Smoothly introducing new feature updates for Windows 11 as optional updates

This week is all about a new method to smoothly introduce a new feature update within the organization. That new method is the ability to create a feature update deployment policy with the option to make the new feature update available as an optional update. By making the latest feature update, or any other feature update that eventually must be deployed, available as an optional update, the user is still in control of actually installing the update. That leaves the IT administrator in control of making the feature update available and the user in control of the installation. Doing that, adds an easy step to smoothly introducing a new feature update in the organization. Besides a smooth process, this also provides an easy start when seeking for feedback on the introduction of a new feature update. And when early testing that update, it also directly reduces the risk when introducing it within the rest of the organization. In other words, a smooth introduction of a new feature update. This post will focus on the new option in the feature update deployment policy, followed with the user experience.

Creating the feature update policy

When looking at smoothly introducing new feature updates, it all starts with a feature update deployment policy. That on itself is nothing new, but a new setting is introduced within that policy that enables the ability to assign a feature update as optional. This option was already available directly via the Windows Update for Business deployment service, but that would require custom scripting to create feature update deployments. Now that has changed. Starting with service release 2405, the feature update deployment profile now contains an additional settings. That setting can be used to enable the specified feature update as an optional update. The following five steps walk through the creation of that profile.

  1. Open the Microsoft Intune admin center portal navigate to Devices > Windows 10 and later updates 
  2. On the Devices | Windows 10 and later updates page, navigate to the Feature updates tab and select Create profile
  3. On the Deployment settings page, provide the following information and click Next
  • Name: Provide a valid unique name for the feature update deployment profile to distinguish it from similar profiles
  • Description: (Optional) Provide a description for the feature updates deployment profile to further distinguish it
  • Feature update to deploy: Select the Windows 11 version that should become optional available on the devices
  • Select Make available to users as an optional update to make the update option available on the devices
  1. On the Assignments page, configure the require assignment for the feature update deployment profile and click Next
  2. On the Review + create page, verify the configuration and click Create

Note: To make the feature update required, simply select Make available to users as a required update in step 3.

Experiencing the feature update policy

After applying the feature update policy, experiencing the behavior as a user is actually pretty straight forward. When checking for new updates, the user will also be shown that the selected version of Windows is available (as shown below in Figure 2). That provides the IT administrators with a very easy method to smoothly introduce a new feature update within the environment. Of course, this does require proper communication to the user to provide instructions around the availability of a new version of Windows. That could still go together with a process around requesting access, as shown before in this post.

Besides that, it’s also good to know the impact of switching from optional to required feature updates. It doesn’t impact the device when the feature update is already installed. When the feature update isn’t started yet, the applicability will switch.

More information

For more information about working with feature update policies, refer to the following docs.

5 thoughts on “Smoothly introducing new feature updates for Windows 11 as optional updates”

  1. Hey Peter,

    Great article! My understanding for deploying Feature updates while using Autopatch is to create them via Release management> Windows feature updates?
    Would it work to create such and then go to Windows 10 and later updates> Feature updates and modify the generated profiles to be optional?

    Thinking this might be handy for upgrading our users to windows 11.

    • Adjusting the feature update configuration doesn’t allow the optional configuration via release management. Only directly adjusting the feature update configuration might be an option. That just might impact the Autopatch service. Creating custom profiles might create conflicts.
      Regards, Peter

    • When I read about the new optional feature update I went ahead and tested it directly. Created a SG and added about 30 devices and then from the device – windows update – feature updates page created a new optional policy and deployed it to the SG. All devices are member of autopatch.

      The result was very mixed. About 50 % updated without the user doing anything and the others having it as “expected” optional.

      I would have really liked to roll out 23h2 as optional over summer before making it mandatory to give users the option to upgrade when it suits them best. But I’m hesitating with this result 🙂

      All test devices where already on win 11 22h2. Not sure if this was due to autopatch (they still have the 22h2 upgrade on 100% complete deployed as I never figured out how to remove completed upgrades from the release management page, thought no conflicts or similar reported for policies anywhere)
      or something not working properly elsewhere. On Reddit/msblog I saw some user reporting Auto install issues without autopatch as well.

      I really hope they make it available for autopatch soon as well.
      I miss optional Updates in intune compared to sccm where I always used to deploy optional for a while. Users seem to préfère this as well.

      Good the 23h2 upgrade is so super fast when already on 22h2 and restart is mostly less than 5min. Can nearly be slipped in as a monthly update. User might won’t notice 🙂

  2. How to apply the items below via Microsoft Intune.

    1 = Enable ‘Microsoft Defender for Endpoint Plug-in for WSL’

    2 = Turn off custom kernel/commandline in Windows Subsystem for Linux


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.