Microsoft recently announced general availability for the Intune Driver Updates Management feature. That’s great news, because keeping drivers and firmware up to date can be a hassle! Let’s have a look at how we can make it more efficient using this new policy-based solution in Intune.
Benefits
Let’s start with some of the benefits of managing driver and firmware updates using Intune, and there are quite a few:
- Intelligent servicing
You don’t need to figure out which drivers you need to deploy, the Windows Update intelligence in the cloud identifies which drivers are available for each device based on inventory data. As an Intune administrator you just need to choose which ones to deploy.
- Trusted quality
Microsoft has a close collaboration with many device manufacturers, including original equipment manufacturers (OEMs) and independent hardware vendors (IHVs). Drivers are certified and validated before they published to Windows Update. - More granular controls
Can we have a cheer moment for this one please? No longer is enabling driver updates an all-or-nothing setting. If you do run into an issue with a particular driver, you can pause that specific driver deployment while continuing with the rest of the approved drivers! - Optional drivers and firmware
Approve and deploy optional driver and firmware updates in addition to recommended drivers. When approved in Intune, the drivers are installed on devices without end user interaction. - Detailed reporting
Like the Windows Update for Business reports, this new feature also comes with built-in reporting. You can see detailed reports for the status of each driver for each device as well as an overall deployment results summary for your compliance goals. Failure reports provide easy to understand alerts, descriptions of the cause of the error, and recommendations for remediating devices. - Windows Autopatch integration
For those that have Windows Enterprise E3 or E5 licensing and are using Windows Autopatch, Microsoft also announced integration with Windows Autopatch. Once released, you’ll be able to set all drivers to automatic or manual. When fully integrated with Autopatch Groups, it will be configured for you automatically, aligned with your current rings, without having to change or configure anything yourself. Easy!
Prerequisites
To use the Driver Updates Management feature, there are several prerequisites:
- Subscriptions
- Azure Active Directory: Azure AD Free (or greater) subscription
- Microsoft Intune Plan 1 subscription
- Licensing for Windows Update for Business deployment service (one of the below):
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows Virtual Desktop Access E3 or E5
- Microsoft 365 Business Premium
- Devices must be running supported Windows 10/11 Pro, Enterprise, or Education edition
- Driver updates must be allowed, so make sure you don’t have policies in place to block driver updates.
- Windows diagnostic data must be enabled (for the reporting).
Creating a Driver Updates policy
To create a Driver Updates policy, sign in to the Intune Admin Center.
Navigate to Devices and scroll down to the Policy section. In the Policy section, click on Driver updates for Windows 10 and later. Next, click on Create profile.
Enter a name for the profile, add a description (optional), and click Next.
On the Settings tab, select your approval method. This can be manual or automatic. When you choose automatic, you can also specify how many days to wait before making the driver updates available.
It is recommended to select automatic approval and monitor for issues across your deployment rings. If there are issues with a driver update, you can still pause that specific driver update.
Please note that the approval method cannot be changed once the policy is created, if you want to change the approval method you will need to recreate the policy.
On the assignments tab, select the groups to include (and exclude if needed), then click Next.
That’s it, just review the summary and hit the Create button!
Inventory can take up to 24 hours to populate after a policy is assigned and created.
Reviewing Driver updates
Once inventory has populated you will be able to see the drivers applicable to your devices. If you have selected manual approval like I did in an earlier created dev policy, you will see that you need to review some driver updates.
Click on the number to review to drill down into which drivers need to be reviewed. It will show you the driver name, version, manufacturer, driver class, release date, status, first deployment and how many devices the driver applies to.
To approve or decline an update, click on the driver name.
When manually selecting Approve you will need to enter a date as of when to make it available in Windows Update.
Once you approve the driver updates, the status will change to Approved and the First Deployment date will change to the date you entered when approving.
Note that there is also the Other drivers tab, showing optional drivers that you can also review in the same way.
Monitor Driver update progress
The reporting for driver updates can be found in the same location as the Windows Feature updates and Expedited Quality updates reports. You will find them by going to Reports > Windows Updates in the Intune admin center.
It will take some time for the report to get updated after enabling the policy.
As mentioned earlier, the Driver Updates management feature will be integrated with Windows Autopatch as well in the future. When that happens, I’ll do another blog post to look at the integration.