Intune - Windows Update Rings

Matt Dillon 1,211 Reputation points
2024-08-23T17:01:53.0533333+00:00

Trying to prove out my understanding of Windows Updates through Intune. All I am doing is proving that I still do not fully understand.

I set up a security group with my test device and then built an update ring withe the following settings:

User's image

I autopiloted a device that was complete before the scheduled install time of 11 AM. I signed into the test device and validated the Update ring policy was applied by looking at HKLM:\SOFTWARE\Microsoft\PolicyManager\current\Device\update

all the settings have been applied correctly. Windows update shows that policies were applied through MDM.

11 AM came and went. I see in the Event Viewer under Windows Update Client that patches were downloaded. Windows Updates still have not applied. Nothing in the rest of the logs show that the check has even taken place.

I do not want to force the updates through Check for Updates. My goal was to force the updates to install on a day and time that I specify with a Grace period set to 4 days for the forced reboot.

Looking at the reports in Intune, I see that my device last check in time under windows quality update distribution log is 4:37 PM today. When I look at my device in Devices the check in is at 11:37 AM.

This leads to my question of what timezone is the scheduled install time using? Alternate question is why did the updates which supposedly downloaded not install at 11 AM when the policy shows that it should install at that time?

Would like to be able to schedule patch installs weekly at a specified time per the request of my client. Was hoping I would see the patch get installed at the specified time. Not sure why this is not working as intended.

Also - I did not set up expedited patching as I wanted to test this functionality first.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,304 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,969 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 12,491 Reputation points MVP
    2024-08-23T19:41:52.1933333+00:00

    I am not sure, but that Grace Period = 4 might give you extra 4 days to stay without updates, typically it affects if the computer was not used for a long time. Have you tested with out it, set it to 0? I always have used another method - auto install at mainteince time, because for us it is important that users are not interrupted during office hours, but otherwise updates can happen during any evening or night time. It has been worked for us in many cases for years now.


  2. Matt Dillon 1,211 Reputation points
    2024-09-10T13:39:01.28+00:00

    Seems to have started working just fine as expected.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.