Event details
Security and compliance aren’t standing still—and neither is Intune. With new features, enforcement changes, SDK requirements, and evolving security expectations arriving at a rapid pace, IT teams ar...
Heather_Poulsen
Updated Jun 19, 2026
dfuell
Jun 23, 2026Copper Contributor
Driver / firmware updates via Autopatch when an OEM has a competing tool (e.g., Dell Command Update) — is it recommend to run both, pick one, or a specific hybrid pattern?
Is it possible use filters within AutoPatch rings to target only specific OEM devices?
- Andre Della MonicaJun 23, 2026
Microsoft
Great question, dfuell
The overall recommendation is to let Autopatch own drivers and firmware through its ring-based deployment. Start with Manual approval mode for BIOS/firmware so you can review each update and use Automatic mode for standard drivers.
- Autopatch Driver/Firmware vs. OEM Tools (e.g., Dell Command Update)
- The recommended approach is to pick one primary authority per device population for the same driver/firmware categories and avoid running both Autopatch and an OEM tool managing the same content on the same devices simultaneously.
- Running both can cause conflicts: overlapping driver content from Windows Update and the OEM catalog, duplicate reboots, and inconsistent change-control tracking.
That said, a hybrid pattern can work:
- Windows Quality & Feature Updates, use Windows Autopatch
- General drivers (chipset, network, GPU, etc.), use Autopatch Driver Updates (Automatic or Manual mode)
- BIOS: Autopatch does not deploy BIOS updates, this remains an OEM-tool responsibility.
- On Targeting Specific OEM Devices within Autopatch Rings:
- Yes, absolutely. You can achieve OEM-specific targeting through a combination of:
- Intune Assignment Filters: Create a filter using the device.manufacturer property (e.g., device.manufacturer -eq "Dell Inc.") to ensure driver policies or Dell Command Update only apply to Dell devices. You can also use device.model to target specific model families (e.g., Latitude vs. OptiPlex).
- OEM-specific Entra ID groups: Create dynamic device groups per-OEM (manufacturer = Dell, HP, Lenovo), then map those groups to dedicated Autopatch deployment rings.
- Dedicated Autopatch groups per-OEM: You can create separate Autopatch groups for different OEM fleets, each with their own ring topology and driver approval strategy. For example, a Dell-specific group with rings like Test - Ring 1 - Ring 2 - Last.
- Yes, absolutely. You can achieve OEM-specific targeting through a combination of:
Hope this helps!