With the implementation of Driver Update Management via Microsoft Intune, you can now effectively oversee and distribute driver updates to your devices, ensuring that they remain current at all times.
It is not required to manually download and install the drivers or perform script deployment method using deployment tool.
Intune and Windows Update for Business (WUfB) deployment service will take care of identifying recommended updates to devices that are assigned with driver updates policy.
New Capabilities to Manage the Deployment
- Intelligent servicing which helps to identify recommended updates for devices.
- More granular controls allow you to manage and control the deployment.
- Optional drivers and firmware also available for recommended updates.
- Detailed Reporting which helps to monitor the status of devices and remediations.
- Windows Autopatch will automatically roll out drivers and firmware updates in the deployment rings with more control.
- Trusted quality is brought to you by prior certification and validation by many device manufacturers.
Types of Windows Driver Update Policies
There are two types of driver update policies can be applied to devices.
Enable automatic approvals of recommended driver updates
This policy will automatically approve the recommended drivers to the devices assigned to the policy.
If there is any new version of recommended drivers released by OEM publishers, Intune will automatically add into policy and previous version of the recommended driver will move to other drivers list and considered as optional.
Also, if latest approved version deployment is paused, the next recent version from other drivers will be deployed to devices.
Configure policy to require manual approval of all updates
With this policy, administrators must approve the drivers manually before the deployment.
If any new version of drivers released by OEM publisher, it will be added into policy and admins need to review and approve to proceed with deployment.
Manage drivers which are approved for deployment
You can edit the drivers in the deployment policy and pause the specific driver update deployment, re-approve the update in the deployment later.
Intune to WUfb-DS synchronization will run on each day automatically and you can use Sync option to run Sync on demand and it will take few minutes to complete.
Devices will sync with WUfB-DS whenever windows updates scan runs on the devices.
Driver Update Management Process
- Microsoft Intune will share the policy information for devices, Azure active directory IDs, approved drivers list and pause commands to WUfB-DS.
- WUfB-DS will configure windows updates based on information provided by Intune and windows update provides applicable drivers inventory for each device.
- The device will send the data to Microsoft so that windows updates identify applicable drivers during windows updates scan and will install on the device.
- WUfB-DS reports Windows diagnostic data back to Intune for reports.
Prerequisites of the Driver Update Management Process
- Driver updates deployment supported for Windows 10 & 11 editions (Pro, Enterprise, Educations & Pro for workstations).
- Windows 10/11 long term service channel is not supported.
- Devices are enrolled with Intune MDM, Hybrid AD Joined or Azure AD Joined.
- Microsoft Account Sign-in must be running state to receive the update.
- Microsoft Intune Plan 1 & Azure Active Directory Free subscription required.
- The below licenses are required for Windows Update for business deployment service in your organization.
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows Virtual Desktop Access E3 or E5
- Microsoft 365 Business Premium
- RBAC Requirements – Account must be assigned with following permissions in Device configurations (Read, Create, Delete, View Reports, Update & Read).
Create & Assign Driver Update Policy
There are two types of driver update policy you can create and assign to windows devices.
- Approve recommended drivers automatically.
- Review the driver updates and approve the required updates manually.
Once the policy is created, you cannot change the approval method. The below steps cover how to configure policy and review and approve for update installation.
- Sign into Microsoft Intune admin portal and go to Devices -> Windows 10 driver update policies and click to create new driver update policy.
- On settings page, there are two options for approval. 1. Manual approve and deploy driver updates 2.
Automatically approve all recommended driver updates. Select Automatically approve option and specify number of days to make the updates available.
- On Scope tag page, specify the required scope tag and click Next.
- On Assignments page, select the respective group and Click Next.
- On Review + create page, review the configured settings, and click Create.
Review & Approve The Drivers
- Once the driver updates policy created, let the devices perform scan for available updates for a day and then review the available drivers under Drivers to review
Decide whether to approve or decline the drivers.
- When you open the driver update policy, you will see recommended and other drivers
For manual approve, choose the driver that needs review and under actions, choose approve or decline and click save.
Pause The Driver Updates
- You can pause approved driver update to the devices which are not yet received and choose Pause option under actions. It can be done for automatic or manual approve method.
- If the update is paused, the device has not scanned for the update then Pause option will work as expected.If the device is in process of downloading, installing state then it will try to stop the driver from installation or else, it will complete the installation.
Monitor Driver Update Status
Goto Reports -> Windows updates, open Windows Driver Update Report and choose the driver’s name and you will find Success, InProgress, Error and Cancelled status for deployed devices.
To check more details of failed status, open windows driver update failures report and it will show how to remediate the issue.
More Capabilities Coming From Microsoft
- Seeing all devices for which a driver is applicable
- Knowing the device model that a driver supports
- Bulk editing
- Aligning driver approvals with patch Tuesday. Note: this would ensure that if a reboot is required, it reboots along with the monthly security
- Deeper driver controls in Windows Autopatch, including the ability to deploy optional drivers, maintain manual control over driver approvals at the ring level, and to use these functions for your custom Autopatch groups.
Wrapping it Up:
By leveraging Intune’s advanced capabilities, you can bid farewell to the manual hassle of downloading and installing drivers. The integration with Windows Update for Business (WUfB) ensures that your devices receive the necessary driver updates seamlessly, maintaining the performance, compatibility, and security of your hardware.
The process of managing driver updates is further simplified through intuitive policies, both automatic and manual, allowing you to choose the level of control that aligns with your organization’s needs.
At WME, we’re proud to be at the forefront of providing professional IT services that include harnessing the power of Microsoft Intune for effective Driver Update Management. With our deep Intune expertise, we ensure that your organization’s devices remain optimized, secure, and ready to meet the challenges of tomorrow.
Contact us today by clicking here.