Efficient Management of Windows Driver Firmware Updates from Intune Policy

Let’s learn how to manage Windows driver firmware updates from Intune policy. This post guide you to create driver updates policy, Microsoft Intune capability for managing Windows driver firmware updates allows you to control and deploy driver firmware updates to your devices centrally.

Microsoft recently announced the general availability of Windows driver and firmware update management policies and reports in Microsoft Intune. With Intune policy-based management, you can efficiently keep your Windows drivers up to date without the need for manual or scripted tasks.

Firstly, you are relieved from the manual tasks of downloading, repackaging, and deploying drivers using generic tools. Instead, you can leverage driver update management policies and reports integrated with the Windows Update for Business deployment service.

The latest Driver and Firmware management keep Windows drivers up to date on your devices, These new capabilities are part of our Windows Enterprise offerings, providing you with multiple benefits:

• Intelligent servicing helps identify which driver updates are available for devices in the policy.
• Trusted quality is brought to you by prior certification and validation by many device manufacturers.
• More granular controls allow you to pause a deployment of a particular driver.
• Optional drivers and firmware are also available to complement recommended updates.
• Detailed reporting is built into Intune to help you monitor device status, alerts, and recommendations for remediation.
• Windows Autopatch automatically creates driver policies that allow you to roll out drivers and firmware across your deployment rings (unless you opt out of the service), with more granular controls coming later this year.

You can take a look to examine New Driver & Firmware Servicing Architecture for a better understanding of the flow involved in the updated driver and firmware management process, Intune Driver Firmware Update Policies | Review Approve Schedule Suspend Options.

• Learn Microsoft Intune But Why? Get Rid Of Initial Inertia
• Run Remediation Script On-demand For Windows Devices Using Intune

Prerequisites for Driver Update Management

To use Windows Driver Update management, your organization must have the following licenses, subscriptions, and network configurations:

• Intune: Microsoft Intune Plan 1 subscription.
• Azure Active Directory (Azure AD): Azure AD Free (or greater) subscription.

Your organization must have one of the following subscriptions that include a license for Windows Update for Business deployment service:

• Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
• Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
• Windows Virtual Desktop Access E3 or E5
• Microsoft 365 Business Premium

The device must be running with supported Windows 10 or Windows 11 Pro, Enterprise, and Education edition for managing driver update from Intune. Devices must be enrolled in Intune MDM and be Hybrid AD joined, or Azure AD joined.

• Have Telemetry turned on, with a minimum setting of Required.
• The Microsoft Account Sign-In Assistant (wlidsvc) must be able to run. If the service is blocked or set to Disabled, it fails to receive the update. By default, the service is set to Manual (Trigger Start), which allows it to run when needed.
• Have access to the network endpoints required by Intune managed devices.

To ensure driver updates are not blocked, review your policies for the following configurations, By default, both settings use a configuration that will allow Windows driver updates.

• Windows update ring policy: Ensure the Windows driver setting is set to Allow.
• Settings catalog policy: In the Windows Update for Business category, ensure that Exclude WU Drivers in Quality Update is set to Allow Windows Update drivers.

Create Driver Updates Policy for Windows Devices using Intune

You need to follow the steps to create and manage Windows driver update policies with more granular controls in Intune. Here’s how you can manage Windows drivers and firmware updates with Intune.

• Sign in to the Microsoft Intune Admin Center https://Intune.microsoft.com/.
• Navigate to the Devices, In the Policy section, Click on Driver Updates for Windows 10 and later, and select Create Profile to create a new Driver update policy.

On the Basics tab of Create driver update profile, You need to provide the name and description (Optional) recommended to get the profile details you configured in quick view.

When you create a new driver policy, you have two choices for selecting the approved method, you can choose between setting up a policy to approve and deploy updates automatically or manually.

• Automatically approve all recommended drivers and set how long after discovery to start offering them.
• Manually approve drivers and select the day to start offering the update when you approve them. With this option, no drivers are offered until manually approved.

It is recommended to use automatic approval to create a set of deployment rings. This way, driver updates can automatically deploy to your rings without needing to be manually approved. You can still monitor driver updates for quality in your unique environment and pause them in subsequent rings.

Important – After a policy is assigned and created, inventory can take up to 24 hours to populate.

Under Assignments, In Included groups, click Add groups and then choose Select groups to include one or more groups to which you want to target policies. I think targeting is more specific to device manufacturers (HP, Dell, Lenovo, or Microsoft) groups, or phase wise, that allows you to control and manage efficiently.

Here, I included the HP device group since the filtering won’t be possible for now. Differentiating based on the hardware or model might help you to organize or review the details if any action is needed for larger organizations. Once you complete with group assignments, Click Next.

Here you will see the details you provided during the driver update policy creation process. Review your settings and select Create.

Once the Windows driver update deployment policy is created, you will get the status “Windows driver update deployment successfully created.” You will be able to locate the profile in the tab, as shown below.

Name	Assigned	Approval Method
HP ProBook	Yes	Automatic

Once you have created driver update policies, It will take a day to scan the latest updates. By clicking on the device policies, You can review the recommended driver update ready to review if you select manual approval.

The approval method cannot be changed once a policy is created. However, changes to individual driver approvals and deployment details will be possible once an inventory is built for assigned devices.

In the Automatic Policy, The drivers to review will stay at 3 (based on the specified day above) since recommended drivers are automatically approved. This is a great indicator that new drivers have been discovered and are awaiting a decision on whether to approve or decline to deploy those drivers.

You will find similar tabs for the driver update policy for automatic or manual approval with Properties, Recommended drivers, and Other drivers.

Review Available Drivers, Once you have completed setting up a policy for driver updates, the “Drivers to review” column will display the number of newly recommended driver updates that are awaiting manual approval.

This allows you to conveniently assess and approve the appropriate driver updates based on your preferences and requirements. Also, have a look into the following options to control the driver updates with Intune policies.

• Approve
• Schedule
• Suspend

To approve a driver, Select the driver from the Driver name column. Select the Approve option under Actions in the flyout to Manage Driver. Here you need to specify the date to make the driver available to devices when they scan Windows Update.

Monitor and Remediate Issues with Windows Driver Firmware Updates Report

The report you will probably use the most is the Windows Driver Update report. As the Windows Feature Update and Windows Expedited Update reports, this report provides a summary of installed, in-progress, and error devices, along with the per-device detailed status.

To support reports for Windows Driver updates, you must meet the prerequisites, also enable the use of Windows diagnostic data in Intune, and ensure the setting Enable features that require Windows diagnostic data in processor configuration is toggled to On. Here you can enable Windows Diagnostic Data And Licensing Usage.

In Intune Portal, you can find this report under Reports > Windows Updates. Select the Reports tab. Open the Windows Driver Update Report. The report will be updated in some time once the policy is in place. I will monitor and update the details here with the results.

Let’s check more about Intune Windows Driver Update Report – Detailed Review Windows Driver Update Report from Intune

Author

About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.