I am not sure, but that Grace Period = 4 might give you extra 4 days to stay without updates, typically it affects if the computer was not used for a long time. Have you tested with out it, set it to 0? I always have used another method - auto install at mainteince time, because for us it is important that users are not interrupted during office hours, but otherwise updates can happen during any evening or night time. It has been worked for us in many cases for years now.
Intune - Windows Update Rings
Trying to prove out my understanding of Windows Updates through Intune. All I am doing is proving that I still do not fully understand.
I set up a security group with my test device and then built an update ring withe the following settings:
I autopiloted a device that was complete before the scheduled install time of 11 AM. I signed into the test device and validated the Update ring policy was applied by looking at HKLM:\SOFTWARE\Microsoft\PolicyManager\current\Device\update
all the settings have been applied correctly. Windows update shows that policies were applied through MDM.
11 AM came and went. I see in the Event Viewer under Windows Update Client that patches were downloaded. Windows Updates still have not applied. Nothing in the rest of the logs show that the check has even taken place.
I do not want to force the updates through Check for Updates. My goal was to force the updates to install on a day and time that I specify with a Grace period set to 4 days for the forced reboot.
Looking at the reports in Intune, I see that my device last check in time under windows quality update distribution log is 4:37 PM today. When I look at my device in Devices the check in is at 11:37 AM.
This leads to my question of what timezone is the scheduled install time using? Alternate question is why did the updates which supposedly downloaded not install at 11 AM when the policy shows that it should install at that time?
Would like to be able to schedule patch installs weekly at a specified time per the request of my client. Was hoping I would see the patch get installed at the specified time. Not sure why this is not working as intended.
Also - I did not set up expedited patching as I wanted to test this functionality first.
2 answers
Sort by: Most helpful
-
Pavel yannara Mirochnitchenko 12,491 Reputation points MVP
2024-08-23T19:41:52.1933333+00:00 -
Matt Dillon 1,211 Reputation points
2024-09-10T13:39:01.28+00:00 Seems to have started working just fine as expected.