Event banner
Event details
84 Comments
- I wonder when any device managed by Intune is going to do anything. They are blackholes unless I can connect to them remotely, which I can't because we can't afford E5 licenses for everyone.
- As it applies to Windows Updates ... it's all about setting deadlines. Use deadlines and you know when stuff will happen. Sort of. The problem is that you won't necessarily know when stuff gets released. Yea, we have Patch Week B (Patch Tuesday) which is fairly reliable but there's others (ex OOB) that you can't really know ahead of time. So if you need change approvals that can be difficult because there's nothing central telling you what exactly was released when.
David_GuyerMicrosoft
Hi rejohnson , could you describe a bit more the black holes you are describing? If you've enabled Windows Updates in the Windows Health Monitoring policy, you should be getting details of when devices are downloading or waiting to restart, as well as client side errors in the reports in Intune.
- We have deployed around 70 Intune/Autopilot devices. The issue I am encountering is how to schedule the reboot of these devices after Windows updates have been installed. Customers ignore the Your device requires a reboot icon in the System Tray (Or miss it completely). What is the best method for notifying a user that a reboot is required and even potentially forcing a countdown. These devices are full AAD joined running Windows 10 Enterprise.
- You want to use deadlines which I believe has been the default for some time. The 'we're gonna reboot you in X minutes' warning I don't think exists yet but I know it's feedback they've heard before.
- Agree with Rob, in update profile you can set "Auto reboot before deadline". Have deployed a proactive remedeation to alert user with a Toast notification if machine has not beed rebooted in X Days, (we use 5). Search for "a toast notification to display warning if device not rebooted" and you will find a good example of the script.
- Thank you both for pointing me in a direction.
Use Windows Update for Business and specifically the Deadline settings, I would say. Then people will be forced to reboot their devices after x amount of days.
- Does Intune include any capability to troubleshoot and attempt to remediate failed Windows updates?
- David_GuyerYes. Use the Feature update failures, or Expedited update failures reports under Devices -> Monitor to see the alerts and errors for each device. You can click on the alert and get a better description of the issue and it's causes, as well as recommended remediations.
- You could take a look at Update Compliance. https://learn.microsoft.com/en-us/windows/deployment/update/update-compliance-get-started
- In short, the answer is no. Setting up compliance dashboard does require additional effort and also linking it to an Azure Subscription. I am on the same boat as the discussion posted by Thomas. We talk about how to apply updates and using orchestrated effort through WUfB however none of this will work if the underlying subsystem or update components are unhealthy. Looking for ways that this service can provide either self-healing measures or some sort of additional tools that can be used.
- Let say someone wanted to monitor the decision engine code choosing when to scan, download, install, and/or reboot in real-time ... how would you suggest going about such a thing?
- AriaUpdatedThey would wait for us to make logs that tell them all of that information in real-time.... Bryan. 😉
- Flips 'Days since having real-time logs' wall calendar one more page.
- My question is regarding updating from Win10 to Win11. Is it possible to make Windows 11 available to users, but not automatically update unless they choose to?
- David_GuyerToday I've seen other's create an "opt-in" tool, either via a web- page, or e-mail, etc... and those that opt-in are added to an AAD Group for the Win11 update. Otherwise, today, there isn't a way for an admin to make it available optionally... something we are taking a look at, however 🙂
- AriaUpdatedGreat question! Today that is only possible if you leave the device in an unmanaged state or put the device into Release Preview (which you can do via policy). However, that is a great feature request for future! 🙂
- Hello, please let us know if we could somehow set a "Blackout Window" in Intune. We really need this option to be available.
- David_GuyerBuilding on Aria's reply: If you are looking for dates to not do updates (in addition to Active Hours, which is daily hours to not do updates), the way to do it today is to use Pause for a little while. Making those schedulable is a good idea and something we hope to do sometime.
- AriaUpdatedSo the inverse of Active hours is essentially a "blackout window" for example until deadline is reached the device will not try to restart until outside of active hours. Does this help? Or can you clarify what you are looking for? 🙂
- Really looking forward to this event. Espacilly because of clients still stuck in 1909. Maybee we could altough get information about which drivers from Microsoft Update Catalog are tagged "automatic", which is relevant to know if they will get installed by Autopatch?
