Windows 10 Software Update Patching Options with Intune WUfB

In this post, you will get more details about Windows 10 Software Update Patching Options with Intune. How do you patch Windows 10 devices managed with Intune? Microsoft Software Update Patching process for Intune admins. Intune helps to configure Windows Update for Business (WUfB) policies to patch.

We have explained the troubleshooting methods to identify the issue with event logs and registry keys in the following blog post https://howtomanagedevices.com/intune/2319/uninstall-windows-10-feature-update/.

Introduction

Software update deployment with IntuneMicrosoft Intune provides Window 10 Update Rings management to enable Windows as a Service via the Software Updates feature. This enrolls a Windows PC into Windows Update for Business to manage feature and quality updates the device receives and how quickly it updates to new releases.

Software update deployment with Intune is straightforward, few steps configuration, profiles creation, and deployment and all done.

Patch My PC

In this blog post, I will be describing how to configure the windows update deployment through Intune on Windows 10 devices that are enrolled with Windows autopilot. Update rings are policies that you assign to groups of devices.

Prerequisites

The following prerequisites must be fulfilled to use the Windows updates feature for Windows 10 devices in Intune.

  • Windows 10 device must be running on 1607 version or later.

Create windows update policy

To create the policy for software updates, you need to Microsoft Intune – Overview and software updates, then click on Software updates, you will see the blade-like following.

1E Nomad
Software Update Patching Options with Intune
Software Update Patching Options with Intune

Click on Windows 10 update ring, then click on create

Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune
Software Update Patching Options with Intune

In update settings, you will see a lot of settings that need to be configured.

1) In Servicing channel, you will see the semi-annual channel, semi-annual channel (Targeted), Windows insider-Fast, Windows insider-slow, and Windows insider-preview updates. Based on your requirement and the organization’s need, you have to select the update servicing; here, I have selected a semi-annual channel.

2) Next, you need to configure several days for a quality update and feature update at different times, from how many days these updates will install after release.

User Experience Setting

User experience settings are those settings you configure to provide a better experience for end-users, and they can do their day-to-day work without any interruption.

The first setting is automatic update behavior, where you have to configure how updates will install on your devices. It either installs automatically or notifies the users to download the updates, install updates in maintenance time, or install the updates automatically and restart the device in schedule time.

The next setting is you have to provide active start time and active end time; these are very important to configure the maintenance window for installing updates.

Next is restart checks, which means you can configure the restart checked either for the battery power up to 40% or something else; you can skip this setting.

if you want users to have to approve for computer restart post update installation, then you can enable this setting, and the user can approve for a computer restart,

Configure all the settings like servicing channel, product, deriver updates if you want to deploy them on Windows 10 devices, update deferral periods, user experience settings, the deadline for updates, and most importantly, setting auto-reboot settings. All the settings are critical, I would say, and all of them would be required for all the organizations, but they would be different for them based on the security policies.

Software Update Patching Options with Intune
Software Update Patching Options with Intune

Update ring assignment is straightforward, you have to look into the right hand, and you have to select the group where your windows 10 devices are added, and you need to update them.

I wanted to update you on all my windows autopilot devices, so I have selected the windows autopilot group.

Windows 10 Software Update Patching Options with Intune WUfB 1
Windows 10 Software Update Patching Options with Intune WUfB 13
Windows 10 Software Update Patching Options with Intune WUfB 2
Windows 10 Software Update Patching Options with Intune WUfB 14

In the next window, review all the settings which you have configured and click on create.

When I check my windows 10 device and window update, I can see the policy are applied, and windows 10 is downloading the update, which is really fast,

Windows 10 Software Update Patching Options with Intune WUfB 3
Windows 10 Software Update Patching Options with Intune WUfB 15

Once it’s installed, and I checked in Intune console, and I can see the following dashboard,

Windows 10 Software Update Patching Options with Intune WUfB 4
Windows 10 Software Update Patching Options with Intune WUfB 16
Windows 10 Software Update Patching Options with Intune WUfB 5
Windows 10 Software Update Patching Options with Intune WUfB 17

Manage windows 10 update rings

In the Intune portal, go to device > Windows > Windows 10 update rings > and select the policy you want to manage; you can view the status of ring assignment.

Here you can see the following options.

  • Delete
  • Pause
  • Resume
  • Extend

Delete: Delete setting you can use if you want to remove any configured ring from Intune; while deleting, you need to unders that theand, deleting ring will not remove/modify settiare already assigned to the devices.  

Pause: The pause setting can be used when you want to pause any update on the device, which can be done up to 35 days from the deployment. After 35 days, the pause setting will expire automatically, and the device will scan updates for applicable updates.

Resume: If you have paused any update ring, you can use this setting to resume the updates.

Extend: if any update/ring is pushed, you can use this setting to extend the pause for another 35 eds.

Windows 10 Software Update Patching Options with Intune WUfB 6
Windows 10 Software Update Patching Options with Intune WUfB 18

Resources