Release Feature Updates in an Enterprise Environment with Intune
The purpose of the blog post is to inform you how to rollout Windows Feature updates in an enterprise environment with Intune. In my previous blog post, I have explained my update strategy for Windows update. In this blog post I will share my Windows Feature update strategy. How to configure the strategy in the Microsoft Intune portal.
Today’s world security is more important than ever and staying up to date plays a key role in keeping a secure environment. Windows Update for Business is a service that can be configure within Intune to make sure your updates are installed. Windows update for Business automatically deploys Windows updates, feature updates and driver updates to your devices without the need of manually approving the updates as in the past with WSUS.
Requirements:
In this blog post, I’m going to use only Feature Update Rings for Windows 10 and later. To use the Windows, Feature update rings, please make sure that the Update rings is configured correctly, and the Feature update deferral period is set to 0 and update rings is not paused. More information can be found here.
If you want to be informed when a new Windows feature update is released? Follow this blog post.
What is Windows update For Business?
Windows Update for Business is a service that allows businesses to manage the deployment of updates for Windows 10 devices within their organization. Using Windows Update for Business, administrators can specify which devices in their organization should receive the Feature update.
Windows Update for Business is a useful tool for businesses that want to ensure that their Windows 10 or 11 devices are kept up to date with the latest security patches and feature updates, while also maintaining control over the update process and minimizing disruptions to their operations.
What is a Feature update and why do I need to update?
A Windows feature update is a type of update for the Windows operating system that includes new features and functionality. These updates are released periodically (twice a year) by Microsoft and are typically available for Windows 10 or 11 devices through Windows Update.
It is generally a good idea to keep your device up to date with the latest feature updates, as they can introduce new capabilities and improvements to the operating system.
In addition to the new features and functionality, feature updates can also include important security features to protect your device from malware and other threats. Or Feature updates can include important security patches and other updates to address vulnerabilities and improve the overall stability and reliability.
My Feature updates strategy
The most important thing for a successful side story is to come up with a good strategy. An enterprise environment will have a different strategy than a small business environment with 10 devices.
For Feature updates in an enterprise environment with Intune , I always use the following strategy as a baseline and finetune it on the customer’s requirements. I use this strategy for the following reasons
- Feature updates will be installed within two weeks
- Feature updates are tested before starting rollout to the end-users
- When a Feature update causes a problem then the Next feature update ring will not be set to the latest version
- Minimize the business impact
- It is a scalable solution if needed you can use less or more Feature update rings
Update Strategy:
- Grace period between the different rings.
- 5 Feature Update rings:
- Test, a few IT people only
- Pilot, few people of different departments and levels, so the pilot represent the entire enterprise environment
- 3 Production rings
- Set manually the Feature update per Feature update Ring
Creating Feature updates Rings for Windows 10 and later
- Open Microsoft Intune
- In the menu select Devices
- Under Devices, select Windows and select Feature updates for Windows 10 and later
Or use the following link Windows Feature updates for Windows 10 and later – Microsoft Endpoint Manager admin center - Click on Create Profile
- Provide a policy name, I use the following name “Feature Update Ring XX.
Group ”
E.g., Feature Update Ring 01. Test Group - Set a description if needed
- Select via the dropdown list of Feature update to deploy, the required version that needs to be deployed.
- Select your rollout option, check out this Microsoft documentation item to select your preferred option. I have used the Make update available on a specific date option
- Select the date you want to start rollout the feature update
- Click on Next and set Scope Tags if needed
- Set the assignment to your user or device update group and click on Next
- At the Review + Create page, please check your configuration and click on Create
- Repeat above steps and create in total 5 rings as defined in below table.
| SETTING NAME | TEST | PILOT | PRODUCTION 1 | PRODUCTION 2 | PRODUCTION 3 |
|---|---|---|---|---|---|
| Name | Feature Update Ring 01. Test Group | Feature Update Ring 02. Pilot Group | Feature Update Ring 03. Production Group 1 | Feature Update Ring 04. Production Group 2 | Feature Update Ring 05. Production Group 3 |
| Feature update to deploy | Latest feature version | Latest feature version | Latest feature version | Latest feature version | Latest feature version |
| First available date | { Date } | { Date + 2 business days } | { Date + 7 business days } | { Date + 9 business days } | { Date + 11 business days } |
Group assignment of a Feature Update Ring
During the creation of the Windows update rings, I have already groups created and assigned to the update ring. Otherwise, the Update rings were not applied to any device or user. Because I use the same strategy and number of rings, I have assigned the same groups to my update rings.
I have created several blog posts about different approaches.
- Random automatically populated groups based on Azure AD Object ID
- Dynamic groups with an increasing number of users (E.g., 2%, 8%, 30% and 60%)
Hi! My name is René Laas. I have passion and enthusiasm for the Microsoft 365 Cloud. I am based in the Netherlands.
Rami Al-zayat 
Albert Stoynov
Andrea De Santis
Hello I'm Nik
John Schnobrich
Leave a Reply
Want to join the discussion?Feel free to contribute!