deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/deployment/windows-autopatch/manage/windows-autopatch-manage-driver-and-firmware-updates.md
tiaraquan 0b7abd9bc5 Unification GA
2024-08-29 20:59:11 -07:00

9.2 KiB
Raw Blame History

title, description, ms.date, ms.service, ms.subservice, ms.topic, ms.localizationpriority, author, ms.author, manager, ms.reviewer, ms.collection
title description ms.date ms.service ms.subservice ms.topic ms.localizationpriority author ms.author manager ms.reviewer ms.collection
Manage driver and firmware updates This article explains how you can manage driver and firmware updates with Windows Autopatch 09/16/2024 windows-client autopatch how-to medium tiaraquan tiaraquan aaroncz andredm7
highpri
tier1

Manage driver and firmware updates

You can manage driver and firmware profiles for Windows 10 and later devices. By using targeted policies, you can expedite a specific driver and firmware update to release to your tenant. For more information about driver updates for Windows 10 and later, see Windows driver update management in Intune.

Driver and firmware controls

[!INCLUDE windows-autopatch-enterprise-e3-f3-licenses]

You can manage and control your driver and firmware updates by:

  • Controlling the flow of all drivers to an Autopatch group or rings within an Autopatch group
  • Controlling the flow of a specific driver or firmware across your entire tenant via approvals
  • Approving and deploying other drivers and firmware that previously couldnt be centrally managed

Automatic and Manual modes

The Autopatch service creates additional driver profiles on a per-deployment ring and per group basis within your tenant.

Note

For more information about policies created for Driver updates for Windows 10 and later, see Changes made at feature activation.

Choosing between Automatic and Manual modes can be done per-deployment ring and/or per Autopatch group. For a single Autopatch group, a mix of both Automatic and Manual policies is allowed. If you were previously in Manual mode, we create Manual policies for all your group rings. If Automatic (the default) was previously used, we create Automatic policies instead.

Important

If you switch between Automatic and Manual modes, new policies are generated to replace old policies. Youll lose any approvals previously made for those groups and/or deployment rings.

Modes Description
Automatic We recommend using Automatic mode.

Automatic mode (default) is recommended for organizations with standard Original Equipment Manufacturer (OEM) devices where no recent driver or hardware issues occurred due to Windows Updates.

Automatic mode ensures the most secure drivers are installed using Autopatch deployment ring rollout. You can also choose to deploy additional drivers from the Other tab to your deployment rings or Autopatch groups that are set to Automatic.
Manual When you use Manual mode, no drivers are installed in your environment without your explicit approval. You can also choose to deploy additional drivers from the Other tab to your deployment rings or Autopatch groups that are set to Manual.

Manual mode turns off Windows Autopatchs automatic driver deployment. Instead, the Administrator controls the driver deployment.

The Administrator selects the individual drivers to be deployed to their tenant. Then, the Administrator can choose to approve those drivers for deployment. Drivers approved can vary between deployment rings.

Note

In both Automatic and Manual modes, the drivers listed for selection represent only the drivers needed for the targeted clients, which are the Autopatch deployment rings. Therefore, the drivers offered may vary between rings depending on the variety of device hardware in an organization.

Set driver and firmware updates to Automatic or Manual mode

To set driver and firmware updates to Automatic or Manual mode:

  1. Go to the Microsoft Intune admin center.
  2. Navigate to Devices > Manage Updates > Windows Updates > Driver Updates tab.
  3. Select the groups youd like to modify. Find the Driver update settings section, then select Edit.
  4. Set the policy to be Automatic or Manual for each deployment ring within the previously selected group.
    1. If you select Automatic, you can choose a Deferral period in days from the dropdown menu.
    2. If you select Manual, the deferral day setting cant be set and displays Not applicable.
  5. Select Review + Save to review all changes made.
  6. Once the review is done, select Save to commit your changes.
Choose the deferral period for driver and firmware updates for Automatic deployment rings

For deployment rings set to Automatic, you can choose the deferral period for driver and firmware updates. The deferral period is the number of days that you must wait to deploy after a driver becomes available. By default, these deferral values match the values you set for your Windows quality updates.

The deferral period allows you to delay the installation of driver and firmware updates on the devices in the specified deployment ring in case you want to test the update on a smaller group of devices first or avoid potential disruptions during a busy period.

The deferral period can be set from 0 to 14 days, and it can be different for each deployment ring.

Note

The deferral period only applies to Automatic driver and firmware updates. Updates to approved Manual policies, that are approved, are installed immediately.

Recommended driver and firmware updates across managed devices

Recommended drivers and firmware

Recommended drivers are the best match for the 'required' driver updates that Windows Update can identify for a device. To be a recommended update, the OEM or driver publisher must mark the update as required and the update must be the most recent update version marked as required. These updates are the same ones available through Windows Update and are almost always the most current update version for a driver.

When an OEM releases a newer update version that qualifies to be the new recommended driver, it replaces the previous update as the recommended driver update. If the older update version is still applicable to a device in the policy, it's moved to the Other drivers tab. If the older version was previously approved, it remains approved.

Approve and deploy recommended drivers

To approve and deploy recommended drivers:

  1. Go to the Microsoft Intune admin center, navigate to Devices > Manage Updates | Windows Autopatch > Driver Updates > Recommended drivers tab. This tab lists all drivers that are to be deployed to all Autopatch managed devices.
  2. Select the driver or drivers youd like to manage.
  3. Select Manage. You can either:
    1. Approve the drivers for all or some deployment rings
    2. Decline the drivers for all or some deployment rings
    3. Manage the drivers for all or some deployment rings
  4. In the Approve for these rings dropdown, select the applicable rings. Approved drivers are grayed out in the Decline for these rings dropdown.
  5. In the Decline for these rings dropdown, select the applicable rings. Declined drivers are grayed out in the Approve for these rings dropdown.
  6. Select Save.

Other drivers and firmware

Other driver updates are updates available from the original equipment manufacturer (OEM) aside from the current recommended driver update. These updates remain in the policy if they're newer than the driver version that is currently installed on at least one device with the policy.

These updates can include:

  • A previously recommended update is superseded by a newer update version
  • Firmware updates
  • Optional driver updates, or updates that the OEM doesn't intend to be installed on all devices by default

Approve and deploy other drivers

To approve and deploy other drivers:

  1. Go to the Microsoft Intune admin center, navigate to Devices > Windows Autopatch > Release Management > Release schedule > Driver Updates > Other drivers tab. This tab lists updates that are available from the original equipment manufacturer (OEM) aside from the current recommended driver update. The list of drivers in this tab can be long.
  2. Select the driver or drivers youd like to manage throughout the tenant.
  3. Select Manage. You can either:
    1. Approve the drivers for all or some deployment rings
    2. Decline the drivers for all or some deployment rings
    3. Manage the drivers for all or some deployment rings
  4. In the Approve for these rings dropdown, select the applicable rings. Approved drivers are grayed out in the Decline for these rings dropdown.
  5. In the Decline for these rings dropdown, select the applicable rings. Declined drivers are grayed out in the Approve for these rings dropdown.
  6. You must provide a justification for the change. If you need to submit a support request, you must copy and paste your justification in your support request. The Windows Autopatch Service Engineering Team doesnt have access to your original justification.
  7. Select Save.