Windows 10 Update Rings Using Intune
A Guide to Creating Windows 10 Update Rings using Intune
Head to https://portal.azure.com and login with your Azure AD Credentials. Once logged in open Intune from the Services Menu.
Once in Intune choose Software Updates > Windows 10 Update Rings
Click Create and Enter a Name and Description then Click Configure
Choose your Servicing Channel:
Semi Annual Channel (Targeted) = Current Branch
Semi Annual Channel = Current Branch for Business
Specify if you would Like Microsoft App updates and Driver Updates
Allow/Block
Set the Automatic Update Behaviour
Notify Download
Auto Install at Maintenance Time
Auto Install and Restart at Maintenance Time
Auto Install and Restart at Scheduled Time
Auto Install and Restart without end user control
Set the Active Hours (Updates will not install between these times if Auto Install at Maintenance time is set)
Choose the Deferral Period for Both Quality (Critical and Security Updates) and Feature Updates (SAC Upgrades) from release date
Set Download Mode (HTTP Blended with Peering behind same NAT allows clients on the same network to download updates from a device which has already downloaded them from Microsoft)
Once created you can then create an assignment to deploy the update ring to an azure AD group of users/devices. (You can also exclude groups if needs be)
My advice would be to create 3 Update Rings: (The deferral period will vary based on the environment)
- Insiders Ring – Assigned to IT Department
- 1 Day Deferral on Quality & Feature Updates
- Pilot RingĀ – Assigned to Small Pilot Group of Users from each Departments of the Business
- 7 Day Deferral on Quality & Feature Updates
- Broad Ring – Assigned to the rest of the business (Once testing from Insiders/Pilot has been successful)
- 28 Day Deferral on Quality Updates, 90 Day Deferral on Feature Updates