Event details
MicrosoftNothing has specifically changed other than the feature being opt-in instead of opt-in. Configuration remains exactly the same as previously shared (within the ESP profile). This is for quality updates only, not feature updates -- there is no current information to share on the development or delivery of feature update installation during provisioning.
As for when the updates are applied, they are applied immediately at the very end of OOBE. They do not occur during the technician phase of pre-provisioning. Pre-provisioned devices will still have the updates applied if the device is opted-in, this just won't happen until the end of OOBE the same as user provisioning.
Thanks for getting back to me Jason_Sandys , much appreciated.
Out of interest, are there any plans to allow updates to apply during the pre-prov stage before the device is resealed.
We will be working with a supplier that will do the pre-provisioning of the devices before they then get shipped out directly to our end users. Having updates apply during the user provisioning stage will only increase the time it takes for the end user to get to the windows desktop. From a security perspective, it would be much more secure having them apply during pre-prov stage, that way it arrives with the end user up to date.
I can see a trade off between device security and end user experience on the horizon for us if i'm honest.
- Jason_Sandys
At this time, no there are no plans to enable update installation directly in the technician phase of pre-provisioning.
I don't disagree with your assessment and the possible impact. The current design was ultimately driven by many technical factors.
For your scenario, as long as the supplier starts with a newly imaged device, it should have the latest cumulative update already installed.
Ok, thanks for confirming.
I don't disagree with the supplier starting with a newly imaged device, however we accept the vanilla OS that comes from the OEM, no imaging takes place. The device is then pre-provisioned using Autopilot, resealed and sent out to the user to complete the user OOBE stage and start using the device. We then modify the OS through various apps and Intune Config Profiles once it's in place. So how out of date the OS is all depends on the OEM that we receive the devices from.
The time difference between OEM to supplier and supplier to user is likely to be longer in the first instance, hence applying updates during pre-prov would be highly beneficial.
We'll have to implement on a test group when it becomes available again and see how long they take to apply in User OOBE, subsequently delaying the user being able to use their device. It may be that we just have to allow it through and then let WUfB policies apply the updates in the background once the user is at the desktop.