In this post I will be discussing about how to control Windows update restart behaviour with Intune. Intune provides heaps of options to deploy Windows Update including various kinds of settings which can be used to set restart behaviour.

With the combination of couple of settings, we can provide a good user experience which helps controlling the restart behaviour.

Restart Settings in Intune

Navigate to Microsoft Endpoint Manager admin center (MEM portal) and navigate to Home > Devices > Windows > Update rings for Windows 10 and later.


Update ring settings

Create Profile or edit any existing profile, under Update ring settings > User experience settings > Use deadline settings, we have following options to control:

Use deadline settings

It is recommended to Allow the Use deadline settings.

  • Deadline for feature updates: Number of days, 2 to 30
  • Deadline for quality updates: Number of days, 2 to 30

Both above options allow number of days to be specified between 2 to 30. Based upon what Automatic update behavior you have specified, you now have additional days for deadline to reach.

  • Grace period: Number of days, 0 to 7

This is another good option to specify and is going to be very useful in cases where users are returning back from vacation or extended weekend and deadline has already reached. Specifying the grace period will provide them enough time to check their emails and to work without Windows update hampering their work.

  • Auto reboot before deadline: By default, it is selected to yes. Be careful with specifying this value as yes as this may trigger automatic restart before the deadline.

When specified this as No, device will not automatically restart outside of active hours until deadline is reached. This option looks good for better user experience but at the same time may delay the updates deployment and compliance in organization.

Hence you need to choose between a path where you would like to provide a good user experience where user can control the settings and behaviour or to force deploying the patches at the earliest and forcing reboot without much delays.

user experience settings

Automatic update behavior: This gives couples of options such as:

  • Notify download: Notify the user before downloading the update. Users choose to download and install updates.
  • Auto install at maintenance time: Updates download automatically and then install during Automatic Maintenance when the device isn’t in use or running on battery power. When restart is required, users are prompted to restart for up to seven days, and then restart is forced.
  • Auto install and restart at maintenance time: Updates download automatically and then install during Automatic Maintenance when the device isn’t in use or running on battery power. When restart is required, the device restarts when not being used, which is the default for unmanaged devices.

This option can restart a device automatically after the update installs. Use of the Active hours settings aren’t described in Windows Update settings but are used by Intune to define a period during which the automatic restarts are blocked

  • Auto install and restart at a scheduled time: Specify an installation day and time. If unspecified, installation runs at 3 AM daily, followed by a 15-minute countdown to a restart. Logged on users can delay countdown and restart.
  • Auto install and reboot without end-user control: Updates download automatically and then install during Automatic Maintenance when the device isn’t in use or running on battery power. When restart is required, the device restarts when not being used. This option sets the end-users control pane to read-only.
  • Reset to default: Restore the original auto update settings on machines that run the Windows 10 October 2018 Update or later, and that run Windows 11. These original auto update settings allow Windows to use automatically determined active hours to schedule the best time to install updates and restart the system after it installs the updates.

Conclusion

We can see there are lots of control of restart behavior, what settings we need to specify – it depends upon organizations requirement. I always see we have to pick a path between user experience vs better compliance. Be careful with specifying Auto reboot before deadline option and always recommended to have Grace period specified.