Windows 10 Update Rings Using Intune

A Guide to Creating Windows 10 Update Rings using Intune

Head to https://portal.azure.com and login with your Azure AD Credentials. Once logged in open Intune from the Services Menu.

Once in Intune choose Software Updates > Windows 10 Update Rings

Intune

 

Click Create and Enter a Name and Description then Click Configure

Create Ring

Windows Updates
Choose your Servicing Channel:
Semi Annual Channel (Targeted) = Current Branch
Semi Annual Channel = Current Branch for Business

Specify if you would Like Microsoft App updates and Driver Updates
Allow/Block

Set the Automatic Update Behaviour
Notify Download
Auto Install at Maintenance Time
Auto Install and Restart at Maintenance Time
Auto Install and Restart at Scheduled Time
Auto Install and Restart without end user control

Set the Active Hours (Updates will not install between these times if Auto Install at Maintenance time is set)

Choose the Deferral Period for Both Quality (Critical and Security Updates) and Feature Updates (SAC Upgrades) from release date

Set Download Mode (HTTP Blended with Peering behind same NAT allows clients on the same network to download updates from a device which has already downloaded them from Microsoft)

Once created you can then create an assignment to deploy the update ring to an azure AD group of users/devices. (You can also exclude groups if needs be)

 

Update Rings

 

My advice would be to create 3 Update Rings: (The deferral period will vary based on the environment)

  • Insiders Ring – Assigned to IT Department
    • 1 Day Deferral on Quality & Feature Updates
  • Pilot RingĀ  – Assigned to Small Pilot Group of Users from each Departments of the Business
    • 7 Day Deferral on Quality & Feature Updates
  • Broad Ring – Assigned to the rest of the business (Once testing from Insiders/Pilot has been successful)
    • 28 Day Deferral on Quality Updates, 90 Day Deferral on Feature Updates

 

Jake Stoker

Jake Stoker

Enteprise Mobility + Security SME

Leave a Reply

Your email address will not be published.