Event details
Security and compliance aren’t standing still—and neither is Intune. With new features, enforcement changes, SDK requirements, and evolving security expectations arriving at a rapid pace, IT teams ar...
Heather_Poulsen
Updated Jun 19, 2026
dfuell
Jun 23, 2026Copper Contributor
Driver / firmware updates via Autopatch when an OEM has a competing tool (e.g., Dell Command Update) — is it recommend to run both, pick one, or a specific hybrid pattern?
Is it possible use filters within AutoPatch rings to target only specific OEM devices?
Andre Della Monica
Microsoft
Jun 23, 2026Great question, dfuell
The overall recommendation is to let Autopatch own drivers and firmware through its ring-based deployment. Start with Manual approval mode for BIOS/firmware so you can review each update and use Automatic mode for standard drivers.
- Autopatch Driver/Firmware vs. OEM Tools (e.g., Dell Command Update)
- The recommended approach is to pick one primary authority per device population for the same driver/firmware categories and avoid running both Autopatch and an OEM tool managing the same content on the same devices simultaneously.
- Running both can cause conflicts: overlapping driver content from Windows Update and the OEM catalog, duplicate reboots, and inconsistent change-control tracking.
That said, a hybrid pattern can work:
- Windows Quality & Feature Updates, use Windows Autopatch
- General drivers (chipset, network, GPU, etc.), use Autopatch Driver Updates (Automatic or Manual mode)
- BIOS: Autopatch does not deploy BIOS updates, this remains an OEM-tool responsibility.
- On Targeting Specific OEM Devices within Autopatch Rings:
- Yes, absolutely. You can achieve OEM-specific targeting through a combination of:
- Intune Assignment Filters: Create a filter using the device.manufacturer property (e.g., device.manufacturer -eq "Dell Inc.") to ensure driver policies or Dell Command Update only apply to Dell devices. You can also use device.model to target specific model families (e.g., Latitude vs. OptiPlex).
- OEM-specific Entra ID groups: Create dynamic device groups per-OEM (manufacturer = Dell, HP, Lenovo), then map those groups to dedicated Autopatch deployment rings.
- Dedicated Autopatch groups per-OEM: You can create separate Autopatch groups for different OEM fleets, each with their own ring topology and driver approval strategy. For example, a Dell-specific group with rings like Test - Ring 1 - Ring 2 - Last.
- Yes, absolutely. You can achieve OEM-specific targeting through a combination of:
Hope this helps!