Event details
36 Comments
- Pearl-Angeles
Community Manager
In addition to the questions posted on this page, we also answer questions posted in reply to the event on LinkedIn and X (Twitter). Here are the questions we answered:
Question -- Some of my customers are asking, if we unified Autopatch and Windows Update for Business, I still see Windows Update for Business policies in Intune, but I also see Autopatch policies in Intune, as we unify this, where do I set my policy? - answered at 0:51.
Question from the Tech Community -- Hi, how long does it take for a device to see a Windows 11 optional feature update after it has been created in Autopatch? - answered at 1:54.
Question from Tech Community -- Will we be able to assign autopatch rings to users in the near future? - answered at 4:37
Follow up details for question above -- We have a more user/persona centric configuration mindset here. Our device naming schemes(very generic) would not allow us to point updates to IT personnel, or other groups before going more broadly out to users in the other rings. With WuFB, we assigned the rings to the users, and this has worked so that there is no administrative overhead to managing devices(new or replaced devices) in the early release rings and so on. -- answered at 9:03.
Question on X -- Is unified update management a "thing". Related to the unified update platform (UUP) or no? Not sure what this is. - answered at 5:53.
Question from Tech Community -- Is there a way to have a report that shows multiple driver update group results instead of having to go to each one, click on generate report, and wait? - answered at 8:13.
Question from Tech Community -- Are there any plans to introduce a feature in Autopatch that allows for the release of Safeguard Holds? - answered at 9:46. To learn more go to https://aka.ms/safeguardholds
Question from X -- So this is changing where stuff is in Intune and what the panes are called? Nothing really changes for us if we are using WUfB today, but don't want to subscribe to Autopatch? - answered at 13:32.
Follow up question to question above -- What about reporting - does that change at all if I’m not using Autopatch or if I am using Autopatch? Are there different reports for me to use? - answered at 14:41.
Question -- What are some of the questions customers have for you when it comes to Autopatch, Windows update, etc. What do you recommend to your customers? - answered at 15:12.
Question from Tech Community -- Are there any plans to add a "Latest" option to the Feature update policy's "Feature update to deploy" setting of Intune Windows update management? I was wondering why my Intune managed devices were not going to Windows 11 24H2 yet and then remembered this setting still has to be changed manually each time a new H2 release comes out. - answered at 18:13.
Feedback from Tech Community -- Any future improvements coming to the views inside of Intune Driver update profiles/policies? Right now, we can see the number of Applicable devices for a driver, but not what applicable devices they actually are. This would also be great to see in reverse - i.e. one could go look at a Device object in Intune and see what drivers are installed, need review, or were declined (I know Device query exists, but a default view under "Monitor" would be great! - answered at 20:21. What is the best way to help raise awareness of the pain point of driver installation UX? Particularly how they install immediately once WU scans and identifies an approved driver that is applicable, and so frequently require reboots.
This UX is a major hindrance of being able to allow Intune policies to deploy drivers more frequently to keep our devices more up to date (for both security or functionality).
Given that some driver related improvements that were shared during Technical Takeoff still have not been delivered, I'm concerned about lack of priority continually pushing drivers down the list. I'm a huge fan of what's happening with Drivers in Intune, and the progress has been great thus far, we just need to keep going.
(As an aside, I have a comprehensive wishlist (and some identified bugs) for drivers pre-typed up that I'd be happy to share with the appropriate contact, feel free to shoot me an email!)
Thank you for sharing your feedback and for being such an advocate for improving the driver experience! I hear you on the challenges with immediate driver installations and frequent reboots—it’s a valid pain point that impacts deploying updates. Your input highlights the importance of balancing timely updates with a smooth end-user experience.
As the owner of the driver experience, I’d be happy to connect and learn more about the issues you’ve identified and your wishlist. I’ll follow up with you via email to set up time for a deeper discussion.
- Is there an option to deploy selective updates like config manager? is Microsoft considering this option in Intune
- In a co-managed scenario, can we have pilot mode for Windows Update workload which seems to be not available, currently the workload can remain with SCCM or move to Intune
- Per-Larsen
Microsoft
hameeds6
1) Can you elaborate on what kinds of updates you want to pick and choose??
2) It should be possible to put Windows Update workload in pilot - if not please raise a support case.
Do you have some guidelines on what we may be able to implement from Intune to update devices enrolled in Intune that might be out of service for automatic updates because they are on an older version of Windows. Managing global devices, there are some stragglers out there. Looking for an easier remote way to get devices updated automatically thru WUFB or Autopatch.
