How I Feature Update Windows

It’s been a few weeks since 22H2 has been released for both Windows 10 and Window 11, and after validation by both my Windows Insiders and my early adopters, I am ready to deploy this Feature Update to all of my managed Windows devices at work.

I thought it could be useful to blog about how I do Feature Updates using Intune and Windows Update for Business Deployment Services taking advantage of the Intelligent Rollout feature.

I can cover how I set up my Windows Insider for Business rings in a later blog post if that also interests anyone.

For context and clarity, the information in this post will be for Intune managed devices that are natively Azure AD joined – so no Config Manager and no Active Directory/Group Policy, but you should be able to replicate in those environments as these configurations should be available via group policy (but don’t quote me on that)

Windows Update for Business (WUfB) – Allow Cloud Processing

Because I want to use the intelligent rollout feature of Windows Update for Business Deployment Services, I must enable the Allow Cloud Processing setting on all my Windows devices.

To do this, I need to create a Configuration Profile in Intune.

In Intune, navigate to Devices – Windows – Configuration Profiles and click Create Profile

Select Windows 10 and later for the Platform, and Settings catalog for the Profile Type

Give an appropriate name and description

NameWin 10/11 – Settings Catalog – System – Allow WUfB Cloud Processing
DescriptionAllow WUfB Cloud Processing = Enabled

On the Configuration settings page, click + Add settings

Search for Allow WUfB and select System

Click on the Check box next to Allow WUfB Cloud Processing

Set the configuration to enable on the Allow WUfB Cloud Processing setting and click Next

Configure Scope Tags as required and click Next

Select the most appropriate group for your environment, in this example, I am using the All users built in group.  Click Next

Review the settings page and click Create

For more information on the Windows Update for Business Deployment Services, check out Microsoft Learn documentation here

Make sure you are aware of the prerequisites (as of 13 November 2022)

As well as the following best practices (as of 13 November 2022)

Feature Update Profiles

To start off, I will explain how I have configured my Feature Update policies

With both Windows 10 and Windows 11 in my environment, there are four Feature update profiles, two for Windows 10 and two for Windows 11 (once my environment is fully Windows 11,  the Windows 10 ones will be removed).  Again, let me know if you want me to detail how I have set this up and I’ll write it up in a separate blog post.


Note – This is also a really convenient place to see the end of support date for  Windows, and for the purpose of this note, I have temporarily changed one of the profiles to Windows 10 v21H1 so you can see a profile that is configured with a version that has support ending soon.

For the purposes of this section, I will only focus on the Windows 11 profiles (but the exact same configurations are set on the Windows 10 profiles).

I have two Feature Update Profiles

One is for “vNext” which is assigned to a group of people who test the new feature update as soon as it comes out, and the other is the production one that is deployed to all Windows 11 users (Unfortunately Intune filters are not available here so I have used a combination of Include and Exclude groups to control which user gets what update).

The vNext group has been configured to use the ImmediateStart rollout option as this is a small group of testers and I want them to get the update as soon as  possible

My production profile is currently set to Windows 11 v21H2, I want to change this to Windows 11 v22H2 and enable gradual rollouts.

On the production profile, I will change the Feature update to deploy setting to Windows 11, version 22H2

On the Rollout options, select Make update available gradually

Configure a date for the first update group (This must be a minimum of two days from the current date), a date for the final update group and the days between groups

NOTE – These settings are for example only and you should configure this to what works best for your environment

I can now see that my production profiles are now configured for version 22H2 for both Windows 10 and Windows 11

Once my whole environment has upgraded to 22H2, I will reset my production profiles back to Rollout Option = Make update available as soon as possible, ready to do this all again in 2023 and beyond.

Reporting

Make sure you gave a Windows health monitoring Configuration profile configured and deployed to your managed Windows devices

More info Windows health monitoring here

Enabling Windows diagnostic data in Intune to get App and driver compatibility is also recommended too

More info on Widows diagnostic data here

In addition to the Intune reporting, I would also highly recommend configuring Update Compliance to monitor Windows Updates

One last tip I would also recommend – If you have configured Deadline for feature updates and Deadline for quality updates, I’d recommend keeping the quality update setting short, but allow a few extra days for feature updates as I’ve found over the years an aggressive setting for Deadline for feature updates can be disruptive for people – especially if they are in customer facing roles.

P.

Categories: TechnologyTags: · · · · · ·

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s