Mar 04 2021 03:41 AM
Mar 04 2021 03:41 AM
Mar 04 2021 07:04 AM - edited Mar 04 2021 07:06 AM
Hi @Cordell Melin,
Sorry, I'm not entirely sure what you are asking here. SafeGuard holds are always respected when (and only when) you use Windows Update (which includes WUfB) -- this is by definition of what a SafeGuard hold is. The only exception here is if you've explicitly bypassed them on a specific system by configuring the appropriate registry value (we don't generally recommend bypassing SafeGuard holds as this will most likely result in a failure or upgrade issue at some point which is why the SafeGuard exists in the first place). There is no direct way to enable or disable SafeGuard holds using ConfigMgr. SafeGuard. See Safeguard holds - Windows Deployment | Microsoft Docs for complete details.
Don't confuse SafeGuard Holds with Windows setup based compatibility checks though. Compatibility of multiple items including drivers and applications are checked during this phase. As implied though, these Setup-based compatibility checks happen during Windows Setup itself before the actual upgrade process begins. This is in contrast to SafeGuard holds which prevent a system from ever knowing about a Feature Update at the Windows Update service level.
There is some overlap between the issues that SafeGuard Holds prevent and the issues that Windows setup compatibility checks detect, but there isn't complete parity if that is what you are expecting. SafeGuard holds are not comprehensive and don't include most application compatibility issues. If you are looking to evaluate application compatibility as part of your Feature Update rollout process, I suggest you take a look at Desktop Analytics: Compatibility assessment - Configuration Manager | Microsoft Docs.
Mar 04 2021 07:36 AM
@Cordell Melin There is a known limitation where feature update policies may not take immediate effect when moving the Updates workload from ConfigMgr to Intune. This may result in unexpected FU being made available to the client. If this is what you mean, follow this article to understand how to use a CSP to prevent this behaviour. The policy won't override a safeguard hold. https://docs.microsoft.com/en-us/troubleshoot/mem/intune/create-feature-update-hold-co-managed-devic...
Mar 04 2021 08:56 AM
Mar 04 2021 09:04 AM
Mar 04 2021 09:05 AM
Mar 04 2021 09:18 AM