In this post, you will see how to upgrade to Windows 10 21H1 with Intune WUfB Feature Update policy. Intune Windows Update for Business (WUfB) Feature Update Policy enables IT, administrators, to keep the Windows 10 devices updated with the latest security defenses and Windows features by directly connecting these systems to the Windows Update service.
WUfB lets you control update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization.
Types of Intune Policy to Manage Windows Updates
Intune provides the following policy types to manage updates, which you assign to groups of devices:
- Windows 10 update ring: This policy is a collection of settings that configures when Windows 10 updates get installed. Update ring policies are supported for devices that run Windows 10 version 1607 or later.
- Windows 10 feature updates (public preview): This policy updates device to the Windows version you specify, and then freezes the feature set version on those devices. This version freeze remains in place until you choose to update them to a later Windows version. While the feature version remains static, devices can continue to install quality and security updates that are available for their feature version. Feature updates policies are supported for devices that run Windows 10 version 1709 or later.
Explore Video Guide From HTMD Free Intune Training Intune Policy & Patching Configuration for Windows Update for Business and more..!!
Prerequisites for Windows 10 Feature Updates Policy
- The device must be running Windows 10 version 1709 or later.
- The device must be enrolled in Intune and should be Hybrid AD joined or Azure AD joined.
- The device must have telemetry turned on, with a minimum setting of Basic.
- Feature updates are supported for the following Windows 10 editions –
- Windows 10 Pro
- Windows 10 Enterprise
- Windows 10 Pro Education
- Windows 10 Education
According to Microsoft, Intune supports Windows 10 Enterprise LTSC 2019 and later. This includes support for features such as Windows Autopilot. However, note that Windows 10 Update Rings Device profiles do not support LTSC releases. Therefore you should use a Policy configuration service provider, WSUS, or Configuration Manager for patching.
Limitations
When you deploy a Windows 10 feature updates policy to a device that also receives a Windows 10 update ring policy, review the update ring for the following configurations –
Related Post – Windows 10 Software Update Patching Options with Intune WUfB
- The Feature update deferral period (days) must be set to 0.
- Feature updates for the update ring must be running. They must not be paused.
- Configures the Windows update setting the following Windows 10 Servicing channels –
- Semi-Annual Channel
Note – Beginning with Windows version 1903, the use of the Semi-Annual Channel (targeted) (SAC-T) is retired. With this change, SAC-T merges with the Semi-Annual Channel.
- Windows 10 feature updates policies cannot be applied during the Autopilot out-of-the-box experience (OOBE). Instead, the policies apply at the first Windows Update scan after a device has finished provisioning, typically a day.
Create and Assign Windows 10 Feature Updates Policy
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Devices > Windows > Windows 10 Feature updates > Create profile.
- Specify a name, a description (optional), and for Feature, update to deploy, select the version of Windows with the feature set you want from the drop-down list, and then select Next.
- Under Assignments, choose + Select groups to include and then assign the feature updates deployment to one or more device groups. Select Next to continue.
- Review the selected groups and Click Next.
Important – Make sure you’re selecting the correct assigned device group. To validate members, you can navigate to Groups > All Groups (Search groups) > Select Group > Members.
- Under Review + create, review the settings. When ready to save the Windows 10 feature updates policy, select Create.
A notification will appear automatically in the top right-hand corner with the message Windows feature update deployment successfully created and assigned. The created policy will appear here, as shown below.
End-User Experience Windows 10 Version 21H1
In the windows 10 device under Window Update, You can see the policy is applied and windows 10 is downloaded the update, ready to install, and waiting to restart the computer to finish up.
Reporting
Once the policy is assigned to the device, the device will check in and install the Windows 10 21H1 feature update as per configured policy. You can verify Devices > Windows > Windows 10 feature updates > Select Feature Updates Policy > End-user update status.
Let’s check the Windows 10 feature update Intune report from Intune Portal (Endpoint Manager portal) – Windows 10 Feature Update Intune Report | Endpoint Manager
Troubleshooting
Intune Windows 10 Feature Update Troubleshooting with registry Entries – WUfB Registry Entry – Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState
- WUfB Event Log 1 – Policy – Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
- WUfB Event Log 2 – WUA – Microsoft-Windows-WindowsUpdateClient/Operation
Intune Troubleshooting Windows Update for Business WUfB
Resources
- Windows 10 feature updates policy in Intune
- Free Intune Training for Device Management Admins