AMA: Windows update and driver management

Thanks all for your participation in this AMA! Here are the questions our panelists answered during the session and associated timestamps: 

Question – How do we patch devices that are on all day everyday but can only be patched and restarted during the weekends?  And if it misses the update&restart during that weekend, to try again the next weekend.  Basically, not patch and restart during weekdays at all.  Is that even possible with WUfB/Autopatch?  - answered at 1:48. 

Question - What are your favorite feature areas within Autopatch? - answered at 3:08. 

Question – What types of controls do we maintain with Autopatch? - answered at 6:45.

Question – In Intune how can we pause a single Windows Update? At the moment it seems we can only pause ALL updates or NONE? - answered at 9:58.

Question – Will autopatch ever allow user scoping/assignment as opposed to devices? For some of our rings, especially the first groups.. there are hundreds of app owners associated to catch any issues. For now, we are just using the old wufb way of deploying and configuring update rings and assign to user groups based on roles.- answered at 11:58.

Question – What’s new with hotpatching? - answered at 12:51.

Question – Are there any additional cost for Hotpatch updates or is it included if they have Intune licenses? - answered at 14:18.

Question - Can you share more details about Autopatch licenses? - answered at 15:56.

Question - Is there a possibility to automatically enroll the new device in an update ring if you change the device for a user? - answered at 16:36.

Question – Any chance that hotpatch will support ARM64 with CHPE still enabled to avoid perf and app compat issues that may be introduced as a result of disabling CHPE? - answered at 17:59.

Question – Can we please move the installation of drivers in windows to a pre or post user phase (during boot up, or shutdown) to avoid issues driver installs cause while the user is in session such as audio and video interruptions - answered at 19:18.

Feedback – Currently, it's difficult to identify and differentiate between Out-of-Band (OOB) updates when using the Expedite installation of quality updates feature in Intune. To improve clarity and avoid confusion, is it possible to display the corresponding Knowledge Base (KB) numbers alongside each update in the dropdown menu? – answered at 20:33. 

• To share feedback, please go to aka.ms/IntuneFeedback

Question – What is the best case scenario and how should the setup be done for driver management? Best practices to share? Key issues you noticed with customers? – answered at 22:29. 

Question – One of our customers has read about checkpoint cumulative updates – can someone please explain what a checkpoint cumulative update does? - answered at 27:58.  

We'd like the drivers to be there after Autopilot pre-provisioning. I don't want a bunch of drivers landing after the user has signed in for the first time. Is this available, or on the roadmap?

Thank you for joining us! Q&A will be open through 12:00 Pacific Time this Friday. Keep your questions coming and we'll keep working to get you the answers you need to manage Windows updates and drivers with greater ease.

Can you please describe the hotpatch feature and how it differentiates from legacy autopatch workflow?

Is it possible to make sure drivers land during the Windows Update reboot phase? When display adapter drivers land it can cause the screen to go blank, and network adapters can result in interruption to service.

If there is a mix of 23H2/24H2 devices in the same newly created Windows Update Ring, will it cause any issues? i.e. is hotpatching clever enough to only target the 24H2 computers in the Ring?

Any chance that hotpatch will support ARM64 with CHPE still enabled to avoid perf and app compat issues that may be introduced as a result of disabling CHPE?

To add to the question on installing on a scheduled day, from a real-world scenario, we have implemented Autopatch groups and specified scheduled install days (Wednesday, Thursdays, etc..) but what we are seeing is that machines miss the install day and/or they do get it installed but never reboot. How can we find out why the machine is not rebooting? Of course, deadline/grace-period is the best option, but then this forces the install during active hours which might not be ideal so curious if there are any other options? I did create a new App in Intune which creates a Scheduled Tasks that looks for specific registry keys in the middle of the night and forces a reboot, but this did NOT work for Feature Updates as it reboots and never installs unless it is manually rebooted. 

Appreciate it in advance!

Is there a possibility to get automatically the new device in an update ring if you change the device for a user?

Can someone please explain what does the Checkpoint cumulative update do? https://learn.microsoft.com/en-us/windows/deployment/update/catalog-checkpoint-cumulative-updates
We are seeing brand new devices failing Windows Updates right out of the box once at the desktop.