Enhancing End-User Experience in Windows Update for Business using Intune

If you are managing windows devices using SCCM, you know the level of control it offers for the reboot experience through the client settings and the timely notification of impending reboots.

SCCM excels at ensuring users are well-informed about scheduled tasks, with toast notifications that are hard to miss.

However, when transitioning your Windows patching tasks to Intune (windows update for business) or adopting Intune for device management, you may notice a difference in the reboot experience. The controls for end-user experience are limited (especially the remainders).

In this blog post, we will explore options and settings that can help improve the end-user experience, particularly when configuring deadline settings.

Deadline Settings and Grace Period

When creating a Windows Update Ring policy and configuring deadline settings, it's essential to strike a balance.

Always ensure that the grace period is greater than the deadline for quality updates. This approach helps by sending toast notifications to the user regarding the pending reboot, allowing users to choose a convenient time for the reboot.

Here are some simplified terms to understand these settings:

  • Deferral: This option allows you to offer updates to the device after X days from the release time.
  • Deadline: It forces the installation of updates on the device after Y days
  • Grace Period: It mandates a restart of the device after Z days. The timer starts once the device detects a pending reboot. Importantly, the grace period ignores active hours and forces a reboot.

With these settings in mind, let's consider an example. If our grace period is set to 3 days, the timer for the grace period will begin when the system detects a pending reboot. It will then automatically force a reboot of the device after 3 days.

Additional Settings for a Better End-User Experience:

In addition to the Windows Update for Business (WUfB) ring settings, two more settings play a crucial role in providing a smooth end-user experience.

  1. Auto Restart Notification Schedule: By enabling this policy, you can specify when auto-restart reminders are displayed. You can set the duration before a scheduled restart when the user should be notified.
  2. Auto Restart Required Notification Dismissal: This policy defines how the auto-restart required notification is dismissed. When a restart is necessary to install updates, this notification is displayed. By default, it disappears after 25 seconds. However, you can configure it to require user action for dismissal.

These settings are available in the settings catalog and can be deployed to device groups. When used in conjunction with the deadline settings and other configurations, they significantly enhance the end-user experience.

Wufb ring policy with deadline settings:

image

Additional settings:

image

Real-World Experience:

In my testing, on October 24, 2023, when patches were installed on a Windows 11 device, it entered a pending reboot state, and the user experienced the following prompts.

Day 1: User receives a prompt notification about the upcoming reboot. (all the notifications are user dismissal and not device)

image

wufb restart - day 1.2

Day 2: The user continues to receive toast notifications about the upcoming reboot.

Day 3: On day 3:

image

The following prompt appear ahead of 240 minutes (due to the Auto Restart Notification Schedule), followed by a final prompt before a forced reboot begins.

image

A final prompt before force reboot

image

Depends on your user experience and deadline settings configuration, restart notifications may differ.

Feel free to configure these settings according to your specific requirements and capture the end-user experience. This proactive approach helps you avoid any sudden reboots and ensures that users have the control they need.

5 Responses to "Enhancing End-User Experience in Windows Update for Business using Intune"

  1. Hello,
    How should I "correctly" set "Auto reboot before deadline" in this case? Yes or No? If I want the stations not to reboot in maintenance time(9-17) -> No? Do I understand this correctly?
    If its set to "yes", the station restarts whenever the user is not active, right? Will the 240-minute „countdown“ apply in this case?
    Thanks in advance

    Reply
    1. Hi,
      Auto reboot before deadline only activates outside the maintenance window (before 9 or after 17) when the user is not active on the device.
      This option helps to restart the device outside active hours and if you dont set this, the device will wait for deadline and do force restart during the active hours too.

      Thanks,
      Eswar

      Reply
    1. it is every day but Microsoft is bringing the custom notification interval into the wufb rings that should help to configure the frequency just like SCCM.

      Thanks,
      Eswar

      Reply

Post Comment