Intune: Reproducing Windows Update Experience

With the integration of SCCM and Intune into Microsoft Endpoint Manager, Microsoft is trying to get us to adopt modern management practices for our Windows endpoints. The advent of hybrid working amid the global pandemic has validated this push for this modern management powered by the Cloud.

Microsoft have done an awesome job in helping with our Cloud journey from providing fantastic documentation to the likes of Settings Catalog in Intune. However, I feel they’ve dropped the ball in other aspects and could be doing better to help us with this transition.

Consider moving the Windows updates workload from on-premises SCCM to Intune. Consider the following screenshots which shows our deployment deadline and reboot behaviour configurations in SCCM.

image

image

Now if I were to move this workload to Intune, I am presented with this configuration experience:

image

Why couldn’t Microsoft provide with identical options in Intune so we can just get a quick win, safe in the knowledge that the end user experience is going to be the same? Wouldn’t that make it easier for us to switch to Intune?

The ‘admin experience’ of moving from SCCM to Intune in this case requires one to decipher what all these options mean from the documentation and trying to come up with something that follows the existing policies.

Also, consider the end user experience. Why do we have to follow the existing policies and behaviour? We have previously run a campaign of emails and articles on how the update rings and reboot behaviours work to educate our users so they’re not caught out by a reboot unexpectedly, for example. Ideally, I’d like the user experience to remain exactly the same as it was with SCCM.

So in the above example, what options have I chosen that will allow the user experience to remain something similar?

I’ve set the Automatic update behaviour to Notify download. Microsoft says “If the user takes no action, the update will not install until the deadline you have configured is reached”. The key bit here is “until the deadline”.

image

So I’ve enabled deadline settings and set the deadline for quality updates to 2 days and the Grace period to 1 day. This means the user has 2 days to install the updates after being notified and has 1 day to restart their device before it is forced.

image

As for the reminders, we have no options for recurring reminders every x hours. Instead what we have is the “Remind user prior to required auto-restart with dismissible reminder (hours)” option which is a one-time reminder that the user can dismiss. I’ve set this to 4 hours prior to restart.

And I’ve set the user to be notified 60 minutes before the restart which they cannot dismiss.

image

Advertisement