David_GuyerYou should always be able to update to the latest feature update. IIRC, there are a few cases where you may need to update to the latest Windows 10 before upgrading to Windows 11, depending how old the device is, but otherwise we try really hard to enable a feature update from nearly any older version for exactly this scenario.
-David
Are there any future improvements coming to the views inside of Intune Driver update profiles/policies? Right now, we can see the number of Applicable devices for a driver, but not what applicable devices they actually are. This would also be great to see in reverse - i.e. one could go look at a Device object in Intune and see what drivers are installed, need review, or were declined (I know Device query exists, but a default view under "Monitor" would be much better).
- David_Guyer
jeddy_ Good question, we are exploring the list of Applicable Devices for a driver we can definitely see the value of this insight. Today, one thing some organizations are doing is creating separate policies for specific models of devices, which gives you a pretty good idea which devices a driver update is applicable to, so that's an option to consider, even though it won't work for everyone.
Beter integration under the device view for all Windows Updates stuff is something we are also looking at but don't yet have firm plans for. I think your idea is a good one. Note that will most likely be able to show what driver "updates" are installed, not what drivers are installed... important distinction.HTH,
-David
+1 for this, been waiting for this since Technical Takeoff
Is AutoPatch available for Education licenses?
- Per-Larsen
Yes, it is but look at the docs as we have a few exceptions for A licenses.
Microsoft 365 Business Premium and Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5) do not have access to all Windows Autopatch features. For more information, see Features and capabilities.It would be nice to bridge the feature gap between A3+ and E3+ on Autopatch for the education customes:
https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites?tabs=business-premium-a3-entitlements%2Cbusiness-premium-a3-intune-permissions
I have my test laptops in my test group. They are getting quality updates (today) but I have also deployed Feature updates(24H2) that they are not getting. Any suggestions on how/why?
- David_Guyer
Hi Pat,
There are a number of things to look into. Some things include making sure the devices don't have any safeguard holds in the Devices, Monitor, Feature Update Failures report. Check that they aren't assigned to a policy in Update Rings or Settings Catalog that has a deferral for feature updates long enough to block the update. You can also check the Feature Update readiness and compatibility reports under Reporting, Windows Updates, Reports to see if any blocking compatibilty issues are discovered.
If you want to go a bit deeper, check the appriaser regkeys for the 24H2 (might be Ge) node, and see if it's red or green.
Hope that helps!
-David
Are there any plans to add a "Latest" option to the Feature update policy's "Feature update to deploy" setting of Intune Windows update management? I was wondering why my Intune managed devices were not going to Windows 11 24H2 yet and then remembered this setting still has to be changed manually each time a new H2 release comes out.
- David_Guyer
Hi jeddy_ ,
That's a good suggestion. Internally, we are exploring how to improve the feature update experience in a number of ways, including providing some form of automated approvals, possibly similar to how drivers does it, but better tuned to feature updates and some of the other important aspects unique to managing feature updates. So stay tuned!
-DavidFWIW, that feature already exists in Update Rings. The whole point of Feature Update Policies is to have the level of control that require manual intervention that jeddy_ mentions.
If you want to automatically roll out the latest FU then don't use FUP, just specify a delay in your update rings and all devices will automatically receive the latest FU.
So jeddy_, what functionality are you looking for that Update Rings does not provide?
- Heather_Poulsen
Welcome to Tech Community Live: Windows edition - and today's AMA on unified update management! Post your questions here. Experts will be answering on camera and in the chat.
Are there any plans to introduce a feature in Autopatch that allows for the release of Safeguard Holds?
- David_Guyer
jannesharbecke , I think you are asking about how to ignore or override a safeguard hold. I don't know of any plans to add that directly into the Autopatch experience, its' something that should be done with great care and caution. If you must do so, you can use a Settings Catalog policy to do so... look for disableWufBsafeguards, documented here: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#disablewufbsafeguards
Now, if you are just looking for a feature that shows what safeguards are affecting which devices, you can use the Feature upddate failures report under Devices -> monitor, or the feature update report under Reports -> WIndows Updates -> reports.
HTH,-David
- Per-Larsen
Here is more information on Safeguards Holds
https://techcommunity.microsoft.com/blog/windows-itpro-blog/safeguard-holds-with-the-windows-update-for-business-deployment-service/3590463
