Let’s learn to Windows 11 23H2 Upgrade using Intune Feature Update Deployment Policy. The policy allows you to upgrade to Windows 11 23H2 Intune managed Windows PCs from the existing Windows 10/11 supported version.
Windows 11, version 23H2, aka Windows 11 2023 Update, is available through Windows Server Update Services (WSUS) and Windows Update for Business. If you are updating devices that are already running Windows 11, version 22H2, you can use an enablement package for a fast, easy installation process.
You can upgrade an existing Windows 10/11 device to Windows 11, 23H2 using the Intune feature update deployment. The managed Windows 10/11 devices will receive the policies from Intune.
Windows feature update policies work with your Update rings for Windows 10 and later policies to prevent a device from receiving a Windows feature version that’s later than the value specified in the feature updates policy. You can also use the feature updates policy to upgrade devices that run Windows 10 to Windows 11.
The first step in preparing for a Windows 11 upgrade is to ensure your devices meet the minimum system requirements for Windows 11. You can use Endpoint analytics in Microsoft Intune to determine which of your devices meet the hardware requirements or which devices are not capable of running Windows 11.
- New Features In Microsoft Intune 2310 October Update
- Create Filter Rule For Windows 11 23H2 Devices In Intune
Prerequisites for Windows 11 23H2 Upgrade using WUfB Feature Updates
Let’s find out the prerequisites for Windows 11 23H2 upgrade using WUfB feature updates. The appropriate license should be there Windows 10/11 Enterprise/Education/Virtual Desktop Access or E3 above.
Windows 10/11 Long-Term Servicing Channel (LTSC) and Home editions are not supported for WUfB. In addition to a license for Intune, your organization must have one of the following subscriptions that include a license for Windows Update for Business deployment service:
Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
Windows Virtual Desktop Access E3 or E5
Microsoft 365 Business Premium
- It should be in a supported version of Windows 10/11.
- Feature updates are supported for Windows 10/11 editions: Pro, Enterprise, Education, Education and Pro for Workstations.
- It should be Intune managed, Hybrid Entra ID joined, or Entra ID joined Devices. BYO scenario is not supported.
You will need to have Telemetry turned on with a minimum set to Required. You can configure it from Device Restriction policy -> Reporting and Telemetry -> Share Usage Data.
You also should have the Microsoft Account Sign-in Assistant (wlidsvc) service running manually triggered. The service should not be disabled otherwise, WUfB won’t offer the Windows 11 23H2 feature updates.
Windows 11 23H2 Feature Update Deployment Policy for Upgrade
You will need to use a feature update deployment policy for Windows 11, 23H2 upgrade. The reason for that is it’s a product upgrade (Windows 10 to Windows 11), unlike Windows 10 version upgrade within the same product. The following table gives you a more clear understanding of the different policies.
|WUFB Policy Name||Type of Policy||Result|
|Feature update deferral period (days) policy||Update Ring||Upgrade versions within the same Products (for example, Windows 10 21H1 to 23H2)|
|Feature Deployment Settings policy||Feature Update Deployment||Migrate a Device from one product to another (Windows 10 to Windows 11)|
|Feature Update Deferral Period (Day) Policy||Update Ring||Upgrade versions within the same Products (for example, Windows 11 22H2 to 23H2)|
Upgrade to Windows 11 23H2 using Intune Feature Update Deployment Policy
You will need to create a feature update deployment policy from the Intune portal to upgrade your eligible Windows 10 PCs to Windows 11. The Windows 11, version 23H2 drop-down option is available in Feature Deployment Settings.
You can enable Windows health monitoring and select Windows Update scope to get detailed device states and errors.
- Sign In to Intune Admin Center intune.microsoft.com
- Navigate to Devices – Feature updates for Windows 10 and later. Click on +Create Profile.
On the Basics page, specify the name for feature Update deployment, such as “Windows 11 23H2 Upgrade“. Add a description. Select the feature deployment settings, You also have the option to configure When a device isn’t capable of running Windows 11, install the latest Windows 10 feature update.
- Feature deployment settings – Feature Update to deploy-> Windows 11, version 23H2
- Configure Rollout options to manage when Windows Updates makes the update available to devices that receive this policy. (For more details about rollout options, check below)
Under Assignments, choose + Select groups to include and then assign the feature updates deployment to one or more device groups. Select Next to continue.
You can Create Filter Rule For Windows 11 23H2 Devices to deploy the feature update policy. Windows 11 Microsoft Entra ID groups to upgrade Windows 10/11 devices to Windows 11 version 23h2. Search and select the Entra ID Device Group – Devices in that group will get upgraded to Windows 11 23h2.
Once you are assigned the feature update deployments policy, you can configure the specified deployment settings, make the necessary changes if required, and click on Create to save the policy.
Feature Updates Scheduling Options for Windows 11 23H2
You will get an option to schedule Windows 11 23H2 upgrade (Intune feature update policy). The Windows 11 Intune feature update will allow admins to granularly rollout the Windows 11 23H2 operating system in the coming days.
As per Microsoft, This will replace the deferral options in Update rings and make it much easier to schedule a rollout versus needing to calculate the required deferral days based on the publish date of the update. Intune feature update will have the following three Rollout Options.
- Make Update available as soon as possible (Selected By default)
- Make Update available on a Specific Date
- Make Update Available Gradually
When you select the “Make Update available on a Specific Date” option, the Windows 11 23H2 upgrade will start on the defined date as per admin configuration.
Another granular option that will be made available in the feature update policy is a start and end date configuration. When would you like to make the update available in Windows Updates? You can configure the start date of the Windows 11 23H2 upgrade and the end date of an upgrade as well.
This makes Windows feature updates gradually availability Gradually – This means you will get options to define the start and end date for the Windows 11 23H2 upgrade.
- First group availability – 11/06/2023
- Final Group availability – 11/13/2023
- Days between groups – 7 Days
Troubleshooting Windows 11 23H2 Upgrade Issues
You can troubleshoot Windows 11 23H2 upgrade issues with event logs and registry details. It’s time to check whether the policies are deployed to Windows Devices or Cloud PC. You can Initiate a Manual Intune Policy Sync for troubleshooting purposes.
You can track the event logs for initial troubleshooting inside the targeted Windows devices for Windows 11, version 23H2 upgrade.
- Application and Services logs -> Microsoft -> Windows -> DeviceManagement -> Enterprise-Diagnostics-Provider/Admin.
As explained below, you can also check the registry values related to WUfB policies. Intune WUfB Registry Path (This is the correct Registry key that should be looked into):
The other option to troubleshoot is to check the Update Compliance data from Log Analytic Workspace to get more details of each device’s error message and status. More details -> Update Compliance KQL Queries To Troubleshoot Intune WUfB Patch Deployment issues.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.