Thank you so much, yes Windows Autopatch deserves it's own video, and since I got 4 devices enrolled, it could maybe work at least to show the concept. I put that on the list of videos, thanks!
good question, in my video I manually approved so I chose drivers, but you could allow all and let the system apply those that match. Intune does know which models you got (well targeting) so it can filter by day. Even if you target devices not using the driver it will not install so there is a lot behind the scene going on there.
Thanks for the videos, great content! One question; if I create an Intune Driver policy and set everything for review (nothing approved), and PCs belong to a ring allowing Windows drivers. Does this mean the driver's manual update is blocked? I am experiencing some PCs issues, where a printer's new driver is not working.
thanks, and an excellent question. The Driver Policy will override, so it should not get printer driver unless you approve it. Please test to verify that it is the case, but according to how it should work that is the idea. I was in a similar siltation, but with an audio driver, so approved all except audio driver, now that is fixed and put back to approve them also.
I have issue with it. I pushed update for the clinet. now getting blue screen ( Recovery yor pc/deivce need to be repaired 0xc000098 ) if you can help me it.
Nasty! maybe a driver causing this, even then the error 0xc000098 can mean also "Windows Boot Configuration Data (BCD) is corrupted or missing" Several things to try, repair mode could fix it, or if it is indeed the booter you might have to do these steps: Boot into WinRE: Restart your PC and press the appropriate key to access the boot menu (e.g., F8, F11, Esc, or Del, depending on your manufacturer). Choose Repair your computer. Navigate to Advanced Options: Go to Troubleshoot > Advanced options > Command Prompt. Rebuild the BCD: In the Command Prompt, type the following commands, pressing Enter after each: cmd Copy code bootrec /scanos bootrec /fixmbr bootrec /fixboot bootrec /rebuildbcd If prompted to add the installation to the BCD, type Y (Yes). Restart Your PC: Exit Command Prompt and restart the system to see if the issue is resolved.
Difficult one, since it always show current. I would use Splunk or alike and send the data there, then you have historical data, Microsoft would probably recommend Log Analytic or alike. You could write a MS Graph script and take values each day and send to a CSV file and display through Excel also. Sorry, not a great reply from me, hope it can give you some ideas
May not actually. Found this under a post relater to driver management: “Windows Autopatch automatically creates driver policies that allow you to roll out drivers and firmware across your deployment rings (unless you opt out of the service), with more granular controls coming later this year”
that seems to be the answer, thanks! I would had guessed that Driver management "won" but in the case of Autopatch if you don't opt out that doesn't seems to be the case
Great video! We have configured everything and drivers are found for the model we are testing on. Only thing is, the updates don't seem to come trough. We initially thought it was because via GPO (Hybrid Devices) we had WSUS configured for Driver Updates and changed it to Windows Update, but still, no movement after hours. Anyone has any idea?
Does it work for AAD joined devices but not Hybrid? Normally MDM win over GPO, but as a test on one of these devices could you delete in registry everything under: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate Then restart the Windows Update service and then check for updates and see if anything different. Requirements from: learn.microsoft.com/en-us/mem/intune/protect/windows-driver-updates-overview Devices must: Run a version of Windows 10/11 that remains in support. Be enrolled in Intune MDM and be Hybrid AD joined or Azure AD joined. Have Telemetry turned on, with a minimum setting of Required. Configure Telemetry as part of a Device Restriction policy for Windows 10/11. In the device restriction profile, under Reporting and Telemetry, configure Share usage data to use a minimum value of Required. Required is the default value. Values of Enhanced (1903 and earlier) or Optional are also supported. Devices with a value of None don't report the data that is required for driver updates policies. The Microsoft Account Sign-In Assistant (wlidsvc) must be able to run. If the service is blocked or set to Disabled, it fails to receive the update. For more information, see Feature updates aren't being offered while other updates are. By default, the service is set to Manual (Trigger Start), which allows it to run when needed.
@@IntuneVitaDoctrina Funny enough, after having these settings set for over a month, my groups randomly pulled the drivers today. I work for a school district and teachers came back this week so maybe there is some correlation there with these devices being in use after a while of being turned off? Regardless, thank you!
