Installing Windows ‘C release’ updates with Intune

Today, Microsoft released the Windows 11 January 2022 Preview (or ‘C release’) update.  This update fixes a crucial VPN issue I have been assisting Microsoft with.  The issue it fixes is the stability of the Intune deployed VPN profile (every time the device syncs with Intune, the VPN would either appear or disappear).

As ‘C release’ updates are not available via Windows Update for Business so I have a challenge to deploy this update to my Windows 11 users.

I decided to take the .msu update file and wrap it as an Win32 app to deploy using Microsoft Intune

I started by downloading the update MSU file from the Microsoft Update Catalog and put it into a folder called Windows Update – KB5008353 (Jan22 W11 C Update)

Next I will need to create an Install batch file that uses wusa.exe

wusa.exe windows10.0-kb5008353-x64_f8f68bd79a0bf5d9e542de5cca217dcd7c1cd89f.msu /quiet /norestart -wait

This particular ‘C release’ update cannot be un-installed, so I have used a basic echo command for the uninstall.

echo "this update cannot be removed"

Because this is a Win32 App, it will need to be able to detect that something has installed or failed.  I have used a PowerShell script that looks for the KB number using systeminfo.exe

$KB = "KB5008353"
$KBPresent = systeminfo.exe | findstr $KB

if ($KBPresent )
 {
    Write-Output "Found $KB"
    exit 0
 }
 else
 {
    Write-Output "$KB Not Found"
    exit 1
 }

I have saved the install, uninstall and detection files into the same folder as the MSU update file. 

To create a Win32 App in Intune, you will need to download the Microsoft Win32 Content Prep Tool.

From a Terminal Window, run the IntuneWinAppUtil.exe

Specify the source folder, the setup file and the output folder.

The utility will then create a .intunewin file which can be uploaded to Intune.

In Intune Apps – Add a new App and select the app type Windows app (Win32)

Select the install.intinewin file created earlier

Provide the relevant App Information

Add the following Install and Uninstall commands:

Install.cmd
Uninstall.cmd

Add in the requirements that are appropriate to your environment (At time of writing, Windows 11 is not an option for Minimum Operating System)

For the Detection rules, use a custom detection script and select the detection file created earlier.

You can deploy this app as you see fit, targeting all Windows 11 devices, a subset of Windows 11 devices or in this example, make it available to all users to install via the Company Portal.  Note, I have also used a Windows 11 filter for this deployment.

P.

One Comment

Leave a Reply to DEBMALYA Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s