You can deploy windows update as a package via Intune. Go to Microsoft catalog site and search the update you want to install and click Download.
Microsoft catalog : https://www.catalog.update.microsoft.com/
I am trying to download KB5008215 December update for deploying to Windows 11 machines. The downloaded update will be saved as a *.msu file and then use Microsoft Win32 Content Prep Tool to convert the *.msu file into the .intunewin format.
Download the tool from the below link and the tool will guide you the required parameters step by step in the command line and converts the file into *.intunewin format.
https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool
Windows update file is converted and after you use this tool, you will be able to upload and assign the apps in the Microsoft Intune console.
Goto Microsoft Endpoint Manager Admin Center portal and Click Apps -> All Apps -> Add and select App type “Windows app(Win32)”.
On the App information page, select the package file and provide the details of the app and click Next.
On the Program page, provide the Install, Uninstall command and behavior of the installation and click Next.
On the Requirement page, specify the architecture and operating system details and Click Add to configure additional requirement rules and create requirement. For this application, selected registry and provided operating system build number version and click ok.
On the Detection rules page, specify KB detection PowerShell script and click Next.
On the Assignments page, select the devices group and specify assignment type.
Required: The app is installed on devices in the selected groups.
Available for enrolled devices: Users install the app from the company portal app or the company portal website
You can set End user notifications, availability and installation deadline and click Next.
On the Review + create page, review the configured settings and click Create to complete the application creation.
Application has been created successfully in Intune console and then review log on the machine to check the installation process.
Logs on the client machine are commonly in C:\ProgramData\Microsoft\IntuneManagementExtension\Log. Open IntuneManagementExtension log in CMtrace viewer and verify the installation status. The installation completed and received notification for system reboot.
Post system reboot, the update has been installed on the machine.
