Event banner

AMA: Managing Windows updates

Event Ended
Wednesday, Jun 05, 2024, 09:30 AM PDT
Online

Event details

Managing updates across an organization doesn’t have to be complicated. Have questions on how to control update offerings and experiences? Want to know the best ways to test on a subset of devices be...
Heather_Poulsen
Updated Dec 27, 2024
AMA
Tech Community Live
BlueSakura's avatar
BlueSakura
Brass Contributor
Jun 05, 2024
For Devices in Intune, is there going to be an option to have the device check for updates? There's Update Windows Defender Security Intelligence, but not regular Windows Updates. It would be great to be able to kick off a manual Windows update scan from the device overview.
  • Joe_Lurie's avatar
    Joe_Lurie
    Icon for Microsoft rankMicrosoft
    Jun 05, 2024

    BlueSakura Thanks for the question. If you haven't heard, we are working on a "Device Query" in Intune (much like SCCM's CMPivot) which will allow you to query a device and then take an action. So you can kick off a real-time scan and then update, or reboot, or whatever the action needed is...directly from the Intune admin center. For more information on Device Query, see here: Device query in Microsoft Intune | Microsoft Learn

  • Jason_Sandys's avatar
    Jason_Sandys
    Icon for Microsoft rankMicrosoft
    Jun 05, 2024
    Can you expand on the scenario you are trying to address here? A scan from the Settings app can be initiated by the end user. Is there something else you are looking for here?
    • BlueSakura's avatar
      BlueSakura
      Brass Contributor
      Jun 05, 2024
      Kind of like how MECM has options for the local client we can force a client to pull a machine policy, check for Application Deployments, update user policy, evaluate Software Updates deployment, etc.... A sync won't necessarily force an update scan immediately.
    • BlueSakura's avatar
      BlueSakura
      Brass Contributor
      Jun 05, 2024
      For a similar scenario that you'd want to do a Sync, Restart, Update Defender Intelligence. Yes, it should automatically update, synchronize, and do reboot, but this does not always occur. If a device is online yes, we could reach out to the end user. By taking the user out of it we should be able to more quickly force a device to update if it isn't for whatever reason without relying on a user to do it. Device Query looks nice, but without a license for an advanced analytics we can't do it. Not to be difficult or anything but yes most of these things can be done by users or through management, but there's always exceptions and things happen which sometimes require intervention. That's what these tools and actions are for.
      • JoeLentz's avatar
        JoeLentz
        Copper Contributor
        Jun 05, 2024

        BlueSakura Agree with you here on having a simple option with the GUI. If you're looking for a free option, I've used a "remediation" script to kick off an update scan which is effectively the same as the end user manually clicking "Check for Updates". Which you can manually run from the Intune device page.  Of course your reboot deadlines would have to be relied on for that. start-process C:\windows\system32\UsoClient.exe -ArgumentList "startinteractivescan"

Date and Time
Jun 5, 20249:30 AM - 10:30 AM PDT