By now you should already know about the autopilot enrolment in Intune (Overview of Windows Autopilot | Microsoft Learn).
Well, autopilot enrolment just got a good improvement as it can now install Windows security updates during the enrolment.
The configuration to enable or disable the security updates installation during enrollment is managed from the enrollment status page (ESP).
Existing ESP configuration (including the default All users and all devices) will have the option to install the updates turned off by default, while new ESP configuration will have the option turned on by default.
This new capability is aligning with the default ‘non autopilot’ Out Of the Box Experience (OOBE) which installs updates during the process.
