[German]In enterprise environments, how can you ensure that (certain) security updates and quality updates are rolled out to and reach all devices as quickly as possible? Microsoft is working on "accelerated updates" for this purpose. The whole thing has now been released in a preview for enterprise customers using Intune.
I became aware of the issue the week via this post, which Microsoft explains in the October 18, 2022 post Expedite Windows quality updates in Microsoft Intune.
The problem is that devices don't always request available updates in a timely manner. This is problematic, for example, when critical security updates need to be rolled out to all clients across the enterprise in a timely manner.
Expedited Updates
The policy Quality Updates for Windows 10 and enables administrators in enterprise environments to accelerate the installation of the latest Windows 10/11 security updates on devices managed with Microsoft Intune as quickly as possible. Expedited updates are deployed without administrators having to interrupt or edit their existing monthly maintenance policies.
The Expedited Updates feature makes it possible, for example, to have a specific update installed in an expedited manner to mitigate a security threat. This is helpful if the update process normally used would take some time to deploy the update for installation.
How it works
To speed up installation, accelerated updates use available services such as WNS and push notification channels to deliver the message to devices that an accelerated update is to be installed. This process allows devices to start downloading and installing an accelerated update as quickly as possible without having to wait for the device to report for updates.
The actual time a device starts updating depends on whether the device is online, how long it is scanned, whether communication channels to the device are working, and other factors such as cloud processing time.
What is required
It is important to note that not all updates can be accelerated. Currently, only Windows 10/11 security updates are available for accelerated deployment/installation with the Quality Updates policy. This all assumes the following:
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows 10/11 Virtual Desktop Access (VDA) per user
- Microsoft 365 Business Premium
Supported are all Windows 10/11 versions that are still in support at the time. Interested administrators can read more details in the Microsoft post Expedite Windows quality updates in Microsoft Intune.