Published: Sep 17, 2024
Key Takeaways:
Microsoft has announced some important changes coming to the Windows MDM enrollment process for Intune-managed devices. Starting with the October 2024 Windows update, quality updates will now be automatically installed during the Out-of-Box Experience (OOBE) on PCs running Windows 11, version 22H2 and above.
When a Windows 11 device is connected to the Internet, it will automatically check for new quality updates. If updates are available, users will see a message on the updates page indicating that the updates are being installed. These updates are downloaded and installed in the background, after which the device will reboot. Once restarted, users will be able to proceed to the Windows desktop and complete any remaining enrollment steps by signing in.
“Quality updates are monthly updates that provide security and reliability fixes, as well as enhancements to existing features. These updates are critical for the performance and security of your devices, and we want to make sure they’re delivered as soon as possible,” the Microsoft Intune team explained.
Microsoft will not provide all monthly updates during the Out-of-Box Experience (OOBE) when setting up a new Windows 11 device. The company will choose updates based on their importance and relevance to the device’s initial setup. However, feature updates won’t be installed during OOBE, and will instead be managed later by the MDM solution according to the organization’s policies.
Keep in mind that installing quality updates during the OOBE may extend the setup process. Additionally, there’s a risk that the Temporary Access Pass (TAP) could expire before the setup is complete. To avoid this issue, Microsoft recommends extending the validity period of temporary passwords during enrollment.
Microsoft notes that the update process may not begin if administrators have configured specific Windows Update for Business (WUfB) policies to deploy or block updates before the device reaches the New Device Update Page (NDUP). Currently, IT admins cannot control or block quality updates during the initial setup. However, Microsoft plans to make all monthly quality updates manageable during the Out-of-Box Experience (OOBE) in the future.