Use Intune to Configure Windows Update for Business

First, Windows Update for Business (WUfB) is not something that you install. It’s not an agent or server that gets installed. It’s merely settings that you configure that establishes how Windows 10 gets serviced. It’s very similar Servicing Plans in ConfigMgr, but for cloud-based management instead of on-prem management.

WUfB will tell a Windows 10 device which servicing branch it is in, and how many days into that servicing branch that it installs the latest feature update. To refresh, the two servicing branches are Current Branch (CB) and Current Branch for Business (CBB). The number of days that you specify tells the system how long after a feature update is made CB or CBB that the machine should wait before applying the feature update. For a complete understanding of servicing plans and how best to implement them in your organization, see this blog post: Windows as a Service: Keep Windows 10 Up-to-Date – (windowsmanagementexperts.com)

Intune Configuration

To configure WUfB, you must use a Windows 10 custom configuration policy in Intune. I recommend creating a policy specifically for this purpose. The settings I reference here work with Windows 10 1607. For earlier versions of Windows 10, see the end of the blog. I will make a policy that assigns a device to CBB and installs the feature update 7 days after the OS hits CBB.

capture

The first setting you need is Update/BranchReadinessLevel, configured like this:

capture

This setting will configure the device for CBB. If you would like your device in CB, change the value to 16.

Next, you need this setting:

capture

The value here is simply the number of days to postpone the feature update.

Windows 10 1511

If you are on Windows 10 1511, the OMA-URI box will be slightly different. For the first setting (BranchReadinessLevel), change the OMA-URI setting to “./Vendor/MSFT/Policy/Config/Update/RequireDeferredUpgrade” For the day deferral, change it to “./Vendor/MSFT/Policy/Config/Update/DeferUpgrade”.

Disclaimer

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=