Something's gone wrong!An error ocurred performing that action. Please try refreshing the page.

Intune: Updating to Windows 11

By Katy Nicholson, posted on 4 December, 2021

Updating devices to Windows 11 is fairly simple through Intune, using the Feature Updates settings. To get this working you'll need Intune licences (...obviously) along with one of the following:

  • Windows Enterprise E3/E5, included in Microsoft 365 E3/E5/F3
  • Windows Education A3/A5 (M365 A3/A5)
  • Windows VDA per user
  • Microsoft 365 Business Premium

You'll also need the devices to be on a supported version of Windows 10, enrolled in Intune and either Hybrid or Azure AD joined. Telemetry will need to be enabled - this can be enforced with a Device Restriction policy.

If you have an Update Ring profile, the delay for feature updates must be set to 0 days. It won't update past the version specified in the feature update profile. (Unlike the delay or pause options in the update ring, this lasts until the profile is removed or replaced by one with a newer version listed).

If your devices are co-managed, make sure you create the Feature Update profile before switching the Windows Update workload to Intune - doing this the other way round can lead to devices updating past the version specified in the Feature Update profile.

Update Profile

Open the MEM admin centre and go to Devices > Feature updates for Windows 10 and later (Preview). Create a new profile, then work through the steps selecting the feature update you wish to deploy (Windows 11) and assign it to a device group.

Screenshot of 'Create feature update deployment' settings in Intune
Select the feature update you wish to deploy. The dropdown list will show all currently supported versions of Windows 10 and 11.

It will (eventually) install on the device, assuming it meets the Windows 11 system requirements.. If somebody is logged in at the time, it will prompt them that there is a feature update restart required:

Screenshot of Windows Update on a device running Windows 10, showing that Windows 11 update has been applied and a restart is pending.
If somebody is logged on when the upgrade has been installed, they'll get a toast notification prompting them to restart the device.

While we've used this to update to Windows 11 here, you can also use this to freeze at a particular version - if you configure your feature update policy to Windows 10 21H1 your devices will not update past that version until your policy is updated. Any devices that have already updated will stay where they are, and won't downgrade.

With Feature Updates there is a feature called Safeguard Hold. When a device checks whether an update is applicable, if it finds an unresolved known issue it creates a safeguard hold, and won't update until that issue has been resolved. You can find out about the known issues for a Windows feature update by going to Windows release health | Microsoft Docs.

Further Reading

In this post

Support My Work

I hope you find my content useful. Please consider tipping to support the running costs of hosting, licensing etc on my Ko-fi page.

Support me on Ko-fi

Search