Make the most of expedited high quality updates in Intune and Home windows Replace for Enterprise to handle zero-day safety vulnerabilities and fast-tracking set up of safety updates. It really works seamlessly in case you are managing a mixture of Home windows 10 and 11 units, making certain fast deployment even in advanced environments.

This characteristic is accessible to these enrolled in Home windows Replace for Enterprise deployment service. Working carefully with Intune customers, now we have invested in enhancing the expertise by including new and extra intuitive alerts and notifications.

That will help you get the perfect out of the expedite functionality, this weblog explores:

• Stipulations for expedited updates
• Monitoring and reporting
• Widespread alerts and resolutions
• Greatest practices

Stipulations for expediting updates

To expedite high quality updates, be sure you meet the next necessities for eligibility, becoming a member of your units to Azure Energetic Listing (Azure AD), connecting them to Home windows Replace companies, and equipping your units with mandatory instruments.

See the Widespread alerts and backbone part for how one can be sure you meet these stipulations!

Please confer with the full and present listing of stipulations to qualify for putting in expedited high quality updates. Most wants in troubleshooting come up from not absolutely assembly these stipulations. Fortunately, this submit is right here that will help you!

Monitor and report on expedited updates in Intune

Have you ever requested your self the place you’ll be able to monitor and see any errors triggered for an expedite coverage that you just’ve created? After an expedite coverage has been created, you’ll be able to monitor the replace standing and look at any errors utilizing intuitive experiences accessible in Intune: the abstract report and the Home windows expedited replace failures report.

Entry the abstract report from Intune’s Studies > Home windows updates. View the standing of deployment by checking the Replace Aggregated State column of the device-by-device portion of the report (see picture beneath).

A abstract report view of Home windows expedited updates in Intune. The underside portion lists machine by machine, with its respective identifiers, replace combination state, and different particulars.

Assessment some necessary replace states and substates that point out profitable development of the coverage beneath. For extra data on all replace states and substates, see the Replace states part of Microsoft Intune documentation.

The Home windows Expedited replace failures report supplies a view of all units inside a coverage which have encountered an error. Entry the Home windows Expedited replace failures report from Intune (House > Units > Monitor) to troubleshoot expedite deployments.

Home windows expedited replace failures in Intune present error units, together with full particulars

Upon choosing the Alert message, you’ll be able to view the small print of every error and steps wanted to remediate the error. The report additionally provides the potential to filter by a selected error sort and see all impacted units. About 57 alert varieties are included with detailed explanations and beneficial remediation for every problem.

Widespread alerts and resolutions

If the units are lively and meet the eligibility standards for expedited updates, then you definately shouldn’t encounter any points whereas utilizing the service. Units are thought of lively when they’re linked to the web and are operational for greater than 6 hours a month in complete, with steady exercise of no less than 1 hour.

Let’s overview some widespread error messages you could find in our reporting and how one can remediate them.

Why do I not see detailed standing and alert data for my units?

This problem is commonly associated to the prerequisite of Home windows well being monitoring and can trigger all of your units to solely present the OfferReady standing. Please be sure you have enabled the required Home windows information processing settings in Intune. From House, go to Units > Home windows 10 and later > Home windows well being monitoring.

Allow Well being monitoring for Home windows updates (see picture beneath). For detailed steering on how to do that, confer with Use Replace Compliance experiences for Home windows Updates in Microsoft Intune.

Home windows well being monitoring configuration settings in Intune set Well being monitoring to Allow. Scope permits to pick objects like Home windows updates and Endpoint analytics.

The opposite potential motive for the units to stay on this replace substate is that if they aren’t lively or are experiencing points whereas connecting to Home windows Replace.

The way to test if tenant has the suitable license required to make use of Home windows Replace for Enterprise deployment service?

The best strategy to test in case your tenant has the required license to make use of the service is to make use of Microsoft Graph.

How can I confirm if the Replace Well being Instruments shopper is put in on my machine(s)?

One other prerequisite is verifying that Replace Well being Instruments are operating on the machine accurately:

• Search for the set up recordsdata at this location: C:Program FilesMicrosoft Replace Well being Instruments.
• Examine if the Microsoft Replace Well being service is operating on the machine (illustrated beneath).

  Microsoft Replace Well being Instruments reveals an inventory of companies operating on the machine. Microsoft Replace Well being Service is highlighted.

