Intune for windows 10. Intune enrollment methods for Windows devicesdl admin
– Intune for windows 10
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. With Feature updates for Windows 10 and later in Intune, you can select the Windows feature update version that you want devices to remain at, like Windows 10 version or a version of Windows Intune supports setting a feature level to any version that remains in support at the time you create the policy.
You can also use feature updates policy to upgrade devices that run Windows 10 to Windows Windows feature updates policies work with your Update rings for Windows 10 and later policies to prevent a device from receiving a Windows feature version that’s later than the value specified in the feature updates policy. The device updates to the version of Windows specified in the policy. A device that already runs a later version of Windows remains at its current version. By freezing the version, the devices feature set remains stable during the duration of the policy.
A device won’t install an update when it has a safeguard hold for that Windows version. When a device evaluates applicability of an update version, Windows creates the temporary safeguard hold if an unresolved known issue exists. Once the issue is resolved, the hold is removed and the device can then update.
Learn more about safeguard holds in the Windows documentation for Feature Update Status. To learn about known issues that can result in a safeguard hold, see the applicable Windows release information and then reference the relevant Windows version from the table of contents for that page:.
For example, for Windows 11 version 21H2, go to the Windows 11 release information and then from the left-hand pane, select Version 21H2 and then Known issues and notifications. The resultant page includes details for known issues for that Windows version that might result in safeguard hold. Unlike using Pause with an update ring, which expires after 35 days, the Feature updates policy remains in effect.
Devices won’t install a new Windows version until you modify or remove the Feature updates policy. If you edit the policy to specify a newer version, devices can then install the features from that Windows version.
You can configure policy to manage the schedule by which Windows Update makes the offer available to devices. For more information, see Rollout options for Windows Updates. In addition to a license for Intune, your organization must have one of the following subscriptions:. Have Telemetry turned on, with a minimum setting of Required. Devices that receive a feature updates policy and that have Telemetry set to Not configured off , might install a later version of Windows than defined in the feature updates policy.
The prerequisite to require Telemetry is under review as this feature moves towards general availability. In the device restriction profile, under Reporting and Telemetry , configure the Share usage data with a minimum value of Required. Values of Enhanced and earlier or Optional are also supported. If the service is blocked or set to Disabled , it fails to receive the update. For more information, see Feature updates aren’t being offered while other updates are.
By default, the service is set to Manual Trigger Start , which allows it to run when needed. When you deploy a Feature updates for Windows 10 and later policy to a device that also receives an Update rings for Windows 10 and later policy, review the update ring for the following configurations:. If you’re using feature updates, we recommend you end use of deferrals as configured in your update rings policy. Combining update ring deferrals with feature updates policy can create complexity that might delay update installations.
For more information, see Move from update ring deferrals to feature updates policy. Instead, the policies apply at the first Windows Update scan after a device has finished provisioning, which is typically a day. If you co-manage devices with Configuration Manager, feature updates policies might not immediately take effect on devices when you newly configure the Windows Update policies workload to Intune.
This delay is temporary but can initially result in devices updating to a later feature update version than is configured in the policy. Sign in to the Microsoft Endpoint Manager admin center. For Deployment settings , enter a meaningful name and a description for the policy. Then, Specify the feature update you want devices to be running.
Complete the policy configuration, including assigning the policy to devices. Monitor the report for the policy. Select the policy you created and then generate the report. Devices that have a state of OfferReady or later, are enrolled for feature updates and protected from updating to anything newer than the update you specified in step 3. See, Use the Windows 10 and later feature updates Organizational report.
With devices enrolled for updates and protected, you can safely change the Windows Update policies workload from Configuration Manager to Intune. See, Switch workloads to Intune in the co-management documentation. When the device checks in to the Windows Update service, the device’s group membership is validated against the security groups assigned to the feature updates policy settings for any feature update holds.
Managed devices that receive feature update policy are automatically enrolled with the Windows Update for Business deployment service. The deployment service manages the updates a device receives.
The service is utilized by Microsoft Endpoint Manager and works with your Intune policies for Windows updates to deploy feature updates to devices. When a device is no longer assigned to any feature update policies, Intune waits 90 days to unenroll that device from feature update management and to unenroll that device from the deployment service. To keep a device at its current feature update version and prevent it from being unenrolled and updated to the most recent feature update version, ensure the device remains assigned to a feature update policy that specifies the devices current Windows version.
