Windows 11 24H2 Upgrade using Intune Feature Updates Policy

How to Deploy Feature Updates Using Intune: A Step-by-Step Guide

Microsoft Intune provides a streamlined method for managing Windows feature updates across your organization. In this guide, I'll walk through the essential prerequisites, policy creation steps, deployment, and monitoring process to ensure a smooth rollout of feature updates using Intune.

1. Verify Prerequisites

Before you create a feature update policy, ensure the following prerequisites are met on the target devices:

  • Device Enrollment: Devices must be enrolled in Intune, either as Microsoft Entra hybrid joined or Microsoft Entra joined.

  • Supported OS: Devices must be running a supported version of Windows 10 or Windows 11.

  • Telemetry Settings: Devices must have the telemetry level set to Required.

    • You can configure this via Devices > Windows> Configuration > Create Policy > Templates> Device Restrictions > Reporting and Telemetry > Share Usage Data >Set as Required 






  • Microsoft Account Sign-In Assistant (wlidsvc):

    • Ensure the wlidsvc service is not disabled. Run the following PowerShell command in client end:

      Get-Service -Name wlidsvc | Select-Object Status, StartType

    • If needed, set the startup type to Manual (Trigger Start) with:

      Set-Service -Name wlidsvc -StartupType Manual

  • Network Access: Devices must have proper access to Microsoft update endpoints.

  • Supported Editions:

    • Supported: Windows Pro, Enterprise, Education, and Pro for Workstations.

    • Not Supported: Windows LTSC editions and Workplace Joined (WPJ) devices.

Licensing Requirements:

  • Basic Feature Update Deployment: Requires an Intune license.

  • Advanced Features (e.g., Gradual Rollout): Require one of the following licenses:

    • Windows 10/11 Enterprise E3/E5

    • Microsoft 365 E3/E5/F3

    • Microsoft 365 Business Premium

2. Create a Feature Update Policy

  1. Log in to the Microsoft Intune portal.

  2. Navigate to Devices > Windows > Windows Updates.

  3. In the Feature updates pane, click Create profile.

  4. Set a name for the profile.

  5. Select the Feature Update version you want to deploy (e.g., Windows 11 24H2).

  6. Configure the rollout options, such as a gradual rollout or a specific start date.

  7. Assign the policy to a device or user group containing the targeted devices.

This policy ensures specific control over which Windows version gets deployed to selected endpoints.

3. Create an Update Ring Policy

The Update Ring manages the timing and behavior of both feature and quality updates.

Controls deferral periods, uninstall periods, and restart options.

  1. Go to Devices > Windows > Update rings.

  2. Click Create profile to define a new update ring.

  3. Configure settings such as:

    • Feature update deferral period

    • Uninstall window

    • Restart behavior

    • Set the deadline for feature updates.

      For example, setting a 0-day deadline forces immediate update enforcement.

  4. Assign the update ring profile to the relevant device group.

4. Monitor the Deployment

Monitoring is a critical part of managing feature updates.

  1. In the Intune portal, navigate to Reports > Windows Updates.

  2. Select Feature updates in the report pane.

  3. Choose the Feature Update policy you created.

  4. Click Generate to view the deployment status.

    Ensure the devices are synced with Intune before checking the report.

You’ll be able to see the list of devices that have received or are in the process of receiving the update.

5. Verify on the Client Side

Once updates are deployed, you can verify them on client devices:

  • Go to Settings > Windows Update on a client machine. ( Updates are managed by Intune )

  • You should see the targeted feature update (e.g., Windows 11 24H2) downloading and installing.

  • If you've configured quality updates / Drivers simultaneously, they will also appear under Windows Update.

Popular Posts

Deploying a Script through Intune to a Linux PC

Image
Can Intune Deploy Shell Scripts to Linux Devices? Yes! Just like deploying PowerShell scripts to Windows, Intune can also deploy shell scripts to Linux devices. In this blog, I'll walk you through the process of deploying shell scripts to Linux using Intune, making it easier to automate tasks and manage Linux endpoints efficiently. Prerequisites Before deploying a shell script via Intune, ensure the following requirements are met: 1. Intune and Microsoft Entra ID Your environment must have Microsoft Intune configured for device management. This setup enables secure enrollment and policy enforcement on Linux devices. 2. Linux Device Enrollment The Linux PC must be properly enrolled in Intune to receive policies and scripts. If the device is not enrolled, follow Microsoft's documentation on Linux enrollment in Intune. Deploying the Shell Script Once the prerequisites are met, follow these steps to deploy your shell script through Intune: Access Microsoft Intune Sign in to the ht...
Read more

Removing Obsolete Computer Records from Active Directory Using PowerShell (Only Windows Client Versions)

  Removing Obsolete Computer Records from Active Directory Using PowerShell Active Directory (AD) environments can accumulate obsolete computer objects over time. These stale records not only clutter the directory but can also pose security risks. This article provides a PowerShell-based approach to identifying and removing outdated computer records from Active Directory. Identifying Obsolete Computer Accounts The first step in cleaning up AD is to identify inactive computers based on their last logon timestamp and password last set date. Below is a PowerShell script to find obsolete devices that have not logged in for more than 60 days: Import-Module ActiveDirectory $DaysInactive = 60 $time = (Get-Date).AddDays(-$DaysInactive) # Identify obsolete devices $obsoleteDevices = Get-ADComputer -Filter { (LastLogonTimeStamp -lt $time -and PasswordLastSet -lt $time) -and (OperatingSystem -like '*Windows 10*' -or OperatingSystem -like '*Windows 11*' -or OperatingSystem...
Read more

Deploying Software Update Scan Cycle via SCCM using a Batch File

Image
Deploying Software Update Scan Cycle via SCCM using a Batch File If you need to trigger a Software Update Scan Cycle through a batch file in SCCM, follow these steps. Step 1: Create a Batch File Create a new .bat file and add the following lines: @echo off echo Initiating Software Update Scan Cycle... wmic /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" echo Software Update Scan Cycle initiated. timeout /t 10 > nul Save this file with a .bat extension. Copy the batch file to a shared network location that SCCM clients can access. Now we'll create the pacakge SCCM console > Software library > Pacakages > Create Package     Choose a name   Select a souce path Select standard program Browse the command line and select the bat file   Choose other options Hidden or visible to users User login or no   Now distribute the content   After it...
Read more