Let’s see Intune Patching End User Experience with WUfB for Windows 10 Devices. Microsoft released the latest cumulative update for Windows 10 1909 version. It’s called “2020-04 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4549951).” Are you wondering what would be the experience of the end-user if we deploy patches from Intune? Are we really deploying the patches from Intune?
Deploy Patches from Intune?
How can we deploy patches from Intune for Windows 10? Is this similar to SCCM? Check out the following post from Sharad Singh. He explains about an end to end process of deploying patches using Intune and Windows Update for Business (WUfB).
Intune helps to control and setup the WUfB policies for Windows 10 devices. Intune does distribute the patches to Windows 10 devices. End to end process of Intune patching is managed by Windows Update for Business (WUfB).
So the brain of Intune patching process is WUfB (arguably)
In the below diagram of the Intune patching process, Device Management (DM) Service is nothing but Intune services in the cloud.
Intune Admin Portal for Pataching
Don’t get me wrong there is no other admin portal for the Intune patching process. It’s all same called Endpoint Manager Admin Center.
More detailed explanation of creating patch or software update policies from Intune is explained in the post from Sharad as mentioned above.
Intune Admin Experience – Create Software Update policies
Intune Patching End User Experience
Let’s see what is the end use experience of Intune patching for Windows 10 1909 devices. Note that the end user experience shall change drastically depending on the policies which you set in Intune. For example deadline etc…
Notification
Let’s see the notification options in the taskbar as you can see in the below: If you click on that it might give you more details about the actions needed from your side if you are a seeker like me 😋
Actions
There are couple of actions you can take here:)
- Just close the setting page – Because you already came to know the Intune patching message. And that is “Your Organization will restart your device at 12:24 AM to finish updating Windows.”
- Restart NOW is another option – This is the option to restart immediately. Select Restart now to run Windows 10 device more smoothly and securely right away.
More Details about Windows Update for Business (WUfB) policies?
You can click on View Configured Update Policies either
- To troubleshoot Intune patching issues with WUfB policies.
- Or to know more about Intune patching policies using Windows Update for Business (WUfB).
- Auto install and Restart at an IT-Specified time
- Source: Administrator
- Type: Mobile Device Management (a.k.a Intune)
Auto-install and Restart at an IT-Specified time
Schedule Update Install Day
Schedule Update Install Time
Get Updates for other Microsoft Products
Qualify update deferral period
Feature Update Deferral period
Exclude drivers from Windows Quality updates
Enable Automatic Updates
Enable skipping battery checks for EDU devices
Windows Update for Business Policies Deployed via Intune Patching options
Pause Updates
Following are some of the advanced options where end users have some control on their Windows 10 devices. This is only applicable if you don’t a deadline of Software update policies.
- pause Updates – Temporarily pause updates from being installed on this device for up to 35 days. When you reach the pause limit, your device will need to get new updates before you can pause again.
- Pause until – Select the date from the drop down.
Intune Patching – Policy Setting Metadata
Basics - Name - WOfB Ring 1 Description - More details ...... -- Update ring settings - Semi-Annual Channel Microsoft product updates - Allow Windows drivers - Allow Quality update deferral period (days) - 0 Feature update deferral period (days) - 0 Set feature update uninstall period (2 - 60 days) -- User experience settings Automatic update behavior Auto install at maintenance time Active hours start - 4 AM Active hours end - 5 AM Restart checks - Allow Option to pause Windows updates - Enable Option to check for Windows updates - notConfigured Require user's approval to restart outside of work hours - Not configured Remind user prior to required auto-restart with dismissible reminder (hours) -- Remind user prior to required auto-restart with permanent reminder (minutes) -- Change notification update level - Not configured Use deadline settings - Allow Deadline for feature updates - 2 Deadline for quality updates - 2 Grace period - 2 Auto reboot before deadline - Yes Assignments - Included groups Anoop-Test-Device Group Excluded groups -- Scope tags Default
Resources
- Mobile device management (MDM) for device updates
- Windows 10 Software Update Patching Options with Intune WUfB
- Manage Windows 10 Software Updates in Intune
- How to Setup Windows 10 Software Update Policy Rings in Intune Azure Portal
Hello Anoop,
Could you please help with understanding below queries regards to windows update notification flow.
•Once patch updates in system, first notification will come as soon as patch updated. How frequently they get notifications before it goes to force restart?
•How force restart time calculates? For example my patch updated on 1st oct and as per the policy I need to restart my machine within 3 days, however I have not restart machine till 3rd Oct afternoon and I have opened laptop on say 6th Oct 2020, will it consider 4 hours once I logged in on 6th Oct or as soon as I logged in to system on 6th oct will it restart immediately(as force restart time crossed)