NoteTube

Microsoft Intune Updates Guide | Step-by-Step Training + Demo
38:50

Microsoft Intune Updates Guide | Step-by-Step Training + Demo

Gregarious Technology

6 chapters7 takeaways10 key terms5 questions

Overview

This video provides a comprehensive guide to managing and deploying updates using Microsoft Intune, focusing primarily on Windows updates but also touching on Apple and Android platforms. It details how to configure update rings, manage feature and quality updates, and leverage policies for different operating systems. The tutorial emphasizes best practices like phased rollouts for testing and explains the user experience on endpoint devices when these policies are applied, including options for pausing and uninstalling updates.

How was this?

Save this permanently with flashcards, quizzes, and AI chat

Chapters

  • Intune offers a modern approach to managing updates across multiple platforms (Windows, Apple, Android) in hybrid environments.
  • The 'Manage Updates' section in Intune allows for deployment of Windows, Apple, and Android FOTA updates.
  • Understanding Intune updates is beneficial for IT professionals managing device fleets, even without prior WSUS or SCCM experience.
This chapter sets the stage by introducing Intune as a powerful tool for centralized update management, crucial for maintaining security and functionality across an organization's devices.
  • Update rings are collections of settings that define when and how Windows 10 and 11 devices receive and install updates.
  • Different update rings can be created for specific purposes, such as immediate deployment to test devices or deferred deployment to production devices.
  • Key settings include deferral periods for quality and feature updates, options for upgrading from Windows 10 to Windows 11, and automatic update behavior.
  • End-user control over pausing updates and notification preferences can be managed through these policies.
Update rings are the core mechanism for controlling the Windows update lifecycle, allowing administrators to balance the need for timely updates with the risk of introducing issues.
Creating one update ring for immediate deployment to a test group to validate updates, and a separate ring with a 7-day deferral for quality updates and 15-day deferral for feature updates for production devices.
  • Feature updates allow administrators to specify a target Windows version (e.g., Windows 11 24H2) and keep devices on that version until a new policy is deployed.
  • Quality updates expedite the installation of the most recent security patches outside of normal servicing policies, though this feature requires specific licensing.
  • Windows 10 is nearing end-of-support, making upgrade policies to Windows 11 via Intune a critical consideration.
Understanding the distinction and management of feature vs. quality updates ensures that both major OS upgrades and critical security patches are deployed effectively and on schedule.
Using a 'Feature updates' policy to target specific devices to upgrade to the latest Windows 11 version, while 'Quality updates' can be used for rapid deployment of critical security patches.
  • Intune supports managing iOS/iPadOS updates with options to specify the version and schedule type (e.g., 'update next check-in' or 'update during scheduled time').
  • macOS updates offer more granular control with settings for critical updates, firmware, and configuration files, including options like 'download and install' or 'notify only'.
  • Similar to Windows, a phased rollout strategy (testing on pilot groups before production) is recommended for Apple device updates.
This chapter highlights Intune's cross-platform capabilities, enabling consistent update management for Apple devices alongside Windows, which is essential for organizations with mixed device environments.
Creating a macOS update profile that is set to 'download and install' critical updates, scheduled during a specific maintenance window to minimize user disruption.
  • Android Firmware Over-The-Air (FOTA) updates require a connector and corporate-owned devices managed through an enterprise management solution (e.g., Samsung Knox).
  • This feature is not available for Bring Your Own Device (BYOD) scenarios and necessitates specific licensing.
  • Intune provides monitoring capabilities, including device check-in status and detailed reports, to track the success or failure of update deployments.
This section covers the management of Android updates, emphasizing the prerequisites and specific device types supported, and introduces the crucial aspect of monitoring deployment status.
Using the Intune portal to view a report detailing the success rate of an update ring policy applied to a group of Windows 11 devices.
  • Administrators can pause quality or feature updates for up to 35 days, after which devices will scan for available updates.
  • Intune allows for the rollback or uninstallation of recent quality or feature updates, with a configurable period (2-60 days) for feature updates.
  • On the end-user device, many update settings can be locked down by policy, limiting user control over pausing or checking for updates, with only restart notifications often remaining visible.
Understanding how to pause, uninstall, and observe the end-user impact of these policies is vital for effective troubleshooting and managing user expectations during update rollouts.
An administrator pauses a feature update for 35 days to investigate a reported issue, preventing affected devices from installing the problematic update.

Key takeaways

  1. 1Microsoft Intune provides a centralized platform for managing updates across Windows, macOS, iOS, and Android devices.
  2. 2Update rings are a fundamental concept for controlling Windows update deployment, allowing for phased rollouts and deferrals.
  3. 3Always pilot update policies on a test group before deploying to production environments to mitigate risks.
  4. 4Feature updates control major OS version deployments, while quality updates focus on critical security patches.
  5. 5Intune's monitoring tools are essential for tracking the success of update deployments and troubleshooting failures.
  6. 6Administrators have the ability to pause or uninstall updates, but these actions have specific limitations and implications.
  7. 7End-user control over updates can be significantly restricted by Intune policies, ensuring compliance but potentially impacting user experience if not managed carefully.

Key terms

IntuneUpdate RingsFeature UpdatesQuality UpdatesDeferral PeriodMaintenance WindowFOTA (Firmware Over-The-Air)Pilot DeploymentUpdate RollbackAndroid Enterprise

Test your understanding

  1. 1What is the primary purpose of an 'update ring' in Microsoft Intune?
  2. 2How does Intune differentiate between managing 'feature updates' and 'quality updates' for Windows?
  3. 3What are the key prerequisites for deploying Android FOTA updates using Intune?
  4. 4Why is it crucial to test update policies on a pilot group before deploying them to all production devices?
  5. 5Describe how an end-user's experience with Windows updates is affected when Intune policies are applied.

Turn any lecture into study material

Paste a YouTube URL, PDF, or article. Get flashcards, quizzes, summaries, and AI chat — in seconds.

Summarize Your Own VideoSign up free

No credit card required