• As an admin, run the next PowerShell script:

  $Session = New-Object -ComObject Microsoft.Replace.Session
  $Searcher = $Session.CreateUpdateSearcher()
  $historyCount = $Searcher.GetTotalHistoryCount()
  $listing = $Searcher.QueryHistory(0, $historyCount) | Choose-Object -Property “Title”
  foreach ($replace in $listing)
  {
  if ($replace.Title.Accommodates(“4023057”))
  {
  return 1
  }
  }
  return 0
  Interpret the outcomes as follows:

If it returns a 1, the machine has UHS shopper. If it returns a 0, the machine doesn’t have UHS shopper. On this case, you’ll be able to manually obtain and set up Replace Well being Instruments from the Microsoft Obtain Middle.

How can I confirm that my units are configured to hook up with Home windows Replace?

Home windows Replace should be configured because the scan supply for high quality updates.

Commonest insurance policies, if configured alternatively from the default settings, may result in units not scanning Home windows Updates accurately.

In case your units are receiving common updates from Home windows Replace, then your units have the proper configurations. Study extra at Use Home windows Replace for Enterprise and Home windows Server Replace Companies (WSUS) collectively.

On Home windows 10:

• Configure scan supply for high quality updates from Home windows Replace.
• Guarantee Disable Twin Scan is Not Configured or is configured to Disabled.

Be aware: If you do not have a WSUS URL configured, ALL updates will come by default from Home windows Replace with out you needing to configure scan supply.

On Home windows 11:

• Configure scan supply for high quality updates from Home windows Replace.

Be aware: If no scan supply coverage is configured, ALL updates will come by default from Home windows Replace.

If utilizing Microsoft Intune co-management, make sure the Home windows Replace for Enterprise workload slider is ready to Intune or Pilot with the specified units.

How do I be sure that units in my group are Azure AD joined?

Leverage one other API that will help you assess whether or not the units are Azure AD joined or not.

Extra alerts to clarify why units will not be expedited

Register your machine to be Azure Energetic Listing joined or hybrid joined to replace this machine.

Assessment the insurance policies that the machine is assigned to and take away the machine from all however the desired coverage. In any other case, change the coverage settings to match. This may be accomplished by reviewing the insurance policies created in Intune by way of Choose Units > Home windows > High quality updates for Home windows 10 and later.

Replace the machine to a supported model of Home windows to make sure the very best safety of the machine and your group.

Greatest practices

In case you are not but aware of the Expedite characteristic of Home windows high quality updates in Intune, think about attempting it out! Create and configure an Expedite coverage in Microsoft Intune admin heart.

If you choose the August 2022 safety updates for Home windows within the coverage, units with out the corresponding August high quality replace will get an expedited replace. If a more recent replace is out there, then that replace will get put in in your machine with all of the added advantages of the supposed replace. To completely perceive the conduct, please overview Instance of putting in an expedited replace.

To obtain the perfect expertise when expediting high quality updates, now we have these suggestions:

• In case you are utilizing the expedite functionality for the primary time, then previous to reaching a zero-day vulnerability state of affairs, establish in case your units are eligible to obtain expedited updates or not. In case your units are updated and lively, do a take a look at run and expedite them to an older safety replace. For instance, in case your units have the August safety replace, then you could possibly take a look at the expedite functionality through the use of goal launch as June. The Abstract and System experiences in Intune will notify you if there are units that would not be expedited, together with causes and mitigations. Be aware: We’re exploring a future functionality to check the expedite functionality with out having to create an expedite coverage for a high quality replace.
• Because the goal of expedited updates is to deal with zero-day vulnerabilities, expedite to the most recent safety launch.
• Except immediacy is totally required, we suggest setting the Days to Reboot to 1 or 2 days (see picture beneath). This setting will keep away from instant pressured reboot of units and reduce disruption in work for the staff in your group. It provides you 1 or 2 days to decide on when to reboot the machine, earlier than the reboot requirement is enforced, presumably throughout working hours.

  Expedite settings in Microsoft Intune admin heart. The choices for the variety of days to attend earlier than pressured reboot embrace 0, 1, and a couple of days.

To be continued

In abstract, most points that may stop you from having fun with the expedite functionality come up from a set of stipulations. Fortunately, our reporting instruments are right here to assist!

Whereas this characteristic is targeted on safety updates, we’re moreover engaged on a future performance to expedite non-security high quality updates and can quickly be releasing the potential via each Graph APIs and Intune. Regulate the Home windows IT Professional Weblog for updates! For instance, take a look at Expediting updates in the actual world to find out how the expedite functionality is used on the whole IT companies, training, and banking, in addition to methods to get knowledgeable and engaged.

To find out about how one can use expedite functionality, please overview Expedite Home windows high quality updates and Deploy an expedited safety replace utilizing the Home windows Replace for Enterprise deployment service.

Proceed the dialog. Discover greatest practices. Go to the Home windows Tech Group.
Keep knowledgeable. For the most recent updates on new releases, instruments, and assets, keep tuned to this weblog and observe us @MSWindowsITPro on Twitter.