Intune – You can now control optional updates deployments

As you may know, with Windows Update you have ‘mandatory’ updates (aka the monthly, cumulative updates) and optional updates, which usually covers some specific Windows components.

Deploying the optional updates has been a major pain over the past years as they are optional, which means they were not always deployed unless end-user (when allowed) where checking themselves the available updates.

Well, good news, you can now manage the deployment of these optional updates.

At this stage, this is officially available in preview (as per details about the corresponding CSP) but you can deploy the required update available for Windows Insider but can be deployed on production build.

The requirements for this are:

Now, connect to your Intune portal ( to create a custom device configuration profile and use the following CSP details:

  • Name: what ever you want but use something explicit to understand the need of this one
  • OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Update/AllowOptionalContent
  • Data Type: Integer
  • Value: see below
    • 0: don’t receive optional updates
    • 1: receive optional updates AND users have to check to install
    • 2: receiver optional updates and automatically install them


After the policy is deployed on devices, a restart is required before it is taken into account.

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.