Let’s learn Intune WUfB Feature Update Policy to Upgrade Windows 10 21H1 | Endpoint Manager. In this post, you will see how to upgrade to Windows 10 21H1 with the Intune WUfB Feature Update policy.
The Intune Windows Update for Business (WUfB) Feature Update Policy enables IT administrators to keep Windows 10 devices updated with the latest security defences and Windows features by directly connecting these systems to the Windows Update service.
WUfB lets you control update offerings and experiences, allowing for reliability and performance testing on several devices before deploying updates across the organization.
Microsoft’s Software Update Patching process helps Intune admins configure Windows Update for Business (WUfB) policies for efficient patch management. This involves using Intune and WUfB.
Table of Contents
Video Tutorial – Intune Policy & Patching Configuration for Windows Update for Business
Explore the Video Guide From HTMD, Free Intune Training, Intune Policy & Patching Configuration for Windows Update for Business, and more!
- 3 Categories of Enterprise Windows Update Management Capabilities | Autopatch Reports WUfB and Tenant Mgmt
- Update Compliance Queries to Troubleshoot Intune WUfB Patch Deployment
- Intune Vs SCCM and WSUS Vs WUfB Patching Method Differences
Types of Intune Policy to Manage Windows Updates
Intune provides the following policy types to manage updates, which you assign to groups of devices:
- Windows 10 update ring: This policy is a collection of settings configured when Windows 10 updates are installed. Update ring policies are supported for devices that run Windows 10 version 1607 or later.
- Windows 10 feature updates (public preview): This policy updates the device to the Windows version you specify and then freezes the feature set version on those devices. This version freezes until you update them to a later Windows version. While the feature version remains static, devices can continue to install quality and security updates available for their feature version. Feature update policies are supported for devices that run Windows 10 version 1709 or later.
Prerequisites for Windows 10 Feature Updates Policy
- The device must be running Windows 10 version 1709 or later.
- The device must be enrolled in Intune and joined by Hybrid AD or Azure AD.
- The device must have telemetry turned on, with a minimum basic setting.
- Feature updates are supported for the following Windows 10 editions –
- Windows 10 Pro
- Windows 10 Enterprise
- Windows 10 Pro Education
- Windows 10 Education
According to Microsoft, Intune supports Windows 10 Enterprise LTSC 2019 and later, including features such as Windows Autopilot. However, Windows 10 Update Rings Device profiles do not support LTSC releases. Therefore, you should use a Policy configuration service provider, WSUS, or Configuration Manager for patching.
Limitations
When you deploy a Windows 10 feature updates policy to a device that also receives a Windows 10 update ring policy, review the update ring for the following configurations –
Related Post – Windows 10 Software Update Patching Options with Intune WUfB
- The Feature update deferral period (days) must be set to 0.
- Feature updates for the update ring must be running. They must not be paused.
- Configures the Windows update setting the following Windows 10 Servicing channels –
- Semi-Annual Channel
Note – Beginning with Windows version 1903, the use of the Semi-Annual Channel (Targeted) (SAC-T) is retired. With this change, SAC-T merges with the Semi-Annual Channel.
- Windows 10 feature updates policies cannot be applied during the Autopilot out-of-the-box experience (OOBE). Instead, the policies apply at the first Windows Update scan after a device has finished provisioning, typically a day.
Create and Assign Windows 10 Feature Updates Policy
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Devices > Windows > Windows 10 Feature updates > Create profile.
Specify a name and a description (optional), and for Feature, update to deploy. Then, select the version of Windows with the feature set you want from the drop-down list and select Next.
Under Assignments, choose + Select groups to include and assign the feature updates deployment to one or more device groups. Select Next to continue.
- Review the selected groups and Click Next.
Important—Make sure you’re selecting the correct assigned device group. To validate members, navigate to Groups > All Groups (Search groups) > Select Group > Members.
Review the settings under Review + Create. When ready to save the Windows 10 feature updates policy, select Create.
A notification will appear automatically in the top right-hand corner with the message Windows feature update deployment successfully created and assigned. The created policy will appear here, as shown below.
End-User Experience Windows 10 Version 21H1
In the Windows 10 device, under Windows Update, you can see the policy is applied, and Windows 10 has downloaded the update, is ready to install, and is waiting to restart the computer to finish up.
Reporting
Once the policy is assigned to the device, it will check in and install the Windows 10 21H1 feature update as per the configured policy. You can verify Devices > Windows > Windows 10 feature updates > Select Feature Updates Policy > End-user update status.
Let’s check the Windows 10 feature update Intune report from Intune Portal (Endpoint Manager portal) – Windows 10 Feature Update Intune Report | Endpoint Manager
Troubleshooting
Intune Windows 10 Feature Update Troubleshooting with registry Entries – WUfB Registry Entry – Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState
- WUfB Event Log 1 – Policy – Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
- WUfB Event Log 2 – WUA – Microsoft-Windows-WindowsUpdateClient/Operation
Intune Troubleshooting Windows Update for Business WUfB
Resources
- Windows 10 feature updates policy in Intune
- Free Intune Training for Device Management Admins
Author
Jitesh Kumar has over five years of experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is the Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
@jitesh kumar
can we patchfeature,quality updates to byod windows devices using intune.