In this post I will be showing you how to Upgrade from Windows 10 to Windows 11 using intune via Windows Update for Business Policy (WUfB). Intune gives the flexibility to udgrade the existing Windows 10 Operating System to Windows 11, before doing that we need to make sure following settings are in place.

Pre-requisite check before Upgrading to Windows 11

Before applying applying feature update for Windows 11, we need to make sure following items are in place:

  1. Windows 10 version on the device which is still in support should be running.
  2. Feature updates are supported for following editions:
    Windows 10/11 Pro
    Windows 10/11 Enterprise
    Windows 10/11 Pro Education
    Windows 10/11 Education

(Windows 10/11 Enterprise LTSC  – Long Term Service Channel release is not supported by WUfB)


This can be achieved either through Intune Configuration Policy or through GPO setting.

  1. Enable Telemetry through Intune:

Login to Microsoft Endpoint Manager admin center, navigate to Devices > Configuration profiles > Create profie. Select the Platform as Windows 10 and later and Profile type as Templates and select Device restrictions

intune Device Restrictions

On Device restrictionsBasics page, name it as “Enable Telemetry”, click Next.

On Configuration Settings page, select Reporting and Telemetry and under it select Share usage data which has following options:
Not configured
Diagnostic data off
Required
Enhanced (1903 and earlier)
Optional

Reporting and Telemetry Share usage data

The minimum option we need is Required. Enhanced and Optional is fine too based upon organization requirement.

Assign this profile to the group of devices to whom you wanted to target Windows 11.

  • Enable Telemetry through Group Policy

Open Group Policy Management Editor, create a new policy and edit it. Navigate to Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds, on right pane double click Allow Telemetry – enable it and select 1 – Required out of 4 existing options.

Data Collection and Preview Builds

For more details on Windows 10 / 11 feature update information check the link

Create Update rings for Windows 10 and later

Login to Microsoft Endpoint Manager admin center, and navigate to Devices > Update rings for Windows 10 and later and click on Create Profile.

Update rings for Windows 10 and later

Specify the following settings for the profile
Servicing channel : Semi-Annual Channel
Microsoft product updates : Allow
Windows drivers : Allow
Quality update deferral period (days) : 7
Feature update deferral period (days) : 0
Set feature update uninstall period (2 – 60 days) : 60
User experience settings
Automatic update behavior : Auto install at maintenance time
Active hours start : 8 AM
Active hours end : 6 PM
Restart checks : Allow
Option to pause Windows updates : Enable
Option to check for Windows updates : Enable
Require user approval to dismiss restart notification : No
Remind user prior to required auto-restart with dismissible reminder (hours) : 2
Remind user prior to required auto-restart with permanent reminder (minutes) : 60
Change notification update level : Use the default Windows Update notifications
Use deadline settings : Allow
Deadline for feature updates : 2
Deadline for quality updates : 2
Grace period : 0
Auto reboot before deadline : Yes
Important thing here is to not defer the Feature update, hence I have set it to 0.
Assign the Update ring to target devices.

Update ring settings

Create Windows 11 Feature Update

Under MEM Admin Center, navigate to Devices > Windows > Feature updates for Windows 10 and later (Preview) and create profile.

Feature updates for Windows 10 and later (Preview)

Specify Name: Windows 11
Under Feature deployment settings – Feature update to deploy now have option Windows 11, apart from all other supported Windows 10 version at the time of publishing this post:

Edit feature update deployment

Windows 11
Windows 10, version 21H1
Windows 10, version 20H2
Windows 10, version 2004
Windows 10, version 1909