If we have selected driver update in update ring and if we create driver update ring will it create any conflict or we have to disable windows driver from update ring policy.
Very good question, one I had to ask myself. According to Microsoft (and therefor the correct answer) you need a Windows Update policy that allow drivers in order to manage drivers. So please do NOT disable Windows Driver from Update Ring. From link: learn.microsoft.com/en-us/mem/intune/protect/windows-driver-updates-policy "Windows update ring policy: Ensure the Windows driver setting is set to Allow."
What about an automatic scan of all device models in the tenant and then create a driver update policy and a group for each model: copilot, you there ?
Great idea, maybe a better idea to execute it but one that comes to mind is to have a PowerShell script run once a day and update EntraID groups based on model found through MS GRaph, that is also a good video idea :)
If you just want a group for Model, we don't need a Script, that we can fix by Dynamic EntraID groups that reads those values and add devices, so shouldn't be too hard to implement
oh yes, I'm planning my next video and it will be to run PowerShell script, calling MS Graph API and add devices based on Department value of the owner (Sales, HR etc..)
Imagine my surprise when i'm looking for a video to go over windows update drivers and you are there .....SUPER VIDEO. So glad its you JBN
thanks, happy to hear! :)
super useful! thanks a lot!
@@yulaw3289 thank you so much for this comment
It s very good !
It s Best vidéos ever ! ❤
Wow, thank you!
Jag och min kollega pratade om detta härom dagen och du gjorde en bra film igen as usual. Tack för dina fina tutorials
Tack så mycket Abdirashid, tack för kommentaren. Nästa film som är inspelad men inte redigerad är att köra Remediation skrips on demand.
@@IntuneVitaDoctrina Can't wait!
Informative video, as usual. Kindly start a new series for Windows Autopatch.
Thank you so much, yes Windows Autopatch deserves it's own video, and since I got 4 devices enrolled, it could maybe work at least to show the concept. I put that on the list of videos, thanks!
@@IntuneVitaDoctrina Thank you. Looking forward to learning the Autopatch from your videos. : )
Muchas gracias por compartir
Gracias por ver y comentar
Awesome video!
Quick question, does intune detect a model name from the name of the driver policy?
How does it know what drivers to look for?
good question, in my video I manually approved so I chose drivers, but you could allow all and let the system apply those that match. Intune does know which models you got (well targeting) so it can filter by day. Even if you target devices not using the driver it will not install so there is a lot behind the scene going on there.
@@IntuneVitaDoctrina so just making sure, if I approve them all, it will only install the latest ones relevent to the device?
correct, you can target one device to verify you get the result you want before you expand
Thanks for the videos, great content! One question; if I create an Intune Driver policy and set everything for review (nothing approved), and PCs belong to a ring allowing Windows drivers. Does this mean the driver's manual update is blocked? I am experiencing some PCs issues, where a printer's new driver is not working.
thanks, and an excellent question.
The Driver Policy will override, so it should not get printer driver unless you approve it.
Please test to verify that it is the case, but according to how it should work that is the idea.
I was in a similar siltation, but with an audio driver, so approved all except audio driver, now that is fixed and put back to approve them also.
I have issue with it. I pushed update for the clinet. now getting blue screen ( Recovery yor pc/deivce need to be repaired 0xc000098 ) if you can help me it.
Nasty! maybe a driver causing this, even then the error 0xc000098 can mean also "Windows Boot Configuration Data (BCD) is corrupted or missing"
Several things to try, repair mode could fix it, or if it is indeed the booter you might have to do these steps:
Boot into WinRE:
Restart your PC and press the appropriate key to access the boot menu (e.g., F8, F11, Esc, or Del, depending on your manufacturer).
Choose Repair your computer.
Navigate to Advanced Options:
Go to Troubleshoot > Advanced options > Command Prompt.
Rebuild the BCD:
In the Command Prompt, type the following commands, pressing Enter after each:
cmd
Copy code
bootrec /scanos
bootrec /fixmbr
bootrec /fixboot
bootrec /rebuildbcd
If prompted to add the installation to the BCD, type Y (Yes).
