Windows 10 Upgrades (1511) via Intune
The Windows 10 1511 Upgrade is not available via Intune. We use Intune as our Update Management platform (small business).
I thought that the Windows update functionality in Intune should be like a WSUS in the Cloud. With peer-Distribution in Windows 10 and in Intune before it should be possible to not overload our Internet line.
If this should not work by design then please Microsoft state clearly which of your products is designed for which Scenario.
OK, seems clear that people still mean this suggestion for the PC client, not the MDM client, so setting the status to Noted.
You can manage software updates (feature and quality) for Windows 10 devices managed by MDM using Windows Update for Business. And you can do peer downloading. Here are the docs for that.
What’s keeping you using the PC client? Is it the operating system or are there still feature gaps you can’t live without on MDM?
David Treanor commented
Cathy, our biggest issue with using MDM on Windows desktops is that the user must have local admin permissions which is a show stopper for us and our customers.
Jake Edwards commented
I think there's a bit of confusion that MDM can even manage Windows 10 devices. "Mobile Device Management" does not exactly jump out as "Windows 10" desktop compatible.
Perhaps a clear guide or statement on how to migrate/transition might make it more clear.
I transitioned our PCs from the old-client to the MDM client and it was quite a manual process, and there wasn't a smooth "move all my PCs to MDM".
I prefer the MDM client that is already builtin to Window 10. The PC Client seems unnecessary and adds an extra layer. I can do more with the MDM, even add local user accounts and even rename the device using the OMA-URI CSP polices. Granted these CSP policies should UI.
Another example is the Windows Defender controls under Intune> Device Configuration> Profiles (Create Profile), and pick Endpoint Protection where you will find around 160 settings.
However, I do agree that there should be some sort of UI function to tell all of the devices to upgrade to the what ever version of Windows 10 that is currently being supported by Microsoft.
I think, Microsoft will stopped the PC-Agent. All new functions are need MDM, but Installation on MDM from setup.exe not working.
For Small Business it will bee better to use WSUS and a smal SCCM Environment to manage the clients. Microsoft Azure and Intune are to expensive and have to many limitations.
Wow, after 2 years, Microsoft will send a answer and give us a solution
Kevin Kaminski commented
The two pieces I see is legacy application deployment and patching. Co-management is a nice way for customers to handle it but the infrastructure required is something they would rather do away with or they are too small to have interest in running Configuration Manager at all. App-V is barely supported and the same goes for MSI. Basically DevOps tools are looking appealing like Chocolatey and maybe that is a valid approach but it feels homebrew.
One customer almost had me build an Internet accessible WSUS server because they weren't quite ready to embrace the modern world. Also what if they are using third party update packages for firmware, drivers, and common software they don't have a clear replacement. I feel as though Microsoft is missing a segment of the customers that need a little better support for some key pieces of the legacy world until they can decommission their legacy applications. Windows Update for Business needs some way to get third party content up there so people can enhance the service with additional update catalogs.
David Treanor commented
Not everyone is using MDM for Windows 10. This is about the Intune client.
The Greg commented
Is Intune getting worse or is it just me?
Edmund Ainsworth commented
This does not meet our needs @Cathy, as we use the Intune client via the Intune Silverlight portal not MDM via the Azure portal
thank you for your late response. When I originally created the request, MDM for Windows 10 wasn't nearly as developed as it is now. But in the last two years I already got the answer to the question via Microsofts way of not communicating clearly for which use cases the product really there.
"Microsoft recommends that customers use the MDM management solution whenever possible."
The agent based way is the legacy way and will not be actively developed while MDM is the way to go. As soon as Windows 7 will be out of its support lifecycle (01/2020) it will be possibly disregarded completely. (just my assumption of the way Intune was developed in the last two years).
In my opinion this topic can be closed because I think the function will never be implemented as I thought it would be. And two years later I myself have no interest in using a product in a company which is clearly not intended to be used the way I want it to.
The functionality you mentioned is for MDM not for a Intune agent based. Is there any option for agent based?
Antons Bukels commented
Are there any updates on this issue? How do other manage feature upgrade? Have people moved back to WSUS instead?
How long Microsoft should we be more waiting?
Am I missing something obvious here, surely by now this must be possible?
Jelle Van Der Pal commented
I don't belong here and never added any feedback regarding this problem. The last stable Windows rolled out for the Dutch Government was in 2014, Windows 7 Pro.
With WDS and huge amounts of logistic planning involving the purchase of 25.000 laptops and working at a central point of distribution to load the images onto them.
Don't expect that to happen any time soon again.
P.S: I hate laptops now.
This is unbelievable. We are now up to 1709 and still Intune cannot deploy feature pack upgrades! I have computers stuck on 1511 that cannot be updated unless I manually go to each computer or I completely remove Intune! WHAT A JOKE! I've attempted to manually upgrade one notebook this weekend by clicking the 'Check online' option and it's been going all weekend and it's still downloading! For me this is the final straw for Intune. I'll be removing this from all remaining clients starting this week. NOT GOOD ENOUGH MICROSOFT!
This is done under Windows 10 Update Rings. You can control the version CBB / CB, control driver updates, and control HTTP blended peering behind a NAT firewall.
Doug Jones commented
Currently, Windows 10 can be upgraded via the process in this article: https://docs.microsoft.com/en-us/intune/windows-update-for-business-configure
However this does not allow for scheduling of the upgrades for the OS via the Intune Silverlight Portal for Windows 10 devices enrolled with the Intune Client Software.
Please while I understand the Silverlight Portal is being phased out in change for the Azure Intune Portal, consider adding this feature set to the Silverlight support.
Doug Jones commented
We would like to see the ability on Microsoft Intune to deploy OS upgrades to Windows 10 MDM enroll devices.
Example: Upgrade windows 1511 to 1703
Maxime Rastello (MVP) commented
Currently, when the Intune client is installed on a Windows 10 PCs, it is impossible to configure Feature Upgrade ring and deferral using GPO. The deferral GPO will break the communication between the Intune client and the service.
Currently, there is no supported configuration to allow PC management with Intune client, AND the ability to defer Feature Upgrades.
We desperately need support for:
- A deferral parameter in the Intune agent policy
- Or better, to approve / block / distribute feature upgrades using the Intune admin console and the Intune client
I know that MDM mode is the recommended way to do it, but keep in mind that a LOT of clients are using the Intune agent, espacially for:
- Update approbation / block
- Defender scan dashboard
- EXE-based app deployment
Is there an easy way to transition away from the Intune Desktop Client (which doesn't allow for feature updates) to the new Azure MDM solution (which does allow for feature updates)?