Seeking Advice on Intune Windows Updates Management for Win10 to Win11 Upgrade
We’re preparing to upgrade a group of devices from Windows 10 to Windows 11 using a feature update deployment policy and Ring update policy. Our goal is to provide our users with the most notifications and control possible before the mandatory deadline is reached, allowing them the opportunity to initiate the update themselves. However, I’m confused about the deadline and grace period countdown. According to this article, the countdown starts after the installation completes. Enforce compliance deadlines with policies - Windows Update for Business | Microsoft Learn Is there a way to use Intune Windows Updates management to allow users to control when they launch the Windows 11 upgrade process before it becomes mandatory, while also providing notifications to the user? Thanks in advance for your help!WufB Delivery Optimization Report Broken
Since some days, we have a problem with our Delivery-Optimization-Report in WufB-Workbook. We only see the following error in all Sections Query could not be parsed at 'datetime()' on line [2,21] Token: 'datetime()' Line: 2 Postion: 21 Is this a global Issue? Is anybode else faceing this problem. The Report used to work fine for several Weeks - no changes made.Behind the scenes: access and region control in Windows Update for Business reports
Interested in using Windows Update for Business reports for richer access and region control? As we've announced on the Windows IT Pro Blog today, you now have more power and flexibility to route data and to control access to your data with Windows Update for Business reports, as well as to host it in an expanded set of regions. While you can find out how in the blog article linked below, let's get behind the scenes of the new capability: The architecture Pricing structure A few current limitations Additional information The architecture When you run the Ansible solution to control access and region, your automated script deploys the following resources to your tenant. This solution automatically creates the following resources. Azure resources: Azure Function triggered on an interval to perform periodic data export Log Analytics resources: Log Analytics workspace for each scope Azure Monitor resources: Data collection endpoint for ingesting data Data collection rule for each scoped workspace to direct data routing You can easily manage these resources through the Azure Portal. The diagram below shows the key workflows, resources, and interactions for the Contoso/Fabrikam deployment example. If you're an Azure administrator, you may find it helpful for understanding the created resources and how data is routed throughout the solution. Pricing structure Since you'll be routing data for Azure AD device groups to different Log Analytics workspaces, let's see if anything changes in your billing based on your existing infrastructure. Data is stored in Log Analytics workspaces with the same schema as your already existing Windows Update for Business reports workspace, and so billing remains the same—which is to say there is no data charge at the default 30-day retention period. See Log Analytics pricing tiers for more information. The Azure Function that copies data to scoped workspaces will incur standard Azure Function compute and consumption costs, and this is dependent upon the scale of your scopes and devices. You can use the calculator to estimate costs after running a test with your lab configuration to determine how many scopes and devices are processed over what time frame. A few limitations of the Ansible solution for access control Since this is a preview of the Ansible solutions, you might encounter a few limitations with access control capabilities: All scoped workspaces in the tenant are shown in the drop-down menu. We'll be filtering that list to just those each user has access to in a future update. Aggregated delivery optimization status is not computed. Aggregated status is tenant-wide in the primary workspace. Therefore, scoped workspaces would need to compute the aggregate for their device set separately. The Azure Function doesn't yet perform that process. No support for nested Azure AD groups. Only direct group members are considered at present. Nested support could be added by modifying the Azure Function. The solution assumes a single subscription and target resource group. This may or may not be relevant for your tenant. Tenants that need greater control can extend the solution by modifying the Ansible project. Additional information Not sure how easy it is for you to implement our new access control solution? You won't need anything other than your familiar Azure Portal and general understanding of resource management and Azure security fundamentals. Just follow these 7 easy steps to route the tenant's primary workspace into separate secured workspaces for each access control scope: Define scopes. Create Azure Active Directory groups. Group resources and restrict tag access. Download the Ansible solution. Configure your deployment. Deploy the Ansible solution to Azure. Use the Ansible solution. Find precise guidance and answers to your questions in Windows Update for Business reports: access and region control. Get in on the conversation This space is excellent for discussion with your peers and with our team members, so feel free to leave a comment below! If you have any feedback or questions regarding the Ansible solution on GitHub, please feel free to open project issues for support or reach out through our other Windows Update for Business reports support options.
Quality update uninstall with WUFB and Intune
Hi, I wanted to know what happens when we click on 'Uninstall' for quality updates with WUFB managed via Intune. When I go in the ring summary I can see that Quality updates say : Uninstalled and Paused (Days remaining: 35) but the updates are not getting uninstalled on the devices assigned to this ring. How long should it take for the uninstall to start and where could I look to see why it's not? Thks in advance and don't hesitate if you have any questions.Connectivity data for Update compliance
Will the Achieve better patch compliance with Update Connectivity data - Windows IT Pro Blog (microsoft.com) data also be available in the new Feature updates and expedite updates reports (Windows 10 and later feature updates - Microsoft Endpoint Manager admin center (azure.com)) so that we have all the info in one place? Also, will we ever get the same information for cumulative updates (other than expedite) so we can also see if we have devices that aren't online enough? Also, what is the amount of time devices need to be online for cumulative updates? I'm guessing it's significantly lower than the 2+6h for feature updates? Thks for clarifying that part.Update Compliance stale devices
Hello, do you know what is the retention policy for stale devices (that are no longer in sccm/Intune) for Update Compliance? Asking because our Update Compliance statistics are really bad because we have a ton of old devices that are seen as not updated (they can’t be because they no longer exist). Also, do you have a recommendation on how to exclude those devices? Maybe by excluding devices with LastScan older than X days? Thank you in advance and don't hesitate if you have any questions
Updating SH through WUfB - mixed results
Hello, Can I have your opinion on the best way to update the surface hub ? At the moment, all our SH are enrolled in WUfB. You can see the settings for the Ring in the attached screenshot. The problem is this policy is deployed for months now and our SH's are still not all at the same level. For example, according to MEM, we have for feature update version: 1703, 5 devices 20H2, 74 devices Latest, 26 devices And for the quality update version : 10.0.15063.2679 5 devices 10.0.19042.1526 1 devices 10.0.19042.1586 4 devices 10.0.19042.1645 35 devices 10.0.19042.804 34 devices 10.0.19043.1645 7 devices 10.0.19043.867 1 device 10.0.19044.1237 1 device Internet connection on these machines are OK. The maintenance window configured througha device configuration profile starts at 08pm with a duration of 5 hours. How is this possible that the machines are still not updating ? We would like to avoid sending people all around the country to update these devices. Is there something wrong with our Update ring configuration ? Thanks in advance for your help. MarcWindows feature update rollout
Hi, when using the new deployment options to plan the upgrade of new Windows builds, do we need to exclude those devices from any existing feature updates for Windows 10 and later (Preview) policies (the ones that were forcing to stay on a specific builds or even new deployments like shown in the screenshot above? We want to make sure that we properly set or policies to work as they should. Thks in advance.
