For a long time I’ll been totally fascinated by Intune and that extra “layer” called EMS. These technologies gives us the features to make the modern workplace a reality.
One on those features that im really excited about is Windows update for business (WUfB).
Now it gets really easy to work with Windows 10 updates and lets the IT administrator get a great overview, easy to manage and going to sleep at night, knowing that the Windows 10 devices are getting the latest updates signed for them.
The screenshot below shows the two update rings created for this lab, one for test (Windows 10 Pilot) and another for production (Windows 10 Normal)
This screenshot below shows the one Windows 10 device im testing on is succeeded getting updates from Semi-annual channel (Targeted), which in this case is the pilot group of testers.
From here IT administrators can manage the specified update ring with options like Delete, Pause (Resume), Extend or uninstall the latest installed quality or feature update. Be aware that uninstalling an update it only working with Windows 10 1803 or later.
The screenshot below shows the Assigments group (Azure Active directory security group) Microsoft Windows 10 Pilot updates as member of the pilot ring.
Notice: That the Assigment group; Microsoft Windows 10 Pilot updates only have one user member added and no devices assigned to it. This means that if this user logs on to any another Windows 10 device within AAD (enrolled device), that device will start receiving windows 10 updates, because of the update policy (config) that the user gets from beeing member of the update ring.
It possible to build a ADD security group structure and adding Windows 10 devices to manage updates on a device level mindset, only for a more controlled update environment.
The screenshot below shows the configuration of the Pilot group update ring.
Happy deployment. 🙂