Upgrading to Windows 11 with WUfB\Intune

Brass Contributor

Apologies in advanced if this is to specific 🙂

Historically we used Windows Feature Update profiles (coupled with Windows Update Ring policies) in Intune to manage our OS upgrades, i.e. Win10 20H1, 20H2, 21H1, 21H2. To do this we needed to deploy a configuration profile as well to set the TargetReleaseVersion (TRV) here : -- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Update

This would allow a limit to set to keep devices on a certain OS's.

We are seeing that deploying using Feature Update Profiles alone seems to handle things a lot better. Are you able to confirm that using those alone is enough without the need to set the TRV in the reg?

 

We are currently co-managed with MECM\Intune(MEM) and we under the impression that setting the TRV was kind of a workaround for a specific issue a while back where co-managed devices were upgrading beyond the Feature Update OS version that was targeted at them???

 

3 Replies

@nlmitchell absolutely, Feature Update profiles are designed to keep devices on the targeted feature update until the device is assigned to a feature update profile with a newer feature update version.  So we recommend NOT setting the TargetReleaseVersion property when using feature update policies, as they can conflict with each other.

 

HTH,

-David Guyer

@David_Guyer - thanks for getting back to me
I think at one point there was an issue with co-managed devices where they were not adhering to the Feature Update Profile alone. We were seeing instances where we had 20H2 devices upgraded with the 20H2 Feature Update Profile and they began automatically updating to 21H1 when that became general release.
Resulted in pausing WUfB patching, call to MS, who then advised to implement a TRV set to 20H2. We were then able to restart patching and devices held at 20H2. Assumed that this would have been resolved/progressed by now, but have since set the TRV just to be on the safe side.
Will work on removing it soon so we are just running on Feature Update Profiles alone
I haven't heard of that kind of problem in quite a while, except in cases when a device wipe or reset is used that doesn't use an option that keeps the device enrolled in management. But for normal day to day, devices are only offered what's been approved.