Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: Enable Microsoft Store Auto Update Apps through Group PolicyReza answered correctly above. Currently we still have limited controls available for Store. You can find some of the configurations available here: https://learn.microsoft.com/en-us/windows/configuration/stop-employees-from-using-microsoft-storeRe: Unable to install Feature Updates using Intune policiesNote MDM wins over GP is not applicable to any Windows Update policies. You should confirm that no Gorup Policies are configured (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate) Additionally, it looks like you are using the Graph API to offer feature updates. What do the Intune reports say about Offer State? (Aka have these devices been offered the feature update)Re: Log troubleshooting with WUFBThe logs that we use for troubleshooting are: https://learn.microsoft.com/en-us/powershell/module/windowsupdate/get-windowsupdatelog?view=windowsserver2022-psRe: Why do Windows 10 hybrid AD clients with GP disabling Windows Update still get updates?Hello, I would recommend that for these clients you configure the Scan source policy (https://docs.microsoft.com/en-us/windows/deployment/update/wufb-wsus) or since you are still on Windows 10 you can leverage disable dual scan ("Do not allow deferrals to cause scans against Windows Update"). Either of these will prevent updates from being offered from Windows Update. That said, I would recommend against just disabling automatic updates as all that does is prevent devices from automatically scanning, downloading, installing, etc. without end user interaction. Please let me know if you have any further questions! 🙂Re: WUFB & Visual Studio UpdatesToday I don't think VS updates do come through WUfB, but I think they are on their way! Stay tuned. 🙂 (Also I will confirm cause im not 100% confident)Re: WufB - Deadline and Grace PeriodHi! I'd recommend checking out our compliance deadline docs: https://docs.microsoft.com/en-us/windows/deployment/update/wufb-compliancedeadlines Grace period is the number of days from pending restart to forced update update. In this case, you have a 0 day grace period.Re: GPO's DualScan & SetPolicyDrivenUpdateSourceFor<Update Type>Hi! Great question. 🙂 We recommend that you leverage the SetPolicyDriverUpdateSourceFor <UpdateTypes> and unconfigure / not set the "Do not allow update deferral policies to cause scans against Windows Update". Note, "Do not allow update deferral policies --- " is not supported on Windows 11 and on Windows 10 you don't need it once you set PolicyDrivenUpdate source so you can just disable it or not configure it 🙂Re: Windows Feature Update - IntuneCheck out Update Compliance. To manage when feature updates are offered use Intune Feature Update Preview or deferrals. To manage the download, install, restart see the other Windows Update policies.Re: Windows Insider for business with WUFB and Configmgr Hey Stephan, check out our Windows Insider Program docs: Managing preview builds across your organization - Windows Insider Program | Microsoft Docs they also have how to register your tenant and manage. 🙂 Re: Office Hours - WUfB - Device idle and Restart ChecksNope. I wouldn't. This setting was designed specifically to allow cart devices to restart when on the cart overnight. It dramatically hurts compliance. For Kiosk, I would simply remove the notifications and then allow automatic updates to work as expected or just do schedule install time.Re: Office Hours - WUfB - Device idle and Restart ChecksThis is without you configuring anything in Intune (so just use the default which yes is allow).Re: Office Hours - WUFB SecurityWhat points or concerns does your security team have?Re: Office Hours - WUfB - Device idle and Restart ChecksOne Note: By Default - 40%battery or plugged in, not in presentation mode, etc. are all things we check by default before restarting. We will not automatically restart if the device doesn't meet those normal requirements.Re: Office Hours - WUfB - Device idle and Restart ChecksI'd recommend against configuring this in Intune. To be honest, restart checks is really only for education cart PCs, but even then it can result in poor compliance and behavior. David Guyer please feel free to chime in with more info.Re: Office Hours - WUFB - Shared DevicesYou can and should also use the Learning Path for Manage Windows Updates: https://docs.microsoft.com/en-us/learn/modules/m365-windows-manage-cloud-device-updates/Re: Office Hours - WUfB - Microsoft Product UpdatesThis option is NOT required for .NET updates. The security/critical .NET updates will flow with typical Quality Updates for Windows Update for Business customers.Re: Help with GPO/Update settings - Auto Download, Auto Install, Defer Reboot for specific day/time- optional updates are NOT automatically downloaded unless you are in Release Preview. If you want to take every single optional update I'd recommend joining Release Preview. - By default all updates that are automatically offered will download and install automatically. - By default users will be shown a notification once pending reboot. - Which shutdown/restart options? I am not sure what you are asking for here... or why? - So you want to notify the user, but not actually force the reboot or automatically restart overnight until a specific day/time? That is possible, but really not recommended as it will both slow compliance and provide a worse end user experience. If you insist on doing this, then you can use Configure Automatic Updates and set "Schedule install" and configure to the day, time, week you want. Then don't set any other policies and the device will automatically download, install, notify the user, and only force the restart at that time. The only thing this doesn't accomplish is the "Remove normal shutdown/restart options", though partially since I am not sure what that means.Re: Maintenance Time and Active Hours after PatchingHi like Joe said.. you have your active hours configured to be 6am to 6am.. we would recommend instead setting a 6-18 hour window.. Additionally, you can find more information here: https://www.youtube.com/playlist?list=PLMuDtq95SdKsEc_BmAbvwI5l6RPQ2Y2ak And for yet more detailed information here: https://techcommunity.microsoft.com/t5/ignite-video-hub/the-how-to-guide-for-managing-windows-updates/td-p/2177266Re: Handling remote computer when using WSUS for on-prem computersOf course! Why don't you start here: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/optimize-on-premises-monthly-update-delivery-using-the-cloud/ba-p/1483519 I wrote that blog a while back to help customers who were now dealing with mostly remote devices.Re: Is there a way to update users computers via intune?Yes. You can definitely configure policy such that devices are automatically updated. Further, that is also the default behavior as well..
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagAn IT pro’s guide to Windows 11, version 25H2 Explore tools, resources, and a list of features now on by default in the latest Windows feature update. Skilling snack: AI and Windows admin management Learn what you need to manage AI in Windows like a pro, in under an hour! Skilling snack: Get started with AI in Windows Catch up on the latest in Windows and AI! Get started if you haven’t already. AI innovations grounded in transparency and control Manage new AI innovations with built-in controls and policies on Copilot+ PCs. Introducing the Windows 11 Roadmap Welcome to the one-stop shop for upcoming Windows features and improvements. Skilling snack: Using Windows Update for Business Simplify your update management experience with integrated cloud tools and policies. Uninstalling Windows updates on managed devices using Intune Learn how to uninstall different update types using Intune. Commercial control for continuous innovation Explore how you can control when select features introduced via servicing are released to the devices you manage. Preview of Windows 11, version 22H2 now available Windows 11, version 22H2 is now available across all channels for commercial organizations to validate prior to release. Seamless update experience for organizations on Windows 11 Windows 11 will soon enable you to tailor a user-friendly update experience for your organization. Learn more.
MicrosoftMicrosoftMicrosoftMicrosoft
