Windows Update for Business – A (Potential) Feature Update bug…

In my last company-wide deployment of the Windows 10/11 22H2 feature update, I had this strange issue where a very small percentage of devices failed to upgrade.

I recently wrote about how I do Feature Upgrades at my organisation and in that post, I describe how I use dynamic groups to ensure that all of my devices have the required feature update profile assigned. However a very small number of devices persisted in not having the recent Feature Upgrade offered to them.

I spent many hours looking at data in the Windows Update for Business Workbook in Azure monitoring as well as the Intune reports for Windows Update and nothing really stood out.

In the end, I decided to raise a premier support case with Microsoft.

After some time with support, and running some diagnostics, Microsoft support came back to me with information around policy had been removed from the devices and affected devices have lost their update offering.

A workaround to this was to assign the users to a different Intune Feature Update profile.  In the blog linked above, I have mentioned the vNext profiles for early adopters, but found some mixed results, as well as the potential to mix up the people who are in this group who are early adopters and those who are added as part of this workaround.

In the end I created a separate set of Feature Profiles and Groups to separate the people affected by this issue.

NOTE: In the example below, I will only create the Windows 11 Profile and Group but follow the same method to do the same for Windows 10 if you are running both in your environment.

Create an Azure AD Security group to be used for the new Feature Update profile.

Create a Feature Update Profile

In Intune, Navigate to Devices Feature Updates for Windows 10 and later.

Click Create profile

NameFeature Updates Deployment – Win 11 – vNext
DescriptionFeature Update Profile – MSFix for devices not upgrading to 22H2
Feature update to deployWindows 11, version 22H2

NOTE – If you are using this workaround in the future, please use the appropriate Feature Update version.

Assign the group created earlier.

Verify all the setting and click Create

You should also add the group created as part of this workaround to your existing Windows 11 Feature Update profiles as Excluded groups, and be careful not to have the user in multiple Feature Update groups.

For the majority of the affected devices, this did correct the issue.

I still have the premier support case open with Microsoft but if this cannot be resolved in a timely manner, I may have to resort to using alternative methods to get these devices updated.

I found that this issue affected various different device models and both Windows 10 and 11.   There was no Safeguard hold in place either.

Once all my devices are upgraded, I will delete these “MS Fix” profiles and groups as I’m not sure if they can be reused if the issue reoccurs later this year when I deploy 23H2 .

I’d be interested to hear from anyone else who has had a similar experience also and how you may have dealt with the issue.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s