Feature Updates in Intune
Introduction
Are you ready to upgrade your devices from Windows 10 to 11? You've probably already done it, or perhaps you are currently in the planning phase.
In this blog post, I will show you how to utilize feature updates in Intune on your journey to Windows 11. We will also go through some useful resources in order to make sure your devices are ready for Windows 11. Are you ready? This is going to be great!
Endpoint Analytics
In a big environment where you aren't familiar with all the hardware, it's a big advantage to have a tool that can help you. It's possible to check the hardware on each device individually. However, Intune has an even smarter way of checking if you are ready for Windows 11.
Have you heard about endpoint analytics? It's a report function in Intune that gathers data from devices in order to provide different reports, such as device performance and Windows 11 readiness.
You can find endpoint analytics under the reports tab within the analytics category.
Here, we have different reports. I would highly encourage you to take a closer look and see how they can help you.
Before you can get any data in the Endpoint Analytics tab, you will have to set up telemetry. When that's setup, you can see it's connected under settings within endpoint analytics.
I have enabled the telemetry, and I will just quickly take a look at how it looks in the registry. Open the registry editor and go to the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager
From here, you would have to navigate the last bit in the current folder and, lastly, in the device folder. Here we can see a "DeviceHealthMonitoring" folder that contains our settings.
After a while, some data will begin to appear in the reports. If you are interested in seeing if your devices are ready for Windows 11, should you take a look at the "work from anywhere" tab and the Windows category.
It will tell if your device is capable or not of running Windows 11, as in the example above.
Feature Updates
Whether you are upgrading to Windows 11 or another feature update, the feature update ring in Intune is worth looking at. I am looking at upgrading my devices to Windows 11 (I know I am late to the party), so I have collected the data from endpoint analytics and know which devices are ready for Windows 11.
My next step will be to update the devices that I have picked for my pilot group. I start with navigating to our favorite portal.
- Navigate to the devices tab, and pick Windows 10 and later updates.
- The next step is to click on the feature update blade.
- Create a new profile and give it a name and description.
Now, we have to take care of the feature deployment settings. Firstly, we have to pick which feature update we would like to deploy. At the moment, when writing this blog, there are currently 4 options.
- I will pick Windows 11, version 23H2, so my devices will have the latest feature update possible.
Once we have picked the feature update, we have to decide whether it should be a required or optional update.
If it is a required update, it will be pushed to the device and automatically updated. If we decide to pick the optional, the update will be available for the user, and the user can decide if they would like to install it or not.
- I need my devices to be updated to Windows 11, since Windows 10 is EOL soon. I must make this update required, so I am sure that the devices will receive the update.
The great thing about feature updates is that if we have devices that can't be upgraded to Windows 11, we have the opportunity to install the latest Windows 10 feature update instead, before the device might be changed.
- I will mark the box, so I am sure that my devices that aren't eligible will be patched with the latest Windows 10 feature update.
Lastly, we have to think about how we will roll this out. There are a few possibilities.
Make update available as soon as possible: When we are in a pilot phase with a small number of devices, this could be a good choice. When the device checks in after a while, the update will be pushed to the device.
Make update available on a specific date: Let's say that we would like to start the rollout next week, so we can give a heads-up to the users. I can pick the date, and from that date on, the update will become available.
Make update available gradually: Imagine we are now out of the pilot phase, and we have to update all our devices, but still in a controlled way. With this option, we can make the update available for a subset of devices on a specific date and specify the final date as well.
- Since this is a pilot phase, I will make the update available as soon as possible so we can get started with testing.
Now we are finished with the configuration, and the last thing we have to take care of is the assignments. Once that's done, make sure to press create!
Device perspective
Now I have prepared my feature update policy in Intune and included my pilot device. After a while, the update will appear on the device.
Wow, that's nice! Our feature update has been deployed to the device. It was fairly easy, right?
Tips & Tricks
There are a few tips and tricks that I would like to share with you that you can hopefully use next time.
Event Viewer
- The event viewer is always a great place to start when you are doing troubleshooting. The WindowsUpdateClient is located in the path below.
Applications and Services Logs -> Microsoft -> Windows -> WindowsUpdateClient
Windows Update Logs
- The logs for Windows updates might also be helpful if you are experiencing any issues. However, the extension of those is ETL, so you have to use Get-WindowsUpdateLog command in order to combine and make it readable.
Prepare your users!
- If you are working on upgrading your devices to Windows 11, I would recommend you take a look at the Windows 11 onboarding kit, which will help you prepare your users for the update and the changes.
Conclusion
Thank you very much for reading this blog post! I hope it gave you some insights about feature updates in Intune.