User Profile
David_Guyer
MicrosoftJoined Oct 31, 2019
User Widgets
Recent Discussions
Re: Windows 11 Offering on SCCM managed devices
The policy for blocking the button isn't available in Configuration Manager, so you are right, the approach is to set the https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-setdisableuxwuaccess Group Policy.2.9KViews0likes0CommentsRe: Windows 11 Offering on SCCM managed devices
Are you setting any Windows Update for Business polices on the device, or using Feature update policies in Intune? Either approach should prevent Win11 from being offered. To disable the Check for Updates button, you can set the "Option to check for Windows updates" to Disabled HTH -DG3KViews1like2CommentsRe: Upgrading to Windows 11 with WUfB\Intune
I haven't heard of that kind of problem in quite a while, except in cases when a device wipe or reset is used that doesn't use an option that keeps the device enrolled in management. But for normal day to day, devices are only offered what's been approved.2.9KViews0likes0CommentsRe: Connectivity data for Update compliance
Yes, the InsufficientUpdateCompliance alert is available today in Feature and Expedited update reports in Intune... I've seen them in my own test tenant. And I do plan to have that data available for regular, non-expedited, quality updates in the future. You do need to have enabled the Windows Health Monitoring policy with the Windows Updates scope for those alerts to be available. Time for cumulative updates turns out to be variable, depending on how current the device is, how fast the network connection is, and other device resources, so the same criteria is used to identify insufficient update connectivity devices. HTH, -David Guyer929Views0likes0CommentsRe: Upgrading to Windows 11 with WUfB\Intune
nlmitchell absolutely, Feature Update profiles are designed to keep devices on the targeted feature update until the device is assigned to a feature update profile with a newer feature update version. So we recommend NOT setting the TargetReleaseVersion property when using feature update policies, as they can conflict with each other. HTH, -David Guyer3KViews1like2CommentsRe: Windows 11 Offering on SCCM managed devices
lalanc01 , it would help to understand more of what you are trying to accomplish, and with which tools. From the title, it looks like you want to prevent end users from getting Windows 11 as an optional update when they click the Check for Updates button. For managed devices, meaning have WUfB or ConfigMgr on the device, Windows 11 won't be offered until it's approved. I also wanted to check if you are using co-mnagement and/or Intune, since the method to disable the check for updates button on either platform is different. -David Guyer3KViews1like4CommentsRe: Update Compliance stale devices
lalanc01 , there are two things probably still affecting your data. One is that if the devices still have the commercial Id used for Update Compliance, they will still report in your Update Compliance reports, until that commercial Id is removed. After that, data is retained for 28 days. So, the first step is to remove the commercial Id. Coming soon, Update Compliance will use AAD tenant or device Id's instead, and so removing a device from AAD tenants should remove them from Update Compliance once that takes effect. HTH1.1KViews1like0CommentsRe: WUfB - Update Baseline / Best Practise
Kevin Schmid On Vacation is an example of why Grace Period is useful on top of the deadline. Here's how it works... Deadline starts measuring from when the update was available, so if you have a 7 day deferral, and a 7 day deadline, then the deadline is 14 days after the update is released. Grace period starts measuring from when the device reaches ready to restart. So, if you have a 3 day grace period, and the device reaches ready to restart a week after it's available, then the Grace Period ends 10 days after it's available. The restart is enforced at the latter date of these two settings. So, in this case, the restart would be enforced 14 days after it's available. However, consider a case where someone is on vacation the 2 weeks after the update is availalbe, so they turn on their machine on day 14. The deadline has passed, so the device works to get updated as fast as possible, but since the user is working on their first day after vacation, forcing them to restart in the middle of the day is a bit harsh, so the grace period kicks in and gives them 3 days to restart , automatically outside of active hours or when they schedule it, before enforcing the restart. They work together to ensure a good, balanced end user experience that keeps them happy, while also keeping admins happy since devices are kept secure on a reasonable timeline. HTH2.5KViews0likes0CommentsRe: WUfB - Update Baseline / Best Practise