Specify a name, a description optional , and for Feature update to deploy , select the version of Windows with the feature set you want, and then select Next. Only versions of Windows that remain in support are available to select. Configure Rollout options to manage when Windows Updates makes the update available to devices that receive this policy.
For information about using these options, see Rollout options for Windows Updates. Select Next to continue. When ready to save the Feature updates policy, select Create. You can use policy for Feature updates for Windows 10 and later to upgrade devices that run Windows 10 to Windows When you use feature updates policy to deploy Windows 11, you can target the policy to Windows 10 devices that meet the Windows 11 minimum requirements to upgrade them to Windows In this case, remove the not eligible device from the Windows 11 policy and assign the device to a Windows 10 feature update policy.
See Update behavior when multiple policies target a device. When there are multiple versions of Windows 11 available, you can choose to deploy the latest build. When you deploy the latest build to a group of devices, those devices that already run Windows 11 will update while devices that still run Windows 10 will upgrade to that version of Windows 11 if they meet the upgrade requirements.
In this way, you can always upgrade supported Windows 10 devices to the latest Windows 11 version even if you choose to delay the upgrade of some devices until a future time. The first step in preparing for a Windows 11 upgrade is to ensure your devices meet the minimum system requirements for Windows You can use Endpoint analytics in Microsoft Endpoint Manager to determine which of your devices meet the hardware requirements. If some of your devices don’t meet all the requirements, you can see exactly which ones aren’t met.
To use Endpoint analytics, your devices must be managed by Intune, co-managed, or have the Configuration Manager client version or newer with tenant attach enabled. For more granular details, go to the Windows tab at the top of the report. This license agreement is automatically accepted by an organization that submits a policy to deploy Windows When you use configure a policy in the Microsoft Endpoint Manager admin center to deploy any Windows 11 version, the Microsoft Endpoint Manager admin center displays a notice to remind you that by submitting the policy you are accepting the Windows 11 License Agreement terms on behalf of the devices, and your device users.
This license reminder appears each time you select a Windows 11 build, even if all your Windows devices already run Windows For more information including general licensing details, see the Windows 11 documentation.
The dropdown list displays both Windows 10 and Windows 11 version updates that are in support. Consider the following points when feature update policies target a device with more than one update policy, or target a Windows 10 device with an update for Windows Each Windows feature update policy supports a single update.
When a device is targeted by more than one policy, it might be targeted with multiple update versions. The Windows Update service can only offer a device one feature update at a time, and always offers the latest update version that targets the device.
Because Windows 11 updates are considered to be later versions than Windows 10, the service always offers the Windows 11 update to a device targeted by both Windows 10 and Windows 11 updates. This is done because deploying a Windows 11 update to a Windows 10 device is a supported upgrade path. Selecting a profile from the list opens the profiles Overview pane where you can:.
Windows update reports show details about your Windows 10 and Windows 11 devices side by side in the same report. To learn more, see Intune compliance reports. Skip to main content. This browser is no longer supported.
Download Microsoft Edge More info. Table of contents Exit focus mode. Table of contents. Note A device won’t install an update when it has a safeguard hold for that Windows version.
To learn about known issues that can result in a safeguard hold, see the applicable Windows release information and then reference the relevant Windows version from the table of contents for that page: Windows 11 release information Windows 10 release information For example, for Windows 11 version 21H2, go to the Windows 11 release information and then from the left-hand pane, select Version 21H2 and then Known issues and notifications.
Tip If you’re using feature updates, we recommend you end use of deferrals as configured in your update rings policy. Submit and view feedback for This product This page. View all page feedback. In this article.
Intune for windows 10
9 rows · May 23, · Microsoft Intune supports a variety of app types and deployment scenarios on Windows Jun 15, · For any additional requirements, including supported app types, go to Windows 10/11 app deployment using Microsoft Intune. In the Endpoint Manager admin center, add your apps or configure your apps. When the apps are on the device, the apps are considered “managed” by Intune. After you add or configure the app, create an app protection policy. For . Aug 03, · An objective, consensus-driven security guideline for the Microsoft Intune for Windows 10 Operating Systems. A step-by-step checklist to secure Microsoft Intune for Windows Download Latest CIS Benchmark Free to Everyone. For Microsoft Intune for Windows 10 (CIS Microsoft Intune for Windows 10 Release Benchmark version .
Intune for Windows, Implementation & Management — Mobile Mentor – Enroll Windows 10, version 1607 and later device
These users and groups receive the policies you create in Endpoint Manager.