Windows 10 Software Update Patching Options with Intune WUfB

2
Win 10 patching with Intune

In this post, you will get more details about Windows 10 Software Update Patching Options with Intune. How do you patch Windows 10 devices managed with Intune? Microsoft Software Update Patching process for Intune admins. Intune helps to configure Windows Update for Business (WUfB) policies to patch.

Introduction

Software update deployment with IntuneMicrosoft Intune provides management of Window 10 Update Rings to enable Windows as a Service, via the Software Updates feature. This enrols a Windows PC into Windows Update for Business to manage feature and quality updates the device receives and how quickly it updates to a new release.

Software update deployment with Intune is very easy, few steps configuration, profiles creation and deployment and all done, in this blog post I will be describing about the how to configure the windows update deployment through Intune on Windows 10 devices which are enrolled with Windows auto pilot.

Update rings are policies you that you assign to groups of devices.

Altaro Office 365 Backup
Advertisement Altaro Office 365 Backup

prerequisites

The following prerequisites must be fulfill to use Windows updates feature for Windows 10 devices in Intune

  • Windows 10 device must be running on 1607 version or later.

Create windows update policy

To create the policy for software update you need to Microsoft Intune – Overview and software updates then click on Software updates, you will see the blade like following

Software Update Patching Options with Intune
Software Update Patching Options with Intune

Click on Windows 10 update ring then click on create

Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune

In update settings you will see lot of settings which need to be configured.

1) In Servicing channel you will see semi-annual channel, semi-annual channel (Targeted), Windows insider-Fast, Windows insider-slow and Windows insider-preview updates. based on the your requirement and organization need you have to select the update servicing, here I have selected semi-annual channel.

2) Next is you need to configure number of days for quality update and feature update differ time, from how many days these update will install after release.

User Experience Setting

User experience settings are those setting which you configure to provide better experience for end users and they can do their day to day work without any interruption.

first settings is automatic update behavior where you have to configure how updates will install on your devices, its either install automatic or notify the users for download the updates, install the updates in maintenance time, or install the updates automatic and restart the device in schedule time.

next setting is you have to provide is active start time and active end time, these are very important to configure the maintenance window for installation of updates.

Next is restart checks, which means you can configure the restart checked either for the battery power up to 40% or something else, you can skip this setting.

if you want users has to approve for computer restart post update installation then you can enable this setting and user can approve for computer restart,

Configure all the settings like servicing channel, product, deriver updates if you want to deploy them on windows 10 devices, update deferral periods, user experience settings, deadline for updates and most important setting auto reboot settings. all the settings are very important I would say and all of them would be required for all the organization but they would be different for them based on the security policies.

Software Update Patching Options with Intune
Software Update Patching Options with Intune

Update ring assignment is very easy, you have to look into right hand and you have to select the group where your windows 10 devices are added and you need to update them.

I wanted to update on my all windows autopilot devices so I have selected the windows autopilot group.

Windows 10 Software Update Patching Options with Intune WUfB 1
Windows 10 Software Update Patching Options with Intune WUfB 2

in next window review all the settings which you have configured and click on create.

When I check my windows 10 device and window update, I can see the policy are applied and windows 10 is downloading the update, which is really fast,

Windows 10 Software Update Patching Options with Intune WUfB 3

Once its installed and I checked in Intune console and I can see following dashboard,

Windows 10 Software Update Patching Options with Intune WUfB 4
Windows 10 Software Update Patching Options with Intune WUfB 5

Manage windows 10 update rings

In the Intune portal go to device > Windows > Windows 10 update rings > and select the policy which you want to manage, you can view the status of ring assignment.

Here you can see following options.

  • Delete
  • Pause
  • Resume
  • Extend

Delete: Delete setting you can use if you want to remove any configured ring from Intune, while deleting you need to understand, deleting ring will not remove/modify settings which are already assigned to the devices.  

Pause: Pause setting can be used when you want to pause any update on the device and that can be done up to 35 days from the deployment. after 35 days pause setting will expire automatically and device will scan updates automatically for the applicable updates.

Resume: If you have paused any update ring then you can use this setting to resume the updates.

Extend: if any update/ring is paused then you can use this setting to extend the pause for  another 35 days of periods.

Windows 10 Software Update Patching Options with Intune WUfB 6

Resources

2 COMMENTS

  1. I have configured the updates to install at scheduled time, every day at 3am. What we encounter is that some devices still have update from september on install pending status. Next to that when in the policy we go to end User status a lot of user status have failed status. Any guidance for a good working update ring? Cause we have some updates on install pending State.

    • Same here and wondering the same thing. We have ours set to SAC with scheduled time at 3AM. I know several that are using surface devices and rarely restart. Curious which setting would be the best approach to remediate this pending state.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.