As you may know, with Windows Update you have ‘mandatory’ updates (aka the monthly, cumulative updates) and optional updates, which usually covers some specific Windows components.
Deploying the optional updates has been a major pain over the past years as they are optional, which means they were not always deployed unless end-user (when allowed) where checking themselves the available updates.
Well, good news, you can now manage the deployment of these optional updates.
At this stage, this is officially available in preview (as per details about the corresponding CSP) but you can deploy the required update available for Windows Insider but can be deployed on production build.
The requirements for this are:
- Windows 11 22H2 or later
- Deploy the required update (KB5029351 – https://www.catalog.update.microsoft.com/Search.aspx?q=KB5029351) – unless you are running an Insider build
Now, connect to your Intune portal (https://intune.microsoft.com/) to create a custom device configuration profile and use the following CSP details:
- Name: what ever you want but use something explicit to understand the need of this one
- OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Update/AllowOptionalContent
- Data Type: Integer
- Value: see below
- 0: don’t receive optional updates
- 1: receive optional updates AND users have to check to install
- 2: receiver optional updates and automatically install them
After the policy is deployed on devices, a restart is required before it is taken into account.