Event banner
Event details
54 Comments
- Heather_Poulsen
Community Manager
When I create a new Feature Update policy, I can choose "Make update available gradually" and assign that to groups. My question is (maybe I missed the answer, if so, sorry for that): MS does the calculation with AI when setting the AllowWUfBCloudProcessing policy, but am I able to control, when a device is updated, if I do not set the policy? Or is it then not possible to use the gradual rollout?
Thanks
David_GuyerMicrosoft
For Gradual Rollout, there are two options. The "Intelligent" rollout, when using AllowWUfBCloudProcessing policy, and the "standard" gradual rollout. In either case, there are no settings or controls so that you can control when a specific device is updated. When you use the standard gradual rollout, the order of which devices the update is made available to is random. Hope this clarifies for you.
David_Guyer - Hello, would you please confirm if "Feature updates for Windows 10 and later (preview)" is controlled under the co-management workload slider "Windows Update Policies"
Thank you!
- David_GuyerThat's actually a very interesting question, and one that causes a lot of confusion, so I'll do my best to make it simple. The co-management slider primarily controls whether the Update Rings profiles are able to set policy on the device. If the WU co-management slider is set to Config Manager, then config manager has the authority to configure the Windows Update policies on the device (via GP). If the slider is set to Intune, then Intune has the authority to configure Windows Update policies on the device (via MDM). The Feature update profiles do not use MDM, they use the cloud-based Windows Update for Business deployment service instead. And so they do not depend on the co-management slider setting. What they DO depend on is that the device is configured to get updates from Windows Update in the Internet... so if the device is set to scan for updates from WSUS, or DisableDualScan is enabled, or the new scan source policy for feature update is set to WSUS, then the device won't talk to Windows Update in the Internet, and so the Feature Update profiles in Intune can't manage which updates and when. That said, a best practice is to go ahead and move the slider, after you set up your policies in Intune, and manage the client policies from Intune as well... but there is some flexibility in exactly how you get there. I hope this helps!
Hi David_Guyer, thank you for the very detailed response; very helpful.
I deployed a "Feature updates for Windows 10 and later" policy to many of my clients in the interest of pre-staging everything for when I add devices to the workload slider pilot collection. To my surprise, it started deploying to everyone (per the monitoring reports). Based on what you said, I can breathe a little easier now because my clients have DisableDualScan enabled (until they are dropped into the pilot collection, and then it's disabled). I thought everything WUfB was covered under the slider; this clarification helps.
Thanks again! Great session.
- We have started to deploy our Gradual Rollout for Windows 11 22H2, but the Target OS version for Windows 11 22H2 appears to be missing from the Windows Feature Update Device Readiness Report and the Windows Feature Update Compatibility Risks Report. Is there any other place to figure out why some devices in the Gradual Rollout have safeguard holds? Thanks
- David_GuyerWe've made some bug fixes recently that are rolling out in Intune 2210 so that safeguard holds will be available in the failures reports under Devices -> Monitor -> Feature update failures. HTH!
The Windows 10 -> Windows 11 upgrade is a risky task with a more significant impact on the user. The Update Ring option "Upgrade Windows 10 devices to Latest Windows 11 release" feels lackluster, and it's not feasible to deploy gradually without completely redesigning your Update Rings.
The Windows 10 -> Windows 11 upgrade could benefit from the same deployment options that you're providing in "Feature updates for Windows 10 and later (preview)"- David_GuyerWe provided the option in update rings for those customers who did not want to use Feature update profiles, even though using the Feature update profiles is our recommended approach.... mostly for the reasons you cited... better control over which updates are provided to which devices, and when. So, if you want better control, Feature update profiles is there to help!
Hey David_Guyer, thank you for responding to me. So are you stating that a configuration like this..
..where both policies are deployed to the same group will upgrade a Windows 10 device to Windows 11 22H2? Or do I need to check the "Upgrade Windows 10 devices to Latest Windows 11 release" box to pass the Windows 10 > Windows 11 upgrade control to the Feature Update profile? (Similar to how you set the deferral period to 0 days to pass Feature Update control to the Feature Update Profile.)
Thank you!
- Can you confirm I understood the recommendation correctly. Quality updates should have update rings with different defferal periods shorter for pilot users and longer for broader users. Then feature updates should be set to 0 for all types of users, with feature updates controlled manually by a dedicated feature update policy? Thanks
- David_GuyerYes, exactly!
- Is there a way to download the slide deck?
- Dave RandallSlide decks are not available for download.
- So is it better to use The feature updates for windows 10 and later (preview) for feature updates and update rings for all other updates?
- David_GuyerMy recommendation is to use feature update profiles for feature updates because you get much better control over which feature updates are delivered and when, as well as the better reporting available.
- will we be able to see reports of machines getting updates through update rings?
- David_GuyerHi Lucas, Unfortunately it's very difficult to get the kind of specific per-device per-update reporting for the update rings that we have for feature and expedited updates. That said, we are looking very closely at how we can expand the kind of capabilities in feature and expedited updates to other update types, including the reporting. Stay tuned! In the meantime, consider using the new WUfB-Reports: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-windows-update-for-business-reports/ba-p/3650956
- Heather_Poulsen
We’re happy you’re here with us at the Microsoft Technical Takeoff! Whether you are attending one session or many, please take this 2-minute survey and let us know your thoughts on this event.
We’ll continue to answer questions here in the chat for the rest of the half hour and we’ll check back throughout the week. For bonus content, make sure to check out our Technical Takeoff Demo Channel!
