We’re excited to announce a new capability in Intune and the Windows Update for Business deployment service to simplify your Windows 11 upgrade experience. If determining eligibility for Windows 11 has been a challenge for your organization, and you want to help protect your devices with the latest Windows feature updates, this is a great solution for you. No longer will you need to worry about creating and maintaining eligibility groups. Let’s dive into the details.
Deploy Windows 11 and Windows 10, version 22H2 feature updates together
Previously, you had to consider eligibility when creating a Windows 11 feature update deployment in Intune or Windows Update for Business deployment service via Microsoft Graph API. For any devices in the deployment that were unable to run Windows 11, you created a separate Windows 10 feature update deployment and excluded the Windows 10 devices from the Windows 11 policy.
Today, you can bundle a Windows 11 upgrade and Windows 10, version 22H2 feature update together in a single deployment. Simply create your Windows 11 deployment as usual and opt to install the latest Windows 10 update when a device isn’t eligible for Windows 11. Those devices will automatically get offered the latest Windows 10, version 22H2 update without the need for additional steps.
Note: Windows 10, version 22H2 is the only version of Windows 10 that can be used as a fallback version.
Deploy and monitor Windows updates using Microsoft Intune
If you use Microsoft Intune, simply create your feature update deployment as usual. Find this option in the Microsoft Intune admin center > Devices > Feature Update for Windows 10 and later > Create Profile. Then check the box for “When a device isn’t eligible to run Windows 11, install the latest Windows 10 feature update.” For example, choose Windows 11, version 23H2 and select the checkbox to get your devices to the latest Windows version for which they are eligible.
Screenshot of feature update deployment settings with a checked box under the selected Windows version in the Microsoft Intune admin center.
You can monitor the status of your deployments using Intune reports or Windows Update for Business reports. Note that in your Intune report, there’s a new Target Version column. It will help you understand which devices were offered Windows 11 and which devices were offered Windows 10, version 22H2. When you first create the deployment, you’ll see that all devices will be targeted for Windows 11. As devices scan, the target version will change to Windows 10, version 22H2 for devices that cannot run Windows 11.
Screenshot of Intune reports for Windows 10 and later feature updates in the Microsoft admin center, highlighting the Target Version column.
Deploy Windows using the Microsoft Graph API
If you use the Microsoft Graph API to create and manage your deployments, follow these three steps.
Get the catalog entry ID of the Windows 11 version you wish to deploy:
Screenshot of a request for adding devices and exclusions for the above deployment in the Microsoft Graph API.
Monitor your deployment in Windows Update for Business reports
You can monitor the status of your deployment in Windows Update for Business reports by querying the deployment ID. It’s the number returned upon deployment creation in the Microsoft Graph API (Step 2 above). As with Intune reporting, the target version for all devices in the deployment will initially be the Windows 11 version you selected. It will be updated throughout the deployment to reflect the true version that the device was offered.
Screenshot of a query in Windows Update for Business reports of a deployment with one device targeted for Windows 11 and another for Windows 10.
Start deploying today
This option is available in Microsoft Intune and the Microsoft Graph API today! You may want to confirm that your tenant and devices meet the prerequisites for Windows Update for Business deployment service. Now you’re set to create a Windows 11 deployment with Windows 10, version 22H2 fallback.