoft recommends creating Azure AD groups with a similar model so that it will be easy to manage driver updates for those group devices.
You can create the Driver policies from Intune Portal Devices Node – Create Driver Update Profile. You can select your policy approval and deployment settings from this Driver Update profile policy creation screen,
You can also choose to set up an Intune Driver and Firmware policy to approve and deploy updates automatically or manually. The approval process can’t be changed once the Intune Driver management policy is created.
NOTE! – Another point is that changes to individual driver approvals and deployment details will be possible once an inventory is built for assigned devices.
Review – Approve – Schedule Driver Updates from Intune
Follow the steps to review, select, approve, and schedule driver updates from Intune.
- Click on New Updates (3), available under the New Updates column from Windows 10 Driver Update Policies blade.
This will take you to the available list of driver updates details page for this group of devices.
- You also have the following options to manage the Driver Update policy.
- Suspend the policy – If you hit some issue with the driver updates. To pause the deployment of Driver updates.
- Delete the Policy
- There are three sections on this page:
- Recommended Updates
- Previously Approved Updates
- You will have the following details for each driver update.
- Driver Name
- Version Number of Driver update
- Driver Date
- Manufacturer – Intel/Realtek/DisplayLink
- Driver Class – Video/Sound/Networking
- Status – Approved or Available
- Devices Applicable
- Devices Installed
- Click on the Driver name where the status is Available.
- On the right side of the Endpoint Manager portal, you can see the Manage Deployment blade.
Click on the drop-down menu from the Action section and select Approve to approve this driver update deployment.
Now, let’s schedule the Windows 10 driver update from Intune.
- Under the Deploy section, you have the option to select a date.
- From this particular date, whenever the client scans Windows Updates, this particular DisplayLink update will get offered to those 991 devices, as you see in the below screenshot.
- Click on Save to continue.
Suspend Driver Updates on Intune Managed Windows 10 Devices
Now, let’s understand what the options are to suspend the Windows 10 Driver update policy because of known issues with the driver updates. You can do this suspension from the same page mentioned in the above section.
- Click on the Driver Name that you want to suspend.
- Click on the drop-down menu from the Action section on the Manage Deployment blade.
- Select the action option called Suspend.
- Click the Save button to suspend the further deployment of that particular driver update.
Now you can see that the particular Driver status is changed to suspended.
Let’s quickly check the resultant Windows 10 Driver update policy from the Endpoint Manager portal. The following are the details that you can see in the policy blade.
- Update Policy Name – Name of the policy.
- Type of Policy – Manual or Automatic.
- Devices Assigned – Devices assigned to this policy.
- Devices Reporting – Number of device scans & start reporting to Software Update (for Business) services with inventory details.
- New Updates – Once the scan is completed, the new updates will appear.
- Difference Between Windows Patch Management Using Intune Vs ConfigMgr | SCCM | Software Updates
- Windows 10 Software Update Patching Options with Intune WUfB
- More Details Commercial driver and firmware servicing are publicly available! – Microsoft Community Hub
- Manage Windows driver and firmware updates with Microsoft Intune – Microsoft Community Hub
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…