Microsoft has released a new update that enables customers to configure policies for Windows feature updates and expedited quality updates in Microsoft Intune. These capabilities leverage the Windows Update for Business service to give IT admins more control over the deployment of updates to Windows PCs across an organization.
First up, Microsoft has introduced a new feature that allows organizations to configure policies that control which feature update is delivered to Windows devices. Specifically, IT admins can deploy updates immediately, on a specific date, and gradually to all Windows 10 and Windows 11 clients.
Moreover, it’s possible to deliver new OS releases via a phased rollout to specific user groups and choose the time interval between the group updates. The ability to configure Windows Update for Business feature update policies is available for Windows 10 and 11 Pro, Enterprise, and Education editions. However, it doesn’t support Enterprise long-term service channel releases of the operating systems.
Microsoft has also announced that Windows Update for Business allows IT admins to speed up the rollout of quality updates on Windows 10 and Windows 11. Essentially, quality updates are security patches that are released on the second Tuesday of every month.
“Whether you use them in the context of a zero-day vulnerability or an urgent quality fix for a set of devices, expedited updates temporarily override deferrals and other settings to install updates as quickly as possible. Once completed, they restore to the normal settings automatically, so you don’t have to,” Microsoft explained.
To configure expedited quality updates, IT admins can head over to the Endpoint Manager admin center. Select Home >> Devices >> Quality updates for Windows 10 and later >> Create quality update profile.
As seen in the screenshot above, IT Pros can configure two specific settings to expedite quality updates. The first setting lets them select the minimum OS version for all devices. Moreover, the second one allows IT admins to choose the number of days (0, 1, or 2) before a restart is enforced on Windows machines.
Last but not least, this release brings the ability to view feature updates and expedited quality updates in the Microsoft Endpoint Manager admin center. It shows overall results, device alerts, granular details for each device, and other information. Microsoft also detailed recommended practices for managing Windows updates in Microsft Intune, and we invite you to check out the blog post for details.