Event banner
Event details
THIS Quality Update REPORT IS MUCH NEEDED!!!!!!! When will this be available?
David_GuyerMicrosoft
I'm so glad you like the new Quality Update reports! It's in early preview stages now, and we are hoping, depending on the feedback and quality we measure, to make it more broadly available early next year. Stay tuned to Intune's What's New to find out when it's being released!
- Love the Windows Update updates! Just saw the Quality Update report and was reminded, every month, I have to manually update the expected Windows version for our Compliance policy that ensures our PCs have their latest Quality Update applied. I would love it if this were automated in some way. Would your team be a good place to send that feedback? If not, how best should I suggest it?
- David_Guyer
treestryder , you just have! I agree, updating that manually every month is not fun and so we do have on our list to look into how to better automate that compliance policy setting. Would you prefer if it were to automatically update the version... or rather would you like it better if we changed the input so that you can say "Quality Updates released within the last [you specify] days are compliant"?
Currently, every "Patch Tuesday", I set the values to latest version numbers once the Windows release page has been updated (see policy screenshot below). This policy has a 7 day grace period.
If I had to convert this to days, I might have to set it to "31".
My main concern is ensuring Windows Update is working on the PC and will update as soon as it can. This is the best way I found to ensure it is.
- Any plans to allow automatically approve drivers based on different hardware classes? E.g. I'd like to automatically approve network drivers, but not BIOS updates.
Monty0120We are currently looking at how we can provide more options to approve drivers based on certain criteria like you mentioned hardware class or manufacturer etc. We are still gathering more info on requirements, having said we would like to gather some info from you like what the experience be, something like in driver policy, ability to choose "this set of drivers" automatically approve, rest manual? and can change this criteria etc?- Right, @Panu (and I, and many others) would love to have ConfigMgr ADRs for drivers. In Panu's scenario, that would allow him to automatically deploy less-concerning drivers like network drivers without also YOLO'ing BIOS updates that deserve more attention. Part of the problem there, as I understand it, is the metadata. The driver class is a free-text field that the OEM/IHVs can enter in anything they want. However, what most admins have in mind is where that hardware/driver shows up in Device Manager.
- Understand WIN 10 to WIN 11 update (gradual/on demand)
- Angie_ChenHi Brian, we just introduced a feature in Intune designed to make it easier to upgrade eligible devices from Windows 10 to Windows 11. When you create your feature update profile (Feature Updates for Windows 10 and later), you will be able to offer your chosen Windows 11 version to Win11-eligible devices and automatically offer the latest Windows 10 (Windows 10 ver. 22H2) to any Win11-ineligible devices. You can learn more about using this feature here: https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-feature-updates#upgrade-devices-to-windows-11
- Will this ever make it to GCC tennants?
- Would using HP Image assistant running with a remediation to update HP drivers cause any issues with also having Intune updating drivers?
- Joe_Lurie
Ali11CH Because HP Image Assistant is a 3rd party tool, we can't comment on whether or not you'll see any issues. However, we strongly encourage you to talk to your account rep at HP to let them know you'd love for them to ensure their drivers are available to be deployed via Intune (if they aren't already) so you can keep your driver management in Intune with your OS updates and management.
- We're very much looking forward to these improvements. Thanks!
How does this setting...
...Work in conjunction with this setting? Does the QU ring setting have to be enabled for this FU setting to work? Since the FU ring setting is based on Win10 --> Win11, does it function at all if the QU ring setting is No.
Thanks!
- David_GuyerThe setting in Update Rings policies is there for those customers who do not want to use feature update policies for any reason. They are not intended to be used together. We recommend using the feature update polices because they offer benefits like gradual rollouts, starting on a specified date, specifying the version, and reporting... not to mention the new feature that will also ensure devices not eligible for Windows 11 are update to the latest Windows 10 22H2 release (something the Update Ring setting does not do). So, when using the Feature update policies, leave the Upgrade Windows 10 devices to Latest Windows 11 release setting to No, so that the feature update policy can do it's magic. Hope that helps.
