User Profile
AriaUpdated
Joined 8 years ago
User Widgets
Recent Discussions
Re: Enable Microsoft Store Auto Update Apps through Group Policy
Reza answered correctly above. Currently we still have limited controls available for Store. You can find some of the configurations available here: https://learn.microsoft.com/en-us/windows/configuration/stop-employees-from-using-microsoft-store17KViews0likes2CommentsRe: Unable to install Feature Updates using Intune policies
Note MDM wins over GP is not applicable to any Windows Update policies. You should confirm that no Gorup Policies are configured (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate) Additionally, it looks like you are using the Graph API to offer feature updates. What do the Intune reports say about Offer State? (Aka have these devices been offered the feature update)2.8KViews2likes0CommentsRe: Why do Windows 10 hybrid AD clients with GP disabling Windows Update still get updates?
Hello, I would recommend that for these clients you configure the Scan source policy (https://docs.microsoft.com/en-us/windows/deployment/update/wufb-wsus) or since you are still on Windows 10 you can leverage disable dual scan ("Do not allow deferrals to cause scans against Windows Update"). Either of these will prevent updates from being offered from Windows Update. That said, I would recommend against just disabling automatic updates as all that does is prevent devices from automatically scanning, downloading, installing, etc. without end user interaction. Please let me know if you have any further questions! 🙂1.1KViews3likes0CommentsRe: WufB - Deadline and Grace Period
Hi! I'd recommend checking out our compliance deadline docs: https://docs.microsoft.com/en-us/windows/deployment/update/wufb-compliancedeadlines Grace period is the number of days from pending restart to forced update update. In this case, you have a 0 day grace period.4.7KViews0likes0CommentsRe: GPO's DualScan & SetPolicyDrivenUpdateSourceFor<Update Type>
Hi! Great question. 🙂 We recommend that you leverage the SetPolicyDriverUpdateSourceFor <UpdateTypes> and unconfigure / not set the "Do not allow update deferral policies to cause scans against Windows Update". Note, "Do not allow update deferral policies --- " is not supported on Windows 11 and on Windows 10 you don't need it once you set PolicyDrivenUpdate source so you can just disable it or not configure it 🙂3.3KViews0likes0CommentsRe: Office Hours - WUfB - Device idle and Restart Checks
Nope. I wouldn't. This setting was designed specifically to allow cart devices to restart when on the cart overnight. It dramatically hurts compliance. For Kiosk, I would simply remove the notifications and then allow automatic updates to work as expected or just do schedule install time.1.8KViews0likes1CommentRe: Office Hours - WUfB - Device idle and Restart Checks
One Note: By Default - 40%battery or plugged in, not in presentation mode, etc. are all things we check by default before restarting. We will not automatically restart if the device doesn't meet those normal requirements.1.8KViews0likes1CommentRe: Office Hours - WUfB - Device idle and Restart Checks
I'd recommend against configuring this in Intune. To be honest, restart checks is really only for education cart PCs, but even then it can result in poor compliance and behavior. David Guyer please feel free to chime in with more info.1.8KViews0likes3CommentsRe: Help with GPO/Update settings - Auto Download, Auto Install, Defer Reboot for specific day/time
- optional updates are NOT automatically downloaded unless you are in Release Preview. If you want to take every single optional update I'd recommend joining Release Preview. - By default all updates that are automatically offered will download and install automatically. - By default users will be shown a notification once pending reboot. - Which shutdown/restart options? I am not sure what you are asking for here... or why? - So you want to notify the user, but not actually force the reboot or automatically restart overnight until a specific day/time? That is possible, but really not recommended as it will both slow compliance and provide a worse end user experience. If you insist on doing this, then you can use Configure Automatic Updates and set "Schedule install" and configure to the day, time, week you want. Then don't set any other policies and the device will automatically download, install, notify the user, and only force the restart at that time. The only thing this doesn't accomplish is the "Remove normal shutdown/restart options", though partially since I am not sure what that means.2.4KViews1like3CommentsRe: Maintenance Time and Active Hours after Patching
Hi like Joe said.. you have your active hours configured to be 6am to 6am.. we would recommend instead setting a 6-18 hour window.. Additionally, you can find more information here: https://www.youtube.com/playlist?list=PLMuDtq95SdKsEc_BmAbvwI5l6RPQ2Y2ak And for yet more detailed information here: https://techcommunity.microsoft.com/t5/ignite-video-hub/the-how-to-guide-for-managing-windows-updates/td-p/2177266973Views0likes2CommentsRe: Handling remote computer when using WSUS for on-prem computers
Of course! Why don't you start here: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/optimize-on-premises-monthly-update-delivery-using-the-cloud/ba-p/1483519 I wrote that blog a while back to help customers who were now dealing with mostly remote devices.1.5KViews1like1Comment