A few months ago, we learned that Microsoft is working on a solution that will allow IT admins to configure how quickly Windows updates are delivered to an organization. Today, this implementation leverages Windows Update for Business (WUfB) and Microsoft Intune is generally available.
.jpg)
Two distinct new capabilities are now available in Intune. The first is the configuration of feature updates, which, as the name suggests, allows IT admins to create policies that control which Windows feature updates are delivered to which devices. Unless IT administrators assign a new version of Windows in this section, devices will remain at the version they specified in their policy.
Some other useful settings you can configure are whether you want the update to be available immediately, on a specific date, or through a phased rollout. The final option also allows you to choose when the first and last groups will receive an update and the days difference between them.
Another capability that kills general availability is rapid quality updates. This patch is very useful in the context of quickly deploying updates to fix zero-day vulnerabilities. Here are some settings you need to keep in mind. One allows you to choose the minimum OS version that all devices should be running on, while the other lets you decide how long a device can wait for an update before restarting. . Available options include 0, 1, and 2 days. The first option should be used with caution as it only gives users 15 minutes after downloading the update before forcing it to install again.
Finally, you can also view reports for the delivery of both feature updates and accelerated quality updates. These are available under Reports > Windows Updates Section on Microsoft Endpoint Manager Admin Center. They will display warnings, information at the tool’s level of granularity, and aggregate results. If you are unsure about the policies to configure for update deployments, See Microsoft’s recommended practices here.