Remind me later essentially causes the notification to come up again the following day, unless on the last day of a deadline, in which case it can be faster than that. The other thing it does prior to the deadline is enable the automatic restarts outside of active hours, to try to restart the device when the user is not using the it. Naturally, restart now means right away, and schedule a time allows the user to specify the time the restart will occur, rather than letting the system use the auto restart outside of active hours behavior. The upside of this option is that less idle/busy checks are done since the user has indicated "restart at this time", though if the user is at the device at that time they can reschedule to prevent productivity loss. The downside is that if the user schedules a time, forgets, and then puts the device to hibernation, or turns it off, then they often get confused why it didn't restart at the scheduled time. HTH2.6KViews0likes2CommentsRe: Firmware and Driver updates for third party devices
I don't know about Teams Admin centre specifically. The new Drivers management policy type we are working on in Intune will enable deployment of drivers that are published to Windows Update and delivered to Windows Devices. HTH, -DG891Views0likes0CommentsRe: WUfB & Driver/Firmware Management
It is something we are working on bringing as the next big Windows Update feature in Intune. I'm hoping we'll be ready for public release towards end of the year. Keep an eye on the Windows IT Pro Blog and we'll be announcing when it's ready!1.3KViews1like0CommentsRe: WUfB - Update Baseline / Best Practise
Kevin Schmid A new article has recently been published that answers just that question, The Windows Update policies you should set and why - Microsoft Tech Community In short, for what you've described, the default settings + configuring the deadline settings should give you what you are looking for. Default settings utilize Active hours, and even allow end users to specify their own active hours, or let Intelligent Active Hours find or recommend great settings for each user. And our default notifications provide a daily reminder until the deadline+grace period are reached and then provide a couple more reminders before restarting. HTH -David2.7KViews2likes6CommentsRe: Doc UpdateVelocity's DetectionFrequency
This policy is only impactful if using WSUS. It can help to ensure devices scan and are able to start updates sooner once approved, but will also increase load to your servers and network traffic. When a device is on the default frequency, then if a device isn't on or connected during the scheduled scan time, it will automatically scan the next time the user logs in.695Views0likes0CommentsRe: Upgrading to Windows 11
That is a good point. You do want to ensure the devices are fully in the Feature update profile before removing the TargetReleaseVersion setting. The best way to do that is to check the Feature update report and see that the device is listed in the report. -David2.4KViews1like2CommentsRe: Upgrading to Windows 11
That's a great question. I'm not sure and will ask to find out what happens when you remove a specific policy setting, and what it sets the client to... I'm not sure... so to be safe, I'd leave the setting in the configuration policy, but set the value to a blank/empty string. Once you are confident that change has been deployed to all your devices, then it's definitely safe to remove the configuration policy. -David2.4KViews1like4CommentsRe: Upgrading to Windows 11
nlmitchell , Using a feature update profile and the Target Release Version will actually conflict, so if you are using the feature update profiles, I'd recommend clearing the TRV policy. And, you can keep devices on your target feature update using the feature update profiles as well. Even better, you get update reporting with feature update profiles. I have not seen the autopilot issue you describe. I'd recommend removing the Target Release Version and see if you are still seeing the autopilot issue. -David2.4KViews0likes6CommentsRe: W10 Feature Upgrades offered to users regardless of WU Settings?
pdlt3 I recommend that you reach out to support so we can dive into specifically what's happening, since there are mixed signals. If you are using Windows Update for Business and Feature Update deferrals, or you are using Feature update profiles in Intune, then feature updates would not show up as optional. Approved updates are treated as required. In addition, the max deferral for feature updates would be 1 year, so devices managed this way should not be on anything older than 21H1. Support can help dive into your settings in your admin tool, the settings on the device, and can figure out what changes are needed to get the desired behavior. Another option, is to follow the recommended settings in this Manage Windows updates in the cloud - Learn | Microsoft Docs HTH, -David911Views0likes3Comments
