Skip to content

Commit c781cc5

Browse files
BrendunsBrenduns
authored
Merge pull request #6718 from Brenduns/13209859-cp-intelligent-update-rollouts
13209859 cp intelligent update rollouts
2 parents fc86440 + 11380f2 commit c781cc5

1 file changed

Lines changed: 36 additions & 4 deletions

File tree

memdocs/intune/protect/windows-update-rollout-options.md

Lines changed: 36 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ keywords:
77
author: brenduns
88
ms.author: brenduns
99
manager: dougeby
10-
ms.date: 11/16/2021
10+
ms.date: 03/16/2022
1111
ms.topic: how-to
1212
ms.service: microsoft-intune
1313
ms.subservice: protect
@@ -29,7 +29,7 @@ ms.collection: M365-identity-device-management
2929

3030
# Rollout options for Windows Updates in Microsoft Intune
3131

32-
Use rollout options in Microsoft Intune policies for *Feature updates for Windows 10 and later*. With rollout options, you configure schedule options for Windows Update that result in the gradual rollout of updates to to devices that receive your policies.
32+
Use rollout options in Microsoft Intune policies for *Feature updates for Windows 10 and later*. With rollout options, you configure schedule options for Windows Update that result in the gradual rollout of updates to devices that receive your policies.
3333

3434
> [!TIP]
3535
> The default behavior for Windows Update is to make an update available to an assigned device right away. This doesn’t mean the update will install right away. Instead, when an update is made available, the device becomes eligible to install it. Before a device can install an available update, the device must connect to Windows Update and scan for updates. When the need for an update is confirmed and the device is eligible, the Windows Update service then offers the update to that device. After a device completes the update, it is then dependent on user behavior and other settings like Deadline.
@@ -56,11 +56,11 @@ To configure this option, you set the following values. Windows Update uses thes
5656

5757
- **Days between groups** – Windows Update uses this value to determine how many offer groups to use when making the update available to devices.
5858

59-
For example, you set the first group availability to be January 1, and the final group of availability to be January 10. Then you set three days between groups. The results are that Windows Update creates four groups to use for making the update available. Windows Update then makes the update available to devices in the first group on the 1st, available to devices in the next group on the 4th, and so on. The update is offered to devices in the last group on the 10th. In this example, a quarter of the devices that receive the policy are assigned to each group, and devices can only receive the update offer after the group they're assigned to becomes eligible.
59+
For example, you set the first group availability to be January 1, and the final group of availability to be January 10. Then you set three days between groups. The results are that Windows Update creates four groups to use for making the update available. Windows Update then makes the update available to devices in the first group on January 1, available to devices in the next group on January 4, and so on. The update is offered to devices in the last group on the 10th. In this example, a quarter of the devices that receive the policy are assigned to each group, and devices can only receive the update offer after the group they're assigned to becomes eligible.
6060

6161
The following behaviors apply to the management of offer groups:
6262

63-
- Windows Update assigns targeted devices to the groups randomly, keeping groups evenly-sized.
63+
- Windows Update assigns targeted devices to the groups randomly, keeping groups evenly sized.
6464

6565
- If you edit a policy to change the date for the first or final group availability, or change the number of days between groups for the policy:
6666
- Windows Update recalculates the number of groups to use, if necessary.
@@ -72,6 +72,38 @@ The following behaviors apply to the management of offer groups:
7272
- New devices are distributed to the remaining offer groups.
7373
- For devices that are no longer targeted by the policy but were offered the update, Windows Update will attempt to retract the offer. However, the offer can’t be retracted if the device has started processing that offer.
7474

75+
## Intelligent rollouts
76+
77+
To enhance your use of gradual rollouts, you can configure *Intelligent rollouts*.
78+
79+
With intelligent rollouts, the Windows Update for Business Deployment Service uses data that it collects from devices to optimize the device members in the offer groups of your gradual rollout deployments. The first offer group will include the fewest number of devices that have the largest pool of variations in your environment. You can think of this as a *pilot ring* for the deployment.
80+
81+
To enable intelligent rollout, you deploy a [settings catalog](../configuration/settings-catalog.md) profile for device configuration to *Allow WUfB Cloud Processing*. Then, you assign the profile to the same groups that you use with your Feature update profiles. You only need to deploy this profile to a device a single time. The change then applies to all future deployments for that device.
82+
83+
### Likely issue safeguard holds
84+
85+
The Windows Update for Business setting that you enable, *Allow WUfB Cloud Processing*, is the same setting that enables the Deployment Service to create a *likely issue* safeguard hold for a device. To learn more, see [Safeguard holds](/windows/deployment/update/update-compliance-feature-update-status#safeguard-holds) in the documentation for Update Compliance monitoring.
86+
87+
As your rollout progresses, the deployment service monitors for unexpected issues. The service leverages insights from the Windows ecosystem and will create *likely issue* safeguard holds and proactively pause deployments to devices that are likely to encounter an issue. By applying safeguard holds to devices that are likely to have issues with the update, devices and end users are protected from potential productivity affecting issues.
88+
89+
To learn more, see [Manage safeguards using the Windows Update for Business deployment service](/graph/windowsupdates-manage-safeguards) in the Graph API documentation for device updates.
90+
91+
### Enable intelligent rollouts
92+
93+
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
94+
95+
2. Go to **Devices** > **Configuration profiles** > **Create profile**.
96+
97+
3. For Platform, select **Windows 10 and later** and then for Profile type, select **Settings catalog (preview)**.
98+
99+
4. On the **Configuration settings** page, select **Add settings**, and then on the *Settings picker* page, search for **Allow WUfB Cloud Processing**. You’ll find this setting in the *System* category. Select the checkbox for this setting and then close the *Settings picker* window.
100+
101+
5. Set *Allow WUfB Cloud Processing* to **Enabled**.
102+
103+
6. On the **Assignments** page, assign the profile to the same groups you use for your Feature update profiles, and then complete and *Create* this settings catalog profile, to deploy it.
104+
105+
After the profile deploys, devices that use gradual rollouts for Feature update profiles will also have intelligent optimization applied.
106+
75107
## Next steps
76108

77109
Configure [Feature Updates policy](../protect/windows-10-feature-updates.md)

0 commit comments

Comments
 (0)