Registry changes for WUfB Policies

Following registry changes will be applied based upon creating Update Ring & Feature Update profiles / policies:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState]
"DeferQualityUpdates"=dword:00000001
"DeferFeatureUpdates"=dword:00000001
"QualityUpdatesDeferralInDays"=dword:00000007
"FeatureUpdatesDeferralInDays"=dword:00000000
"BranchReadinessLevel"="CB"
"IsDeferralIsActive"=dword:00000001
"IsWUfBConfigured"=dword:00000000
"IsWUfBDualScanActive"=dword:00000000
"ExcludeWUDrivers"=dword:00000000
"PolicySources"=dword:00000004
"UseUpdateClassPolicySource"=dword:00000000
"SetPolicyDrivenUpdateSourceForFeatureUpdates"=dword:ffffffff
"SetPolicyDrivenUpdateSourceForQualityUpdates"=dword:ffffffff
"SetPolicyDrivenUpdateSourceForDriverUpdates"=dword:ffffffff
"SetPolicyDrivenUpdateSourceForOtherUpdates"=dword:ffffffff
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState

Following registry key mentioning about Quality update and Feature update is not paused.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings]
"PausedQualityStatus"=dword:00000000
"PausedFeatureStatus"=dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings]
"ActiveHoursEnd"=dword:00000011
"ActiveHoursStart"=dword:00000008
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings
"AllowAutoWindowsUpdateDownloadOverMeteredNetwork"=dword:00000000
"ExcludeWUDriversInQualityUpdate"=dword:00000000
"FlightCommitted"=dword:00000000
"IsExpedited"=dword:00000000
"LastToastAction"=dword:00000073
"SmartActiveHoursEnd"=dword:00000011
"SmartActiveHoursStart"=dword:00000008
"SmartActiveHoursSuggestionState"=dword:00000000
"UxOption"=dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\StateVariables
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\StateVariables]
"RebootUXLaunched"=dword:00000000
"WaaSOutOfDateState"=dword:00000000
"WaasAssessmentCheckTimestamp"=hex(b):d0,00,74,c8,47,c7,d7,01
"UpToDateStatusRecalcTimestamp"=hex(b):10,78,f3,cb,9e,c7,d7,01
"WaaSUpToDateAssessmentImpact"=dword:00000000
"WaaSUpToDateAssessmentDays"=dword:00000000
"UpToDateCachedStatus"=dword:00000000
"UpToDateStatusTimestamp"=hex(b):80,74,6d,d4,52,a2,d7,01
"AlertStatusTimestamp"=hex(b):80,74,6d,d4,52,a2,d7,01
"SeekerSession"=dword:00000001
"ActiveHoursScenario"=dword:00000002
"ActiveHoursStart"=dword:00000008
"ActiveHoursEnd"=dword:00000012
"UXCachedRebootState"=dword:00000000
"LastNotificationDisplayed"=dword:0000000b
"LastNotificationDisplayedTime"=hex(b):b0,d6,de,a8,a0,c7,d7,01
"WaaSFeatureAssessmentImpact"=dword:00000000
"WaaSFeatureAssessmentDays"=dword:00000000
"SmartSchedulerPredictedStartTimePoint"=hex(b):74,36,66,a8,7c,01,00,00
"SmartSchedulerPredictedEndTimePoint"=hex(b):f4,01,0b,a9,7c,01,00,00
"SmartSchedulerPredictedConfidence"=dword:00000033

Feature Update Windows 11 process

Once the policy in place, allow sync to happen or else initiate it forcefully. Under Settings > Update & Security > Windows Update, we will be able to see the initiation / installation process of Windows 11 Upgrade, this will fail with error message in case of minimum hardware requirements are not met such as TPM Module, supported processor and other tasks.

Upgrade to Windows 11 Installing

For complete process of upgrade, you may check the log c:\windows\windowsupdate.log. You cannot directly read this log file, we have to convert it using following PowerShell command Get-WindowsUpdateLog. This will create log files at various locations, one of the log will be available on desktop with the name WindowsUpdate.log to view.

Restart required

Once the update is applied, you will see notification “Your organization requires your device to restart by <date>”

Windows 11 Working on updates

Initiate the restart within few minutes we can see system is upgraded to Windows 11 with Version 21H2 (OS Build 22000.258)

OS Build 22000.258