- Hey David, this helps. We've often found that the Update Ring policies affect update policies in other scenarios, such as feature updates, driver updates, etc. So, thank you for clarifying. Can you please confirm one last thing? So, if the Update Ring policy "Upgrade Windows 10 devices to Latest Windows 11 release" is set to no, and then you deploy a Feature Update targeting Win 11 23H2 to a Windows 10 device (that is W11 capable), will it upgrade the device? Many thanks!
- Char_Cheesman
Community Manager
Welcome to The latest on managing Windows updates in Microsoft Intune and the second annual Microsoft Technical Takeoff for Windows + Intune! Have a question? Post here in the Comments so we can help. Let’s make this an active Q&A!
Lately, our biggest problem with Windows Updates might be caused by driver updates. I say "might be" as, that is the problem… it is hard to tell.
The details are vague, even from our PC techs. And it is hard to remotely (or at least without local administrative rights) diagnose vague and intermittent hardware problems. And, yes, we have a growing collection of vague and intermittent hardware problems.
I know drivers are managed by manufactures and that we can set deferrals or pause them via Intune.
My questions related to Windows Update troubleshooting are the following:
- Is it possible to correlate a driver ID found in the WindowsUpdate.log to a specific entry in the Microsoft Update Catalog? We have found them not to be searchable and replacing the GUID on a driver entry with one does not return anything. Searching by Hardware ID finds pages and pages of potential hits. Here is an example that returns 40 pages of hits. Many pages of the same version number, presumably because Intel published it repeatedly for each PC manufacturer.
https://www.catalog.update.microsoft.com/Search.aspx?q=PCI%5CVEN_8086%26DEV_1A1C - Are all drivers that will upadte via Windows Update visible in the Microsoft Update Catalog? Just before Driver Update Policies gave us more visibility, we had a driver install that could not be found by any means in the Catalog.
- Is there anything else we should be doing besides attempting to contact the hardware manufacturer (where the first levels of support folks are often unaware their drivers are being installed and updated via Windows Update) and submitting an incident through Windows Feedback Hub?
- Ryan_Williams
Hello Nathan. Thank you for the feedback!
- Our platform is designed to automatically identify all applicable updates that are newer than what is currently installed on your devices, which typically eliminates the need for manual correlation with the Update Catalog. Can you share more about what information you are hoping to get from the Windows Update catalog about the driver that is installed?
- While there is significant overlap, the Update Catalog and Windows Update are not identical repositories. Publishers have the discretion to choose where they list their updates, which means some updates may appear in one and not the other. This choice can be influenced by factors such as the intended audience or specific update strategies. Thus, it's possible for an update to be distributed through Windows Update without being listed in the Catalog.
- In dealing with driver updates via Windows Update, you can employ standard troubleshooting methods to address installation and deployment issues. These techniques include reviewing update logs, rolling back recent updates, or using the built-in troubleshooter. If you're encountering specific problems, contacting the hardware manufacturer is a recommended step, although the initial support levels may not have detailed distribution information. Additionally, submitting detailed incident through the Windows Feedback Hub is the best way to engage our engineering teams for support.
- ryan_playdoe, I think a key use case here would be to further troubleshoot on other devices. Let's say I've deployed driver X to a testing ring and it goes poorly. Ok, now I'd like to dig in and try manually installing that driver.
- Is it possible to correlate a driver ID found in the WindowsUpdate.log to a specific entry in the Microsoft Update Catalog? We have found them not to be searchable and replacing the GUID on a driver entry with one does not return anything. Searching by Hardware ID finds pages and pages of potential hits. Here is an example that returns 40 pages of hits. Many pages of the same version number, presumably because Intel published it repeatedly for each PC manufacturer.
- Char_Cheesman
Thanks for joining us! We hope you enjoyed this session. If you missed the live broadcast, don’t worry – you can watch it on demand. And we’ll continue to answer questions here in the chat through the end of the week. There's more great content in store at the Microsoft Technical Takeoff! What do you like about the event so far? Share your feedback and help shape the direction of future events on the Tech Community!
