Initiate Windows Updates devices not logged in by users

dilanmic​ 

Hy

this is really a very nice challenge 😉

Currently, Microsoft Intune does not natively push updates during Out-Of-Box Experience (OOBE) or when no user is logged in. 

Workarounds to Update Devices Without User Logins that you could try, check the community for some Scripts regarding this solutions.

1. Proactive Remediation Scripts
You can use Intune’s Proactive Remediation feature to push a PowerShell script that detects missing critical updates and triggers the update installation, independent of user presence.
These scripts run under the SYSTEM context, so updates can be installed even with no logged-in user as long as the device is powered on and connected to the internet.

2. Scheduled Power-On and Network Connectivity
Ensure that the laptops are powered on and connected to the network periodically while on the shelf. If the devices are off, Intune cannot communicate with or trigger actions on them (including Proactive Remediation).
Some organizations use BIOS settings or wake-on-LAN where possible to periodically power on the devices for updates.

3. Expedite Updates via Update Rings (Limited)
If the laptops are powered on, you can use the Expedite updates option in Windows Update for Business policies set through Intune, but this is still contingent on device check-ins and the Windows Update service running in the background. No login is required, but if the device is asleep or shut down, this won't help

Some references:

https://learn.microsoft.com/en-za/answers/questions/2339383/updates-to-computers-in-intune

https://thisismydemo.cloud/post/2023-01-31-intunes-proactive-remediations/

https://github.com/ChanderManiPandey2022/Intune-to-Trigger-Windows-Check-for-Update/blob/main/Trigger%20Windows%20Check%20for%20Update%20Detection%20Script.ps1

Good luck!