Blog Post

Windows IT Pro Blog
2 MIN READ

Coming soon: Quality updates during the out-of-box experience

VictoriaWang's avatar
VictoriaWang
Icon for Microsoft rankMicrosoft
Feb 06, 2025

Soon, you'll be able to enable quality updates for your organization during the out-of-box experience (OOBE) of new Windows 11 devices.

You are in control over Windows updates

Thanks to your feedback, in mid-2025, we'll be releasing a new policy to manage whether devices in your organization receive quality updates during OOBE. This policy will allow you to choose if new Windows 11 devices on version 22H2 and higher get the latest applicable quality update during setup. You'll be able to configure the setting via Windows Autopilot and Windows Autopilot device preparation, so you can have seamless control over updates in OOBE.

Additionally, your existing quality update settings will be synced to the device, including Windows quality update deferrals and pause policies. That way, only the latest approved security update is offered, enabling you to keep your entire fleet on the same approved version.

If you don't use Autopilot through Microsoft Intune, you can still disable quality updates during OOBE by setting the Group Policy to disabled. This policy will be available as a mobile device management (MDM) policy and a Group Policy.

Note: Please note this policy does not apply to the OOBE Zero Day Package (ZDP) updates and there are no changes to this experience.

User out-of-box experience

This change will help ensure devices in your organization are secure out of the box by getting the quality update at the end of their out-of-box experience. It can take an average of 20 minutes though the download and installation time will depend on the size of the update, the user's network conditions, and the hardware capabilities of the device.

 

A mockup of the screen that a user will get when taking a Windows quality update during the OOBE. This design is not final.

How to prepare

There is no action you need to take at this time. Watch for an update in mid-2025 when the policy becomes available, and Autopilot changes go live. Subscribe to the Windows IT Pro Blog or keep checking the Microsoft 365 admin center to get the news and configure the new policy as appropriate for your organization's needs.

Thank you again for your feedback and helping us make Windows better!

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.

Updated Feb 06, 2025
Version 2.0
servicing and updates
windows 11
windows autopilot
  • Karl-WE's avatar
    Karl-WE
    MVP
    Feb 15, 2025

    Thank you for bringing back more control VictoriaWang and the team!
     I am confident customers and admins will embrace this change and option.

    UX Feedback on the update process:
    Please allow me to file some feedback in this context.

    1. Drivers and Firmware / User Interruption due driver installs during OOBE
    As others noted it would be great to have an integration with autopatch / firmware and driver updates coming through Windows Updates. I am aware that at some point, some (not all) drivers are installed. This is noticeable with display drivers and usually flickering screens. However this open happens in the middle of things. Like entering your user login data and interrupts the user.

    Idea:
    If we could allow these to happen in one step or a later step, without interrupting the user, that would be a great improvement.

    2. Look and feel of Update screen
    "A mockup of the screen that a user will get when taking a Windows quality update during the OOBE. This design is not final."
    I would really like to see, that the update process is integrated in the native OOBE UX.
    Currently it has complete different look and feel compared to the clean Windows 11 24H2 OOBE. 
    You speak about a mockup, but it has made it to production.

    Ideas:
    During the OOBE wizard, there is already a point in time, where it the computer is checking for updates.
     It would be neat in terms of UX, if at this point or later:

    - you could consider to place or later the OOBE update procedure, instead of a separate UX

    - add the names of updates as in settings app (USOclient), as well as the download progress.

    At this point one can already access all the data through the defaultuser0 profile (settings app > updates), so the data is available and just requires a different presentation.


    Thank you so much for considering the feedback, your continued good work on the OOBE and servicing level!

     

  • MichaelNiehaus's avatar
    MichaelNiehaus
    Brass Contributor
    Feb 11, 2025

    If you are configuring the setting via an AD-delivered GPO, that GPO wouldn't be applied until after OOBE has completed (since during OOBE and all the way through SetupComplete.cmd, the Group Policy service is not running).  So I'm assuming you would need some way to set the registry value before the end of OOBE?  Intune + ESP would do that, or if you are imaging the box you could set the registry key offline or via an unattend.xml specialize RunSynchronous command.

  • Jan_Gutjahr's avatar
    Jan_Gutjahr
    Iron Contributor
    Feb 10, 2025

    What will be the default behavior if no MDM/GPO policy is set? Will it be on or off?

  • EnterpriseAdmin's avatar
    EnterpriseAdmin
    Copper Contributor
    Feb 07, 2025

    Looks like this will replace many long lived scripts in many organisations, good stuff.

     

    Can we hope driver installations will also be included within the OOBE also?

  • DanielDavila's avatar
    DanielDavila
    Brass Contributor
    Feb 06, 2025

    "You'll be able to configure the setting via Windows Autopilot and Windows Autopilot device preparation" 

    Via what function, the profile configuration?
    Will this update occur after User ESP or Autopilot Prep completes or right before?
    Does the process count against User ESP timings if the former?

    Is Windows 10 support not listed because it'll be EOL?

    • xmjay925's avatar
      xmjay925
      Copper Contributor
      Feb 07, 2025

      I am not an Microsoft employee. Answers are based on the blog post and experience so far.

      • Via what function, the profile configuration?

      Probably yes. Exisiting WUfB profile settings (probably also Autopatch groups) will also apply.

      • Will this update occur after User ESP or Autopilot Prep completes or right before?

      My guess is it will run through the device setup. It should go through after enrolling in to Intune so update policies can apply.

      • Does the process count against User ESP timings if the former?

      Most likely yes. 

      • Is Windows 10 support not listed because it'll be EOL?

      Yes. Windows 10 is marked to end support in October.