Managing Windows Insider Preview Builds within the organization

This week is al around managing Windows Insider Preview Builds. Even though it’s not a new subject, it’s good to at least get a refresher. Especially when mentioning the Windows Insider Preview for Business program, as it’s often still unknown. The fun part, however, is that it’s actually pretty simple to get started. For organizations, the Windows Insider Preview for Business program enables them not having to register each device or user in the program and to easily set important policies around preview builds. The only requirement is to register an Azure AD tenant, so it can be used for authentication.This post walks through that requirement and more, as prequisites for configuring Windows Insider Preview Builds within the organization, followed with the steps for creating an update ring to configure a specific Windows Insider build. This post ends with the user experience.

Tip: When looking for a method to provide users with an option to opt-in for using Windows Insider Preview Builds, have a look at my previous blog post about using access packages.

Important: Keep in mind that devices running Windows Insider Preview Builds are not reporting information about the latest update status to Update Compliance.

Prerequisites for using Windows Insider Preview Builds

Before looking at the creation of an update ring, it’s important to make sure that the prequisites below are in place. Those prequisites make sure that everything is in place to simply automatically register users within the Windows Insider Preview for Business program after applying the update ring.

  • Register the organization with the Windows Insider Preview for Business program. That registration enables the best user experience, as user will automatically be registered after applying the configuration.
  • Join the device to the Azure AD tenant that is registered with the Windows Insider Preview for Business program. That join will make sure that the user can actually authenticate with the registered tenant for Windows Insider Preview Builds.
  • Turn on optional diagnostic data on the devices to get users started with Windows Insider Preview Builds. That data is required to be able to succesfully run Windows Insider Preview Builds.

Note: For that Azure AD tenant, simply use any production tenant. The Azure AD tenant is only used for authentication.

Creating an update ring for Windows 10 and later

When looking at the configuration of an update ring for Windows 10 and later – once the prerequisites are in place – there are only a few settings really important for actually controlling the Windows Insider Preview Builds that are enabled on the applicable devices in the organization. The following seven steps walk through the configuration of an update ring that is focused on the required configuration options for Windows Insider Preview Builds.

Note: With service release 2111 a few new settings became available for controlling Windows Insider Builds.

  1. Open the Microsoft Endpoint Manager admin center portal and navigate to Devices > Windows > Update rings for Windows 10 and later
  2. On the Windows | Update rings for Windows 10 and later blade, click Create profile
  3. On the Basics page, provide a valid Name and an (optional) Description and click Next
  4. On the Update ring settings page, provide at least the following configuration and click Next
  • Update settings – This section is used for configuring the available update settings
    • Microsoft product updates: Select Allow to also allow Microsoft product updates
    • Windows drivers: Select Allow to also allow Windows drivers
    • Quality update deferral period (days): Specify 0 to prevent the deferral of quality updates
    • Feature update deferral period (days): Specify 0 to prevent the deferral feature updates
      • Upgrade Windows 10 devices to Latest Windows 11 release
    • Set feature update uninstall period (2 – 60 days): Specify 10 to enable the uninstall period
    • Enable pre-release builds: Select Enable to enable the devices to run pre-release builds
    • Select pre-release channel: Select Windows Insider – Release Preview, Beta channel, or Dev channel as the servicing channel to enable the devices to run a Windows Insiders build

Note: Keep in mind that enabling pre-release builds will cause devices to reboot. There should, however, no longer be an additional reboot during Windows Autopilot (as the ManagePreviewBuilds setting is no longer changed).

  • User experience settings – This section is used for configuring the available user experience settings
    • Automatic update behavior: Configure te automatic update behavior
      • Active hours start: Configure the start of the active hours that are used for the automatic update behavior
      • Active hours end: Configure the end of the active hours that are used for the automatic update behavior
    • Restart checks: Configure to allow or skip the restart checks (battery, display, presentation mode, and more)
    • Option to pause Windows updates: Configure to enable or disable the option to pause Windows updates
    • Option to check for Windows updates: Configure to enable or disable the button to check for Windows updates
      • Change notification update level: Configure the level of notifications that are shown for Windows updates
    • Use deadline settings: Configure to allow or prevent users to use the deadline settings for Windows updates
      • Deadline for feature updates: Configure the number of days before feature updates are installed automatically
      • Deadline for quality updates: Configure the number of days before quality updates are installed automatically
      • Grace period: Configure the number of days after the restart before the device restarts automatically
      • Auto reboot before deadline: Configure if the device should automatically restart before the deadline
  1. On the Scope tags page, configure the required scope tags and click Next
  2. On the Assignments page, add the required user or device group and click Next
  3. On the Review + create page, review the configuration and click Create

User experience with a Windows Insider servicing channel

When looking at the user experience after configuring the Windows Insider Program on the device, the best place to look is the Settings app. That app provides an overview of the configuration when navigating to Windows Update > Windows Insider Program (as shown on the left in Figure 2). It shows the channel, the Windows Insider account (a business account) and potentially even already a newer Windows Insider Build that’s available. The IT administrator might want to verify the configuration on the device itself. That can be achieved by navigating to HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update in the Registry Editor (as shown on the right in Figure 2). That location provides an overview of the configured settings.

More information

For more information about update rings and Windows Insiders Program for Business, refer to the following docs.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.