Forum Discussion
How is your company managing driver updates via Intune?
Hey folks,
I’m currently reviewing our driver update strategy for Windows 11 devices managed via Intune. As you probably know, using Windows Update for Business (WUfB) gives us two main options for driver updates:
- Automatically allow drivers via WUfB
- Manually approve drivers via Intune + Windows Update for Business deployment service (WUfB-DS)
Each approach has its own pros and cons:
- Automatic driver updates are great for keeping everything up to date with minimal effort, but they come with risks. We’ve seen networking components randomly break after an update, or newer GPU drivers triggering application compatibility issues. Definitely not zero-risk.
- Manual approval, on the other hand, gives you control and helps avoid surprises, but it also introduces operational overhead: identifying needed drivers, testing, scheduling approvals, and communicating with users — all of that takes time and effort.
We’re debating internally whether the automation risk is worth the convenience, or if the manual path is the only safe option in an enterprise setting.
So I’m curious:
How is your company handling this?
Are you letting Windows install driver updates automatically?
Or are you manually controlling which drivers get deployed — and if so, how are you handling the process and workload?
Would love to hear your thoughts, especially if you’ve found a good balance or process that works well in production!
Thanks in advance!
3 Replies
Hello,
Bogdan is right. User ring-based deyployment methods or Vendo Tools:For example:
HP Devices:
you can use HP Image Assistant and execute it silent with a PowerShell Script:Source: https://h30434.www3.hp.com/t5/Commercial-PC-Software/HP-Image-Assistant-Silently-Update-Drivers/td-p/6892674
We tested the following recently:- First install HP Image Assistent
- PS: HPImageAssistant.exe /Operation:Analyze /Category:All /Selection:AutoInstallable /Action:Install /SoftpaqDownloadFolder:C\HIPA /Silent
- Deploy it with MDM
LENOVO:
Use Lenovo System Update and do it silently.
Source:
https://forums.lenovo.com/t5/Enterprise-Client-Management/Is-there-a-way-to-more-silently-install-updates-that-force-a-reboot-in-Lenovo-System-Update/m-p/5136613
DELL:
Dell Command
Source:
https://www.dell.com/support/manuals/de-at/command-update-v3.0/dcu_ug_win10_v3.0/download-and-install-driver-libraries?guid=guid-3e92e469-59bc-4884-9e40-d157a5377cfc&lang=en-us
BR,
Hy,
yes you are right, Automatic updates can sometimes introduce unexpected problems—such as network failures or software incompatibility due to newer drivers, we all had this kind of issues, but also the driver delivered in Intune are very basic.
Why not a tiered/ring-based deployment model?
- Pilot or IT-Test Ring: A small group of non-critical or IT user devices receives automatic driver updates immediately. This allows real-world testing and early detection of issues.
- Broader User Ring(s): Once validated, updates are either automatically or manually approved for larger sets of users.
- Production Ring: Critical devices receive driver updates last, often only after administrator approval and sufficient real-world validation
Or you could go with Vendor Tools: OEM tools (Dell Command, Lenovo System Update, HP Image Assistant)
If you would like a solution for HP let me know and ill be glad to share with you this solution.
Good luck!
Hi,
maybe Driver Automation Tool is something for your. https://github.com/maurice-daly/DriverAutomationTool. We used it for Endpoint Configuration Manager and Intune. There is a new version coming with new features.If you are using HP or Dell Devices, use HP Connect or Dell Management Portal in Intune to manage BIOS/UEFI Updates. It works fine.
BR
