Managing Windows Updates with Intune Part 2 – Feature, Quality, and Driver Updates

IntuneGuide
Written By Andrew Hoffman

Welcome to part 2 of Managing Windows Updates with Intune. If you haven’t had a chance, take a look at part 1 of my post, where I show you how to configure update rings.

Managing Windows Updates with Intune Part 1 – Update Rings – The Endpoint Guy

In this post, we’re going to cover how you can manage Feature, Quality, and Driver updates using the update rings we created in my previous blog post.

Creating a Feature Update Policy

With your update rings already setup, we can now manually push out feature updates to make sure they get proper testing in your environment. For example, all the of the endpoints in my enterprise are currently running Windows 11, 23H2, but I want to begin the upgrade to 24H2 by the end of the year.

I’m going to create a feature update policy, and assign it to my Update Ring – Alpha group first, and then I’ll eventually push it to my Update Ring – Beta group, and then eventually Update Ring – Production.

Creating a Quality Update Policy

Your quality updates will mostly be managed automatically via the update rings we talked about in my last blog post. We’ll really only be creating a quality update policy for a couple of reasons.

The first, being that we want to enable hotpatch for Quality updates. (See my blog post here for more information on hotpatch). The second being that we want to expedite a quality update, maybe in a situation where you’ve deferred quality updates for a certain period for critical endpoints, but for security reasons you need to expedite a new update.

Enable Hotpatch Updates

Expedite a Quality Update

Managing Driver Updates

You can also manage your driver updates via Intune. You can choose to setup a policy that will allow you to manually approve updates driver by driver, or you can also do this automatically with deferral periods for certain groups.

As an example, here are my driver update policies along with deferral periods for each group.

Pause Driver Updates

In my case, most driver issues are caught by the Alpha or Beta groups before the drivers hit my production group. When this happens, I can pause a driver update. Once paused, it stays paused indefinitely until approved again manually.

Monitor Updates

You can also see some more information on your update deployments, such as alerts and policies by going to the monitor tab.

Questions or comments? Leave a comment below or feel free to reach out to me on my socials below. Stay tuned for my next and final blog post of the series, where we’ll talk about Windows Autopatch.

Andrew Hoffman https://www.endpointguy.com
Previous

Disable M365 Companion Apps for Your Organization
Next

Import an Endpoints Hardware Hash to Intune