Event banner
Event details
84 Comments
For Update Rings within Intune, is there (now or the future) a way to defer WU driver updates x #of days separately from quality and feature updates?
Also - What happens if a scan/install is missed due to a machine being asleep or offline? (+assuming it doesn't have network access via Modern Standby, or requires VPN, etc.) Does it just skip entirely, or run immediately once network access is restored?
David_GuyerMicrosoft
For the second part, typically scans are about once every 24 hours, and if that is missed, happens pretty shortly after the device awakens again.- David_GuyerToday, no "deferral" capability for drivers in Update Rings... that capability is included in the Drivers management feature that is currently in Private Preview in Intune, and also in the graph. So, stay tuned, we are working on it!
- Why do Defender antimalware engine updates don't receive reboot notifications while a reboot is required due to compliance based on risk score (MDE)?
- AriaUpdatedThis is a great question and something we are looking into! Hopefully in future all update related reboots will follow a similar flow. 🙂
- Thanks Aria, looking foward to have that improved!
- What CSP setting in Intune controls/sets the "intelligent update" mechanism that determines the best time to install + reboot a Windows Update? Thanks!
AlinaSiemborThe "smart scheduling" mechanism described in the video is the default experience. So, unless you explicitly set policies overriding it (like "always install at specific scheduled time" to manually pick a time) you will get it.- Hi Alina and Aria. So leave "AllowAutoUpdate" set to "Not Configured?" I felt obligated to set "AllowAutoUpdate" to overwrite "Configure Automatic Update." However, in the previous session, I learned that this CSP does not 'win' over the older GPO. So do I need to deploy a script to remove the old "Configure Automatic Update" GPO value in the registry? I want to utilize the intelligent update mechanism, but I feel the documentation to do so when migrating from SCCM/WSUS to WUfB/Intune is missing this part. Thank you! 🙂
- AriaUpdatedSo the intelligent update mechanism is on by default. That said, if you configure Active Hours it will override the intelligently calculated active hours.
- Heather_Poulsen
Community Manager
We’re happy you’re here with us at the Microsoft Technical Takeoff! Whether you are attending one session or many, please take this 2-minute survey and let us know your thoughts on this event.
We’ll continue to answer questions here in the chat for the rest of the half hour and we’ll check back throughout the week. And make sure to check out bonus demos on our Technical Takeoff Demo Channel! - How safe is delivery optimization. Specifically, where devices are allowed to pull updates from nearby devices. We have a security auditing company that is telling us to turn it off because devices could potentially get harmful/manipulated updates from devices in an unsafe environment.
- Joe_LurieGreat question, Rob. We have an AMA scheduled with the whole DO team on Thursday: https://techcommunity.microsoft.com/t5/windows-events/ama-delivery-optimization-amp-connected-cache/ec-p/3652965. Would be great to bring this up with that team.
Allready posted it in the comments there. Will join on Thursday!
- Heather_Poulsen
Joining Aria today are Alina Siembor, Shawn Thieke, and Prateek Garg
- Will we ever see any improvements to the built-in notification dialogs when updates or restarts are required? I'd LOVE to be able to present a dialog that takes over the screen until a decision has been made by the user, maybe with an option to postpone for a period of time. Toast notifications are too easy to miss.
Shawn_ThiekeWe currently have 3 levels of notifications for Windows Desktop machines: System Tray, Toasts, and Dialogs. Depending on the type of notification, and the urgency of the message, we choose the appropriate surface to use for display so that we inform the users, while minimizing disruptions to users actually using their devices. Our current dialogs for the most part do block the user from using the device until they take action, which is why they are used sparingly, and they have been doing this since Windows 10.- The Windows 11 prompt takes over the full screen assuming you're using the default Windows update notifications option.
- This is also my question.
- Hi, is there a way that users can be notified when download starts/finishes? Same for installs? Thks
- AriaUpdatedHi Stephane, a user could tell this by looking at the settings page. Why do you want the notifications for each of these?
- Where in the settings page would we see this? I guess it's more for troubleshooting than notifications. So if it's visible on the device or on UC, that could help. For the end-user notifications, it's more so that the user is aware that is system might be slower because updates are installing (we have some devices/users than run heavy workloads, so knowing when it happens (like in sccm they can start the install when they want before the deadline) . Thks
- Heather_Poulsen
Welcome to When is my device going to update? Today's presentation will be short and sweet so.....have a question? Post it here in the Comments. Subject matter experts will be answering during the half hour and throughout the week.
- Recently had issue with Paloalto GlobalProtect SSL VPN and Windows OOB Update (October last week!) resolved. We were able to Add this update manually to our WSUS server for deployment\supersededence. If we were on Autopatch or cloud only, we would be SOL? SOL?
- David_GuyerToday, non-Security Out of Band releases are not manageable in the cloud, using Windows Updates for Business in Intune for example, (and that will include Autopatch). We are looking at how we can enable these to be able to be made available through those tools.
