Overview of Intune Windows Updates
Microsoft Intune is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM). You can control and securely manage how your organization's devices such as mobile phones, tablets, and laptops are used. For example, you can configure settings or policies so as to prevent emails from being sent to people outside your organization.
Windows Update for Business (WUfB) is a free service to manage both Quality and Feature updates for recent Windows versions. Microsoft Intune can be used to configure endpoints to report to WUfB. See this Microsoft article for more information.
Manage Windows Updates
Nerdio Manager allows you to manage Windows Updates on Intune devices.
Note: You must enable WUfB reports before you can see any data here. See Enable Windows Update for Business Reports for details.
To manage Windows Updates on Intune devices:
-
At the Account level, navigate to Intune > Windows Updates.
Optionally, select any tile to see its details.
-
Optionally, from the drop-down lists, select whether you wish to view details related to Device Status or Update Status.
Enable Windows Update for Business Reports
Nerdio Manager allows you to integrate Windows Update for Business (WUfB) reports.
Companion Video
To enable WUfB reports:
-
In the Azure portal, manually create a Log Analytics Workspace (LAW) and enable the WUfB reports workbook.
Notes:
See this Microsoft article for detailed instructions.
This could take up to 24 hours to be enabled.
Optionally, you may want to create the update rings from the Intune Portal. (Nerdio Manager to provide this capability from within the application in a future release.)
In Nerdio Manager, at the Account level, navigate to Settings > Integrations.
-
In the Modern Work tile, locate the Windows Update for Business reports parameter and select disabled.
-
Enter the following information:
Windows update for business reports: Toggle on this option.
Log Analytics Workspace: From the drop-down list, select an existing LAW to use. Alternatively, type the name of a new LAW to create and use.
-
Enable Windows Update for Business Reports on Endpoints:
Automatically assign the Intune policy enable WUfB Reports on all managed endpoints: Select this option to assign this policy to all endpoints.
-
I'll enable WUfB Reports on endpoint myself: Select this option to assign the policy to the endpoints yourself.
Note: WUfB Reports can be enabled manually, by script, or by deploying an Intune policy. See this Microsoft article for detailed information.
-
Once you have entered all the desired information, select OK.
The Windows Update for Business reports is now enabled.
Assign Windows Update for Business Reports to Accounts
Once Windows Update for Business (WUfB) reports has been enabled, you can assign the device configuration profile to accounts.
To assign WUfB reports to accounts:
At the MSP level, navigate to Intune > Configuration profiles.
Search for the NMM Windows Update for Business reports policy.
-
Select Assign.
-
From the drop-down list, select the account(s) to assign the Windows Update for Business reports profile to.
Note:
Select All to assign this policy or profile to all accounts.
If an account is grayed out, Intune may not be enable for the account. Hover over the account name for more information.
-
If Intune has been disabled for an account that has a policy or profile assigned to it, you receive this message.
Once you have selected all the desired accounts, select Confirm.
Assign Windows Update for Business Reports at the Account Level
Once the WUfB policy is assigned to an account at the MSP level, Nerdio Manager allows you to include or exclude groups within the policy. By enabling the configuration profile, endpoints start reporting Windows Update status information to WUfB Reports.
To include or exclude groups to the WUfB policy:
In Nerdio Manager, at the Account level, navigate to Intune > Policies.
Search for the NMM Windows Update for Business reports policy.
-
Select Assign.
-
Enter the following information:
-
Included Groups: From the drop-down list, select the groups to include.
-
All users: Select this option to create an assignment for all Intune licensed users in your organization.
Note: You can only use the All users and All devices options for one type of assignment.
All devices: Select this option to create an assignment for all Intune enrolled devices.
-
Excluded Groups: From the drop-down list, select the groups to exclude.
-
-
Once you have made the desired selections, select Confirm.
The assignment task starts.
Track the assignment task's progress in the Policies Tasks section.
Comments (0 comments)