Skip to Content
DevicesUpdatesWindows Updates

Windows Updates

Manage Windows Update for Business through Intune. Control update rings, feature updates, driver updates, and quality updates deployment across your managed Windows devices.

Note: Intune policies control Windows Update settings without requiring WSUS. Updates download directly from Microsoft, with Intune managing deferral, deadlines, and rollout timing.

Update Status Overview

  • 847 Up to Date
  • 156 Updates Pending
  • 34 Downloading
  • 12 Failed

Update Rings

Update rings define when devices receive quality and feature updates:

Pilot Ring

First to receive updates. Test for issues before broad deployment.

Target: IT + Early Adopters

  • Quality updates: 0 day deferral
  • Feature updates: 0 day deferral
  • Deadline: 3 days after availability

Fast Ring

Main deployment wave after pilot validation.

Target: General Users

  • Quality updates: 7 day deferral
  • Feature updates: 30 day deferral
  • Deadline: 7 days after availability

Slow Ring

Conservative deployment for mission-critical devices.

Target: Critical Systems

  • Quality updates: 14 day deferral
  • Feature updates: 90 day deferral
  • Deadline: 14 days after availability

Update Ring Settings

Quality Update Deferral

Days to defer monthly cumulative updates (0-30 days). Patches are deferred from release date.

Feature Update Deferral

Days to defer semi-annual feature updates (0-365 days). Major Windows versions like 22H2 to 23H2.

Update Deadline

Days after update is offered before forced install and restart. Gives users time to choose when to restart.

Grace Period

Days after deadline before auto-restart occurs. Minimum time users have after deadline.

Active Hours

Time range when restarts are blocked (e.g., 8 AM - 5 PM). Prevents restarts during working hours.

Servicing Channel

  • General Availability — Standard releases
  • Windows Insider — Preview builds (testing only)

Feature Updates

Deploy specific Windows feature updates to target devices:

  • Windows 11 23H2 — Current
  • Windows 11 22H2 — Supported
  • Windows 10 22H2 — Supported

Note: Use feature update policies to hold devices at specific Windows versions while testing newer releases.

Driver Updates

Control driver update deployment through Windows Update:

Automatic Driver Updates

Allow Windows Update to deliver driver updates automatically. Enable for most devices; disable for sensitive systems.

Driver Approval

Review and approve specific driver versions before deployment. Prevents problematic drivers from reaching production.

Driver Categories

  • Recommended (tested with Windows)
  • Other (additional manufacturer drivers)

Expedited Updates

Push critical security updates immediately, bypassing normal deferral:

When to Use:

  • Zero-day vulnerability patches
  • Critical security updates
  • Active exploitation in the wild

Expedited updates install within 24-48 hours regardless of deferral settings.

Update Reporting

  • Devices by update status (current, pending, failed)
  • Update compliance by ring
  • Feature update adoption rates
  • Driver update deployment status
  • Failed update error analysis

Troubleshooting

Update Failed

Check error code in device details. Common issues: disk space, incompatible hardware, conflicting software.

Update Stuck Pending

Device may need restart or have pending prerequisite updates. Check device sync status and last check-in time.

Ring Not Applied

Verify device is in assigned group and has synced recently. Check for conflicting policies.

API Reference

  • GET /api/devices/windows-updates/rings — List update rings
  • GET /api/devices/windows-updates/status — Get update status across devices
  • POST /api/devices/windows-updates/expedite — Expedite update to devices
  • GET /api/devices/:id/update-status — Get specific device update status
Last updated on
Update RingsArchive Mailboxes