Let’s discuss about Intune Driver Firmware Update Policies | Review Approve Schedule Suspend Options. Microsoft has announced the General Availability of Windows Driver Firmware Management Integration with Intune on June 26th, 2023.
Windows Driver and Firmware update management policies and reports in Microsoft Intune! Also, check Best Practice of Intune Driver Management from Microsoft.
As per Microsoft, this new Driver and Firmware management functionality in Intune makes it easier to keep Windows drivers on your devices (windows) up to date in two main ways. So, you can say bye-bye to all the manual and scripted tasks for Driver management.
It has two parts—the manual work of downloading, repackaging, and deploying drivers using generic tools. Using the Intune integration, you can use driver update management policies and reports built on the Windows Update for Business deployment service.
Table of Contents
Review – Intune Driver Firmware Update Policies
Let’s review Intune Driver Firmware Update policies and investigate the following options for controlling driver updates with Intune policies. The latest updates are available in the following post: Efficient Management Of Windows Driver Firmware Updates From Intune Policy.
- Approve
- Schedule
- Suspend
Update: Driver Update policies will be available on 14 February 2023 if you are a Windows E3/E5/A3/A5 or Microsoft 365 Business Premium subscriber. Intune portal integration happened on 26 June 2023.
- Efficient Management of Windows Driver Firmware Updates from Intune Policy
- Best Practice of Intune Driver Management from Microsoft
Update: Microsoft added the release dates of Intune Driver Firmware Update Policies in their roadmap. You can scan for, approve, deploy, and monitor driver and firmware updates. The latest information is that:
- Preview: May 2023
- GA: July 2023
This blog post is based on the Ignite 2021 session by Thad Martin and Bryan Keller. You can refer to the session video Driver and firmware servicing in the enterprise – Microsoft Tech Community.
Note: This feature is not available in Intune at this point in time but is possible via Graph API (as per the update on 14th Feb 2023). When will the Driver Update Policies be available in Intune? Do you plan to launch all capabilities in public preview in July 2022 with a fully open-sourced web application?
Microsoft added details about the Driver updates using WUfB in the recent Ignite 2021 Nov edition. More details are available in the video Commercial driver and firmware servicing with the Windows Update for Business deployment service – Microsoft Tech Community
Current Driver Update Architecture
The following diagram from the Ignite session explains the current architecture flow of Windows 10 Driver updates using Windows Update for Business. Intune’s current driver update policies do not allow selection and approval.
- Intune Admin configures and sets the Windows 10 Update policy for managed devices.
- Devices Scan against Software Update in the cloud.
- All the available drivers are available for those devices.
New Driver & Firmware Servicing Architecture
Now, let’s examine Microsoft’s architecture diagram to understand the new driver and firmware update flow.
- Intune Admin creates a new Windows 10 Driver Update policy.
- Intune Admin browse and select particular driver updates.
- Deploy to Azure AD device group.
- Devices scan against Software Update cloud service based on Windows 10 Driver update policy.
- Software Update cloud service sends the Scan results back to Intune.
- Intune populates available driver updates for those devices based on the data from the software update service.
- Intune Admin approves the selected driver updates and saves the Windows 10 Driver Update Policy.
- Devices scan against software update services based on the new approval (updated) policy.
- Only the approved Driver updates are offered to the devices by the Software Update service.
Intune Driver Firmware Updates
As the screenshot below shows, you can create a new Windows 10 Driver Update policy from the Devices node.
- Login to Endpoint.Microsoft.com.
- Navigate to the Devices node.
- Scroll down to the Policy section.
- Click on Windows 10 Driver Update policies blade to create a new Driver update policy.
There are two options when you create an Intune Driver update policy for controlling Windows Update for Business driver updates.
- Automatically Deploy all applicable updates from Windows Update
- You have the option to Delay the Driver Update deployment to devices
- Deploy after (0 to 14 days)
- You have the option to Delay the Driver Update deployment to devices
- Deploy Only approved updates (Manual process)
- There is an option to notify me when new recommended updates become available.
NOTE! – Microsoft recommends creating Azure AD groups with a similar model so that it will be easy to manage driver updates for those group devices.
You can create the driver policies from the Intune Portal Devices Node by creating a driver update profile. You can select your policy approval and deployment settings from this Driver Update profile policy creation screen,
You can also choose to set up an Intune Driver and Firmware policy to approve and deploy updates automatically or manually. Once the Intune Driver management policy is created, the approval process cannot be changed.
