Configure Windows Updates in Intune
Рет қаралды 28,632
Күн бұрын
@nicosimoni2558 Жыл бұрын
Very informative video, thanks! One thing I do different and seems to work fine is to put "0" on all feature updates deferral settings inside of each ring, and use the dedicated "Feature Update" section to use the "gradual update" with a set date for beginning and ending. That way, Intune will divide the number of devices needing the update vs the number of days you set and randomize accordingly, and any computer added after this date will get updated. So you would have a ring 0 for testers (IT dept, a few power users) that have are excluded from this feature update policy and are specifically targeted while the rest of the devices will go through the deployment in phases with no interaction on your end as soon as you assign them to the gradual upgrade. Easier to explain with screenshots but KZbin doesn't allow it :D Also, let's repeat it because I find a ton of people make that mistake: deferral only mean that Windows Update will not look for the update from the date it is made available by MS, it's not a "grace period". In other words, if 21H1 came a year ago, a "200" days deferral is bypassed.
@IntuneVitaDoctrina Жыл бұрын
Thanks again Nico, and as always great comment from you, good advice. I should update or do a new video to add in that and some extra thoughts I have about updates in general.
@robmoore3007 Жыл бұрын
Now that was very helpful. I was doing it wrong, but now I'm doing it right. Thank you!
@IntuneVitaDoctrina Жыл бұрын
Thanks a lot Rob for your comment
@rashkaViking 2 жыл бұрын
Nice! The waited video has come.
@IntuneVitaDoctrina 2 жыл бұрын
thanks a lot @Abdirashid Muhammed, usually settings you don't have to setup so many, nearly like set and forget and saw some new settings that wasn't there before when I set it up. I really like the setting to not restart if device is on less than 40% or presenting, that is nice
@Rideables 6 ай бұрын
Thank you for the video! Very clear presentation!
@IntuneVitaDoctrina 6 ай бұрын
Glad you enjoyed it! Thanks a lot for your comment, that gives me energy to do more videos :)
@cbesc 9 ай бұрын
Beautiful walkthru!
@eduhazard 11 ай бұрын
Very well explaned!Thanks
@IntuneVitaDoctrina 11 ай бұрын
thank you very much!
@XwolfBane18 2 жыл бұрын
Great video John . Will have to follow along and try it on my own intune tenant.
@IntuneVitaDoctrina 2 жыл бұрын
Thanks a lot Abdul, I wouldn't say it is a complete video going through all options, but should give a good idea what can be done and what settings exists. All environments are different, but a good base I hope
@XwolfBane18 2 жыл бұрын
@@IntuneVitaDoctrina that’s perfect I’m trying to get the fundamentals so a good base is something I need for my intune learning :)
@3143iamsam 2 жыл бұрын
Another Nice video John! Thank you for this!
@IntuneVitaDoctrina 2 жыл бұрын
Thanks a lot for your support Mike :) more is coming :)
@pdmaclellan Жыл бұрын
Thank you. This video was very helpful.
@IntuneVitaDoctrina Жыл бұрын
Thank you so much for your comment, happy it helped
@DaysofIresh 9 ай бұрын
Great explanation mate!
@IntuneVitaDoctrina 9 ай бұрын
Thank you so much for your comment!
@yulaw3289 Ай бұрын
super useful, thanks a lot!!
@IntuneVitaDoctrina Ай бұрын
@@yulaw3289 thank you so much for this nice comment, happy to hear
@ashwinikumarsccm307 Жыл бұрын
Really excellent 👌👌 videos
@IntuneVitaDoctrina Жыл бұрын
Thank you so much Ashwini for you comment, happy to hear
@freshpie1986 Жыл бұрын
Clearly defined.Thank you 😇
@M365tunes 2 жыл бұрын
Nice video, Can you make a video on how to get the update status reporting and then non compliance device troubleshooting?
@IntuneVitaDoctrina 2 жыл бұрын
Thanks @Spitzer, good ideas, for Update Status reporting to check in the console is enough or you mean a email report or export the data to another tool? the none compliance device troubleshooting, or actually a bigger part could go through Device Compliance in one video and explain what it is and what is is used for and add in troubleshooting there. at my fake company JBN I would example set compliance that all devices got the latest Updates, BitLocker encrypted and that the Firewall is enabled or alike Good idea, hope to be able to make that
@M365tunes 2 жыл бұрын
@@IntuneVitaDoctrinaThanks Looking forward for new videos.
