Event banner
Event details
Long question, saved it for after the session:
Is there any thought of having an option of delaying updates (both security and general updates) and have a pre-production / production granularity via Intune? Example: Microsoft releases an update today for general consumption. Desire is to delay by X days for Collection A of workstations, delay by Y days for Collection B. Once the delay is past, then download and install the update for Collection A. And then have the toast notification built into it for pending reboot (we currently use a script that checks pending reboot > 7, then toast)
Purpose is that we are paranoid and do not enjoy "cutting edge patching". We've seen Microsoft release a patch and then pull it completely a few days afterwards. This signals that the patch was faulty or negatively affected users, which reduces our confidence in installing the patch immediately after release. So desire of granular control of patching.
When a zero day hits, Microsoft releases KB, we can go to the Intune portal and manually approve and trigger the update and bypassing the delay, and then get a report when KB __________ has been installed on _________ workstations. ___% of workstations have the patch applied.
#askingtoomuch
David_Guyer
Microsoft
MicrosoftThat is exactly the approach we recommend. Today, in Intune, you would do this by creating multiple Update Rings policies... and in each one you use the Quality Update deferral that sets that delay up, and assign the set of devices to get the update in that timeframe. For feature updates, you can also create multiple policies with different start dates and device assignments to be able to verify the quality of the update with a limited and specific group of devices.
HTH!