NOTE! – Another point is that changes to individual driver approvals and deployment details will be possible once an inventory is built for assigned devices.
Review – Approve – Schedule Driver Updates from Intune
Follow the steps to review, select, approve, and schedule driver updates from Intune.
- Click on New Updates (3), available under the New Updates column from the Windows 10 Driver Update Policies blade.
This will take you to the list of driver updates details page for this group of devices.
- You also have the following options to manage the Driver Update policy.
- Suspend the policy – If you hit some issue with the driver updates. To pause the deployment of Driver updates.
- Delete the Policy
- There are three sections on this page:
- Properties
- Recommended Updates
- Previously Approved Updates
- You will have the following details for each driver update.
- Driver Name
- Version Number of Driver update
- Driver Date
- Manufacturer – Intel/Realtek/DisplayLink
- Driver Class – Video/Sound/Networking
- Status – Approved or Available
- Devices Applicable
- Devices Installed
- Click on the Driver name where the status is Available.
- You can see the Manage Deployment blade on the right side of the Endpoint Manager portal.
Click on the drop-down menu from the Action section and select Approve to approve this driver update deployment.
Now, let’s schedule the Windows 10 driver update from Intune.
- Under the Deploy section, you have the option to select a date.
- From this date, whenever the client scans Windows Updates, this particular DisplayLink update will be offered to those 991 devices, as shown in the screenshot below.
- Click on Save to continue.
Suspend Driver Updates on Intune Managed Windows 10 Devices
Now, let’s understand the options to suspend the Windows 10 Driver update policy because of known issues with the driver updates. You can suspend from the same page mentioned in the above section.
- Click on the Driver Name that you want to suspend.
- Click on the drop-down menu from the Action section on the Manage Deployment blade.
- Select the action option called Suspend.
- Click the Save button to suspend the further deployment of that particular driver update.
You can see that the driver status has been changed to suspended.
Results
Let’s quickly check the resultant Windows 10 Driver update policy from the Endpoint Manager portal. The following are the details that you can see in the policy blade.
- Update Policy Name – Name of the policy.
- Type of Policy – Manual or Automatic.
- Devices Assigned – Devices assigned to this policy.
- Devices Reporting – Number of device scans & start reporting to Software Update (for Business) services with inventory details.
- New Updates – The new updates will appear once the scan is completed.
Resources
- Difference Between Windows Patch Management Using Intune Vs ConfigMgr | SCCM | Software Updates
- Windows 10 Software Update Patching Options with Intune WUfB
- More Details Commercial driver and firmware servicing are publicly available! – Microsoft Community Hub
- Manage Windows driver and firmware updates with Microsoft Intune – Microsoft Community Hub
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here – HTMD WhatsApp
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.
I do not see Windows 10 Driver Update Polices in the https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/DevicesMenu/overview
Blade
I don’t think this is released yet?
when is this coming out
Hi @Anoop C Nair Can you share with us if you know that when it should be released ? because this will be very helpful for companies. I look forward to this feature.
thanks
Unfortunately, it’s not something I have visibility. Even I’m waiting for the same.
It is strange because I cannot see this feature in roadmap here:
https://www.microsoft.com/cs-cz/microsoft-365/roadmap?rtc=3&filters=Microsoft%20Intune%2CMicrosoft%20Endpoint%20Manager
Updates on release dates can be found in this blog post:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/deployment-service-for-driver-updates-public-preview-coming-soon/ba-p/2914212
Is this one? -> plan to launch all capabilities in public preview in July 2022, with a fully open-sourced web application
It is still not there 🙁
I know they got into some critical issue during private preview I suppose. Hence this is delayed.
When is comming ?
What abot BIOS updates, and encrypted disks?
It is stil not visible. Just checked in different tenants.
On my tenant it says “Not authorized”. I am global and intune administrator.
Is there a way to export the applicable devices names for a driver , I can only see the amount of applicable devices but can’t seem to find how to see their names or export them from any report.
HI Anoop,
Curent we are using this feature. Could you please let me know how this feature is showing the latest available Driver update under recommended section ? What is check is happening to list the latest available driver under recomended. I am asking this question becaue, the WiFi driver – Intel – net – 22.200.2.1 is not showing for one of the ring groups out of 4 we have created to deploy these
Hi Anoop,
Will the number of PCs to which a specific driver is available drop as the driver is successfully installed? How can I check for progress in the deployment of drivers. Also, I gather than in the Updates for Windows 10 and later configuration I need to specify Windows Drivers Allowed.
Thank you,
Peter