We're excited to announce the general availability of Windows driver and firmware update management policies and reports in Microsoft Intune!
This new functionality in Intune makes it easier to keep drivers on your Windows devices up to date in two main ways. First, you'll no longer have to do the manual work of downloading, repackaging, and deploying drivers using generic tools. Instead, you can take advantage of driver update management policies and reports built on the Windows Update for Business deployment service.
These new capabilities are part of our Windows Enterprise offerings, providing you with multiple benefits:
Let's explore how you can create and manage driver update policies and reports today!
When you create a new driver policy, you have some choices:
To create a set of deployment rings, we recommend using the following combination of settings:
This way, driver updates can automatically deploy to your rings without needing to be manually approved. You can still monitor driver updates for quality in your unique environment and pause them in subsequent rings, just like feature and quality updates. For more information about deployment rings, see Create a deployment plan.
After configuring these settings, complete the policy creation wizard by assigning the devices to include in this policy.
Once you've created the policy, let devices scan for updates for about a day or so. Then the Drivers to review column will include the count of new recommended driver updates ready to review for manual approval. In an automatic policy, Drivers to review will stay at 0 since recommended drivers are automatically approved. This is a great indicator that new drivers have been discovered and are awaiting a decision whether to approve or decline deploying those drivers.
When you open the policy, you can see both Recommended drivers and Other drivers. To approve a driver, follow these steps:
Note: A recommended driver is Microsoft's best match and is often the newest driver marked by the driver publisher as “automatic” (previously referred to as “required”). Other drivers include drivers that are older than the best match or drivers marked as “manual” (previously referred to as “optional”) by the driver publisher. Only drivers that are currently applicable to one or more devices in the policy are shown. This helps keep the list of drivers focused on the drivers that you can actually install. |
Whether you choose automatic or manual approvals, you can pause any approved driver. Do this to prevent any devices that haven't yet received the update from being offered that update. Find this option for Actions in the same Manage driver flyout as above.
The report you'll probably use the most is the Windows Driver Update report. Like the Windows Feature Update and Windows Expedited Update reports, this report provides a summary of installed, in-progress, and error devices, along with the per-device detailed status. The state of a device shows as downloading, installing, or other. You can find this report under Reports > Windows Updates:
The Windows Driver Update report shows if the device has an alert or problem preventing the update. To discover more details about the failure cause and possible remediations, use the Windows Driver Update Failures report. Find this report under Devices > Monitor. As with the Feature Update and Expedited Update failures reports, clicking the Alert message will open a context panel that includes a more detailed description of the alert and also a recommendation for how to fix or remediate that issue.
Note: To see detailed update status and errors for devices in your reports, Windows diagnostic data must be enabled in your tenant. Toggle this setting on for Intune under Tenant administration > Connectors and tokens > Windows data. |
Try drivers and firmware update management with Intune today and get ready to take full advantage of everything else that’s coming! For a short demo of this capability, and answers to recent questions from the community, I encourage to watch our recent Tech Community Live AMA on Windows updates in Intune: drivers, firmware, and Autopatch.
We're already working on the next big improvements to driver management. While plans may change, this year, we're hoping to deliver the following capabilities:
Also coming later this year– deeper driver controls in Windows Autopatch, including the ability to deploy optional drivers, maintain manual control over driver approvals at the ring level, and to use these functions for your custom Autopatch groups. Read more about groups in this blog post: What's new in Windows Autopatch: May 2023. More information will be available through the Autopatch blog in the coming months.
Want to learn more about the benefits and new capabilities? Check out Coming soon to Intune: Windows driver and firmware updates.
For more information, please see the Intune documentation at https://aka.ms/IntuneDriversDocs.
Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.