Update rings

Installing Windows security updates during the Windows out-of-box-experience

by

Important: While writing this post the news came that this capability got delayed again to help ensure delivery of the best possible experience. As the configuration is still available in Microsoft Intune, this post can still provide value. This week is all about the new functionality to install Windows security updates during the Windows out-of-box-experience (OOBE). That functionality is focused on making sure that Windows devices are secure and up-to-date at the moment that the user will actually start using the device. At this moment, one of the main challenges is that organizations have to rely on the preinstalled Windows version on the device. That might not – and often does not – include the latest Windows security updates. This new functionality can help with …

Read more

Understanding Windows Autopatch groups

by

This week something completely different, but maybe even more intriguing at some level. That something is Windows Autopach groups. Windows Autopatch groups are logical containers, or units, that can group several Azure AD groups and different software update policies, within Windows Autopatch. That’s a really nice addition to Windows Autopatch that is available starting with the latest service update of May 2023. Windows Autopatch groups enable organizations to create different selections of devices with as many as 15 unique deployment rings, custom cadences and content. And a tenant can contain up to 50 Windows Autopatch groups. That enables IT administrator to create nearly any structure for patching their devices within Windows Autopatch. This post will start with some more details for understanding Windows Autopatch groups, …

Read more

Allowing users to opt-in for Windows Insider Preview Builds

by

This week is all about providing users with a method to deliberately opt-in for running Windows Insider Preview Builds. That option to opt-in is created by using an access package. That makes this post basically a combination between an earlier post about allowing users to opt-in for Windows 11 and an earlier post about managing Windows Insider Preview Builds. By default, many organizations prevent users from simply enabling and using Windows Insider Preview Builds. Often the main reason is to prevent unpredicted and unwanted issues from happening on the devices of users. Using an access package makes sure that the user consciously chooses to use Windows Insider Preview Builds, possibly in combination with the approval of a manager and in combination with sharing information in …

Read more

Different options for upgrading devices to Windows 11

by

This week is again all about upgrading devices to Windows 11, by using Microsoft Intune. When discussing the upgrade to Windows 11, the first and foremost thing to mention is that managed devices won’t automatically upgrade to Windows 11. There is always an action required by the IT administrator to make sure that managed devices are allowed to upgrade to Windows 11. The options to configure those managed devices, however, were limited when using Microsoft Intune. That has changed with the latest service release (2111) of Microsoft Intune. That service release introduced a few more options for managing and controlling the upgrade to Windows 11. This post will go through those different methods for upgrading devices to Windows 11, followed the configuration options for those …

Read more