Microsoft endpoint manager and windows updates

I’m working on getting our machines at work updated through Microsoft endpoint manager (intune) and reporting and slow updates have been driving me made.

We are moving from SCCM, so our old devices are co-managed everything new is intune only!

A few of the lessons I’ve learned along the way, it to be patience and give it time. Similar to SCCM reporting the status of a device is very slow, likely 5-7 days slow. Unlike SCCM there is no good way to force push an update šŸ™ You can have it push as soon as possible, but that is still likely days even with a machine that is online and connected to the internet.

When you are looking at the results of a feature update policy, there are three different statuses.

Device, User, and End user update status.

The first two just tell you if the policy applied to the device.

The third option is where you can see if the patches and feature update reported successful or not.

Workbooks with update compliance has been the best way for reporting of windows feature updates and security updates. I found @pvanderwoude on twitter than has created a wonderful workbook for update compliance and he’s sharing it with everyone. Enhance Update Compliance with a custom Workbook in Microsoft Endpoint Manager admin center ā€“ All about Microsoft Endpoint Manager (petervanderwoude.nl)

We’ve also had a few difficult machines that didn’t want to update their feature level through Intune and we had to touch those machines the Windows Update Troubleshooter for Windows 10 (microsoft.com) helped us get through some of those issues.