Microsoft is developing a system that will let IT administrators control how rapidly Windows updates are distributed throughout a company, as we reported a few months ago. This Windows Update for Business (WUfB) and Microsoft Intune implementation is now generally accessible.
Intune now has two unique additional capabilities available. The first is feature update configuration, which, as the name suggests, enables IT administrators to set up rules that regulate which Windows feature update is sent to devices. Devices will continue to run the version of Windows that IT administrators specified in their policy until they assign a newer version in this section.
You can also specify whether you want the update to be made accessible immediately, at a specific date, or gradually. This is one of the more useful configuration options. You may also specify the number of days between the updates for the first and last groups in the final option.
Accelerated quality updates are the second capability that is now generally available. This is especially beneficial for patching zero-day vulnerabilities right away with updates. You must pay attention to a few settings in this case. In one, you may specify the minimum OS version that all devices must run, while in the other, you can specify how long a device can put off an update before being forced to restart. There are three choices: 0 hours, 1 day, and 2 hours. Though the first option merely provides customers a 15-minute heads-up after downloading the update before forcibly installing it via a restart, it should be utilised with caution.
The deployments of both feature updates and expedited quality upgrades can now be viewed in reports. These are accessible in the Microsoft Endpoint Manager admin center’s Reports > Windows updates area. They will show overall results, device-granular information, and alerts. Visit Microsoft’s suggested practises here if you’re unsure of the policies to set up for update deployments.