@webclanka4490 Жыл бұрын
Thanks you very much!
@ianmelencio5752 4 ай бұрын
great work
@IntuneVitaDoctrina 4 ай бұрын
Many many thanks, love comments like that :)
@majdiy Жыл бұрын
Perfect!
@davidbourgie2843 Жыл бұрын
Thanks for that precious video, so to a quick summary we don't need any server WufB to deploy updates like it was before with WSUS but only intune settings and adding AzureAD/Intune group ?
@IntuneVitaDoctrina Жыл бұрын
Correct David, WSUS is a great product still (but for Intune clients, no need), I thought it was more useful when you approved separate updates, now they are Cumulative so you more or less must deploy all updates, and then WufB is great, in the most simply form you target, set a deadline and off you go!
@sachinsehrawat9866 Жыл бұрын
Vedio was very useful and well explained. Question i do have about defferal time. What is the best way to decide the defferal time for these updates
@IntuneVitaDoctrina Жыл бұрын
Good question! My personal take on it, depends a bit on WHEN you want the users to be forced to restart. Such as Sales companies are often sensitive end of month, don't time the forced update restart when your business is as most busy. I would recommend for validation to be done within 7 days and maybe the rest within 14 days from release, but not more.. 14 days could be too much, but depends on business. It could be something to tweak and work in progress based on feedback, you don't want Zero-days vulnerabilities unpatched too long, but also not to fast so users cannot do their work since restarts can be distruptive
@sachinsehrawat9866 Жыл бұрын
@@IntuneVitaDoctrina Thanks 😊
@kyevi Жыл бұрын
Hi, what I dont understand is how do I set an update ring without the feature update? What if I wanted only the Quality Updates? or vice versa?
@IntuneVitaDoctrina Жыл бұрын
Hi, that is a good question, if you don't want feature updates (I guess sooner or later you would) you just don't setup any, and you get only Quality Updates for that version of Win10/Win11 you are running. Vice versa, only feature updates and no quality updates, I cannot see that scenario with current security vulnerabilities, you would always want to get out quality updates ASAP, you can set them up and go back 3 versions (now to July) and set deadline there, but nothing I recommend.
@kyevi Жыл бұрын
@@IntuneVitaDoctrina thanks a lot!
@jameseduard2092 Жыл бұрын
awesome very informative thanks and keep it up
@IntuneVitaDoctrina Жыл бұрын
Thank you so much James
@banreetkaur3177 Жыл бұрын
How do you connect the deployment to the ring? We are only adding groups to the deployment.
@IntuneVitaDoctrina Жыл бұрын
Hi Banreet, if I didn't answer your question please add more info. We created Update rings, and we connect it at "Assignments" by adding AzureAD/Intune group. So if you create Ring 0 for example and put your settings there, and then create an AzureAD group named maybe also something with Ring 0, then in the Ring 0 Assignment you add the group and connect them that way
@jerrypeacock930 Жыл бұрын
Is there a way to block a specific Quality Update from installing? Instead of having to let it install and then initiate an uninstall?
@IntuneVitaDoctrina Жыл бұрын
That is a very good question, and sadly I don't have a good answer, maybe someone else reading here can help. My take on it is that I'm okay to delay a Quality Update, but not block or remove on, since they are cumulative. Most security certificates/policies requires latest OS updates and by uninstalling for a longer time violates that.
@cookwitmona3151 Жыл бұрын
Microsoft product updates in intune contains what are the updates ?
@IntuneVitaDoctrina Жыл бұрын
Excellent questions, the name isn't so good, if you hover over the little "i" you see the description says: "Control Whether to scan for updates from Microsoft Update" So if you set it to "block" you get no updates at all, no Quality Updates and you can only get updates by manually download them and install them manually. Can read more about this value here: learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowmuupdateservice
@Stinger301 Жыл бұрын
Hi, great video. I have a question, how would you manage windows server OS updates via intune?
@IntuneVitaDoctrina Жыл бұрын
thanks, your question is a great one. I haven't done it myself. Windows Servers doesn't have Intune Agent so you cannot manage Servers with Intune. I could be wrong here, but recall seeing if you have Configuration Manager and Co-management you can see Servers through there and manage them through Intune, but the actual commands goes through SCCM/Configuration Manager. Personally I would love to be able to manage servers by Intune and hope it is coming, but right now it is only for client OS. Sorry not a good answer, also hearing about Azure Update Manager that seems to be something (will have to learn that one myself) learn.microsoft.com/en-us/azure/update-center/overview?tabs=azure-vms
@Stinger301 Жыл бұрын
Hi. Thanks for the prompt response. I really appreciate it.
