In this post I will show you how to deploy driver updates using Intune. Driver updates (including firmware updates) are the new feature which has been introduced in June 2023. This feature allows you to deploy these updates via Intune.
When we login to the Microsoft Intune admin center and navigate to Devices > Windows, we are able to see these four options:
- Update rings for Windows 10 and later
- Feature updates for Windows 10 and later
- Quality updates for Windows 10 and later
- Driver updates for Windows 10 and later
Last one is the new option which has been recently added for driver updates.
Can’t we use Windows Update ring to deploy updates
You might be wondering that driver updates can be installed via Update rings. The first option has the feature to enable the Windows drivers if we allow in the ring settings. This will absolutely work without any issues. But here we don’t have control over which driver update to deploy and which one not. With this setting enabled, whenever the new driver update is made available, it will be deployed automatically.
Importance of Drivers updates policy
Driver updates for Windows 10 and later is the option which provides us better control over which drivers we wanted to deploy. Once we create the policy and deploy it few devices, they will start reporting back the driver and firmware updates which are required.
These updates will be made available on Intune portal for us to review and deploy accordingly. We have option to automatically deploy the updates or to manually deploy specific updates. Hence, we have granular level of control for driver updates. This feature helps organizations to efficiently manage the drivers servicing.
This whole feature is part of Windows Update for Business (WUfB) but with additional functionality. This comes with additional license requirement as well.
Microsoft collaborates with all major OEM’s and Independent hardware vendors (IHVs).
Note: We still require Windows update ring as the ring settings also controls the User experience settings and grace period which is very useful to provide ample amount of restart time once set. You also need to make sure that Windows drivers are not blocked in the ring, it should be allowed.
Prerequisites for Driver’s update
Apart of Microsoft Intune Plan 1 subscription, you need to have Windows Update for Business deployment service (WUfB-DS) license. This service is part of following license:
- Windows 10/11 Enterprise E3 / E5 (Included in Microsoft 365 F3, E3 or E5)
- Windows 10/11 Education A3 / A5 (Included in Microsoft 365 A3 or A5)
- Windows Virtual Desktop Access E3 / E5
- Microsoft 365 Business Premium
If you have one of the above license, you no need to be worried of. You already have right license to start utilizing this great feature.
Driver updates are supported for following Windows 10/11 editions:
- Pro
- Enterprise
- Education
- Pro for Workstations
For complete list of requirements including telemetry and other features, you should check the link https://learn.microsoft.com/en-us/mem/intune/protect/windows-driver-updates-overview
Deploy driver updates policy
Login in Microsoft Intune admin center and navigate to Devices > Windows > Driver updates for Windows 10 and later. Click on Create profile
Under Basics page, provide the name such as Dell Model and click Next.
Under Settings page, you have to specify the Approval method, there are two options available:
- Manually approve and deploy driver updates : This option provides us the granular level of control on which drivers to offer to the devices once device sends the inventory of required drivers. We can certainly pick one over other, hence can deploy fewer drivers only based upon our requirement and choice. This also gives us the option for when to deploy the update, we can specify the future date for driver installation to kick in.
- Automatically approve all recommended driver updates : This option automatically approves all recommended drivers and will be installed on the devices without asking us. Be careful with this option selection, this can be a good option for POC or UAT phase of pilot testing, but using this option for all devices can lead to issues as well as we never now how new drivers are going to behave.
I went with manually approving option for Approval method.
Target the policy on a group. I would recommend creating dynamic groups for each specific hardware model so as you have separate driver update policies available to evaluate.
Once the policy is deployed, we might need to wait for couple of days. Though in settings page of driver updates it shows Inventory can take up to 24 hours, however in my case it is taking 2-3 days. I tried this with multiple tenants and multiple devices. The result was consistent. Hence, just have patience to get the results.
Once you have the results, you can see the devices will start sending the inventory back to the Intune portal. Under Driver updates for Windows 10 and later, we can see our policies created along with Drivers to review.
Under the policy Dell Drivers, I can see 3 drives to review, we can click on it to get more information.
Under Recommended drivers, we are able to see Driver name, Manufacturer, Driver class and Release date. This view also shows applicable devices as well.
Click on one of the specific update, we have actions available either to approve or decline. Once I approve, I have option to select the date for this driver to make it available on the device. On this specific date, driver will be offered and will get installed.
We have more enhanced list available under Other drivers page which is next to Recommended drivers page. We can deploy these updates as well by approving them.
You might be wondering how Other drivers list is different from Recommended drivers list. This information usually comes from the vendor, they specify the category of the driver. I usually see, the most recent released drivers first goes to Other drivers list. Once this driver is made available for quite some time for couple of weeks/months, it might be moved to recommended drivers. This is my observation on what could be happening in the backend.
There might be few old drivers listed under Other drivers which vendor might not think of making it recommended drivers, but an optional drivers to install.
Check the reporting for Driver updates
Allow some time on the workstation (laptop or desktop) to receive the policy. Once driver is updated, we can verify the status through reports.
Navigate to Reports > Windows updates > Reports > Windows Driver Update Report, click on it.
Click on Select a driver update, and select one of the approved updates and click on Generate.
This will generate the reports for all the devices which is part of the group we used for targeting.
As I can see, it got installed on my device with:
Update State: Installed
Update Substate: Update installed
Update Aggregated State: Success
Conclusion
Driver updates servicing becomes easy with this new feature introduced by Intune. Though update rings can still be used to deploy driver updates but we don’t have granular level control which is available in this new feature. We must always remember that we still should be using update ring for user experience and to make sure driver updates are not blocked in the ring which will block the drive update policy.
Important Links
Commercial driver and firmware servicing is publicly available! – Microsoft Community Hub
Manage Windows driver and firmware updates with Microsoft Intune – Microsoft Community Hub