Restart Your PC:
Exit Command Prompt and restart the system to see if the issue is resolved.
Ska kolla! 👍
Tackar, relativt enkel video men visar lite vad man kan göra.
how do I find the percentage of the last patching cycle in intune?
Difficult one, since it always show current. I would use Splunk or alike and send the data there, then you have historical data, Microsoft would probably recommend Log Analytic or alike.
You could write a MS Graph script and take values each day and send to a CSV file and display through Excel also.
Sorry, not a great reply from me, hope it can give you some ideas
Great thanks. Does this apply for all Intune managed devices including WUfB, Autopatch, Autopilot…?
Good question, yes for WUfB and Autopilot, would assume Autopatch also but need to verify that first.
May not actually. Found this under a post relater to driver management: “Windows Autopatch automatically creates driver policies that allow you to roll out drivers and firmware across your deployment rings (unless you opt out of the service), with more granular controls coming later this year”
that seems to be the answer, thanks! I would had guessed that Driver management "won" but in the case of Autopatch if you don't opt out that doesn't seems to be the case
Great video! We have configured everything and drivers are found for the model we are testing on. Only thing is, the updates don't seem to come trough. We initially thought it was because via GPO (Hybrid Devices) we had WSUS configured for Driver Updates and changed it to Windows Update, but still, no movement after hours. Anyone has any idea?
Having the same exact experience as you. I have yet to find a fix.
Does it work for AAD joined devices but not Hybrid?
Normally MDM win over GPO, but as a test on one of these devices could you delete in registry everything under:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
Then restart the Windows Update service and then check for updates and see if anything different.
Requirements from: learn.microsoft.com/en-us/mem/intune/protect/windows-driver-updates-overview
Devices must:
Run a version of Windows 10/11 that remains in support.
Be enrolled in Intune MDM and be Hybrid AD joined or Azure AD joined.
Have Telemetry turned on, with a minimum setting of Required.
Configure Telemetry as part of a Device Restriction policy for Windows 10/11. In the device restriction profile, under Reporting and Telemetry, configure Share usage data to use a minimum value of Required. Required is the default value. Values of Enhanced (1903 and earlier) or Optional are also supported. Devices with a value of None don't report the data that is required for driver updates policies.
The Microsoft Account Sign-In Assistant (wlidsvc) must be able to run. If the service is blocked or set to Disabled, it fails to receive the update. For more information, see Feature updates aren't being offered while other updates are. By default, the service is set to Manual (Trigger Start), which allows it to run when needed.
@@IntuneVitaDoctrina Funny enough, after having these settings set for over a month, my groups randomly pulled the drivers today. I work for a school district and teachers came back this week so maybe there is some correlation there with these devices being in use after a while of being turned off? Regardless, thank you!
If we have selected driver update in update ring and if we create driver update ring will it create any conflict or we have to disable windows driver from update ring policy.
Very good question, one I had to ask myself.
According to Microsoft (and therefor the correct answer) you need a Windows Update policy that allow drivers in order to manage drivers. So please do NOT disable Windows Driver from Update Ring.
From link: learn.microsoft.com/en-us/mem/intune/protect/windows-driver-updates-policy
"Windows update ring policy: Ensure the Windows driver setting is set to Allow."
@@IntuneVitaDoctrina Thanks for response.
What about an automatic scan of all device models in the tenant and then create a driver update policy and a group for each model: copilot, you there ?
Great idea, maybe a better idea to execute it but one that comes to mind is to have a PowerShell script run once a day and update EntraID groups based on model found through MS GRaph, that is also a good video idea :)
@@IntuneVitaDoctrina it'd save my life: waiting for another of your great videos!
If you just want a group for Model, we don't need a Script, that we can fix by Dynamic EntraID groups that reads those values and add devices, so shouldn't be too hard to implement
@@IntuneVitaDoctrina we should create groups and dynamic rules via powershell though
oh yes, I'm planning my next video and it will be to run PowerShell script, calling MS Graph API and add devices based on Department value of the owner (Sales, HR etc..)