@takacsi Жыл бұрын
Hello, thanks for the video! How can I force to push out an important security update? So do I have any option to speed up some rollout?
@IntuneVitaDoctrina Жыл бұрын
Thanks you Takacsi, If you worked with WSUS you could approve back in the days each update and set deadline, now all updates are more or less Cumulative so either you get all or you pause and get none, no a la carte menu :) Not perfect solution but if a specific months update is more important you could change the Rings "Deadline for feature updates" and drop the days to a lower number and for newt month adjust it up again So no good reply to your question, to speed up for one update you need to change for all (for that month only)
@sohangurung261 3 ай бұрын
will the user has to check for updates of updates will automatically get pushed?
@IntuneVitaDoctrina 3 ай бұрын
Hi, good question! it pushes automatically, no need for user to check manually :)
@sohangurung261 3 ай бұрын
@@IntuneVitaDoctrina is Intune free with Office 365 E3 and Buisness Basic licenses?
@IntuneVitaDoctrina 3 ай бұрын
Microsoft Intune (plan 1, which is what everyone has, all the other plans are special extras) is included in Microsoft 365 E3 (not Office) :) Microsoft Intune Plan 1 A cloud-based unified endpoint management solution included with subscriptions to Microsoft 365 E3, E5, F1, and F3, Enterprise Mobility + Security E3 and E5, and Business Premium plans, including versions of these suites that do not include Microsoft Teams.
@BACKSPIN9ball Жыл бұрын
Hi thanks for an amazing video, I have deployed this to test ring one with a windows 10 22H2 device to upgrade to windows 11 22H2 But so far nothing has happened. I have synced and left the device on for sometime and still nothing. fyi this is a Hybrid virtual machine(DJ and AAD) if that matters
@IntuneVitaDoctrina Жыл бұрын
Thanks, and good information. Since it is a Hybrid it means it is connected to an On-prem AD, do you got a GPO there setting Windows Update? could be conflicting policies. Very common that hybrids are pointing to a WSUS server, if there is a GPO for Windows Update please exclude the Device there or disable the GPO all together. Else it is possible that the device also remember the old server, if it has been in SCCM or alike also, you can easily delete it from registry. I use a PowerShell script that deletes the legacy GPO (might need to restart the Widows Update service on the client also, here is the script (which also shows the registry path) ### Remediation script to remove legacy GPO settings for Windows Update ### Author: John Bryntze ### Date: 13th September 2023 Remove-Item -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate -Recurse -Force -Confirm:$false write-host "Removed!"
@BACKSPIN9ball Жыл бұрын
@@IntuneVitaDoctrina thank you so much for this. However I have tried it on an Intune only w10 device that I want to upgrade to W11 but it picks up the update configs from Intune but will not display or automatically update to W11. FYI this is a VM not a physical computer with A tpm key and enough RAM FOR W11. Did you test on a physical PC or vm?
@IntuneVitaDoctrina Жыл бұрын
yes it works on Physical and VM, both works. I think it is conflicting settings, have you checked the registry key I mentioned above? delete that to remove the GPO that points to another server.
@saranshjaiswalvlogs722 Жыл бұрын
What is deferral period means
@IntuneVitaDoctrina Жыл бұрын
Hi, could you please point out when in the video (time) that was mentioned. We got two deadline "Deadline for feature updates" "Deadline for quality updates" which sort of works as a deferral as you can install it during that period until you become forced. Not sure that answers your question?
@FlavioMaselli 8 ай бұрын
"Beeetaaaa".... 😂😂😂
@avidyoutuber4952 Жыл бұрын
Hey question. Do you have a video on how to troubleshoot Update errors in Intune? For some reason I got some quality updates that are failing. Thanks.
@IntuneVitaDoctrina Жыл бұрын
Hi, good question and topic, I don't have any, I would love to do a video, but then I must be able to reproduce it on my test machines in order to show the solution, else it be a video just talking and not showing. Do you got an error code or alike? then I'll take a look what the error could be and try to reproduce it but not so easy, but maybe :)
Fengjie Family Joke
Рет қаралды 10 МЛН
John Savill's Technical Training
Рет қаралды 31 М.
James Williams
Рет қаралды 99
Office365Concepts
Рет қаралды 29 М.