Intune patch deployment question about update classification

David Moon 541 Reputation points

Hi All

My understanding was that WUFB deploys all update classification. Is this correct assumption?
In SCCM, you can control what update classification you wanted to deploy. But with Intune, it is all or nothing right?
If so, i am running into a weird issue then.
With February 2022 updates, the .NET updates are classified as "updates". These are not being installed via Intune (wufb). However, the January 2022 .NET updates are, which are classified as "security updates".
If someone can clarify what is happening here?

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,762 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,455 questions
0 comments No comments
{count} votes

Accepted answer
  1. Aria Carley 81 Reputation points Microsoft Employee

    WUfB devices receive only security or critically marked quality updates. This means you will get the patch Tuesday security quality update, some out of band updates, and only security .Net updates. Note - all of these are cumulative so when receiving the security update, you will get all of the previous content in the other updates. To test out the preview/optional updates, try joining some devices to Release Preview.

1 additional answer

Sort by: Most helpful
  1. Crystal-MSFT 44,151 Reputation points Microsoft Vendor

    @David Moon , For windows update for business, it supports the following types of updates for windows 10:
    Feature updates
    Quality updates
    Driver updates
    Microsoft product updates

    From the above list, it seems update class is not included.

    Then I research for the two different classification. It seems the update class if for the noncritical,non-security bug which seems to be not that important.
    Update: An update addresses a noncritical, non-security-related bug.
    Security Updates: Updates that address security-related issues in an operating system are called security updates; These Windows Updates are generally issued after some security organization finds a fault in any operating system and notifies Microsoft; Microsoft creates a patch (update), asap or within a fixed period, to fix those issues; The update is then released worldwide; often users are also notified via email to download these security updates

    If you want to know why the two .Net updates classification different, you can ask question on Microsoft update catalog to see fi we can get the help.

    For some specific affected update,s you can try to deploy them via Intune Win32 app . Here is a link for the reference:

    Hope it can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.