Introduction
With the expedited updates feature in Microsoft Endpoint you can deploy updates like the most recent patch Tuesday release or out-of-band security updates.
For example, we just saw a flaw with the windows print spooler where the attacker could execute arbitrary code with SYSTEM privileges on a non-patch system.
Not all updates can be expedited as it is currently only available for Windows 10 security updates.
So why use this feature instead of my configured Windows 10 ring rollout?
You want to use this feature to speed things up. Expedite updates uses the available services, like push notification channels, which is a process to download and install updates as soon as possible, without having to wait for the device to check in for updates.
Requirements
– Use Intune to expedite Windows 10 quality updates – Azure | Microsoft Docs
Create expedite patch deployment
Go to endpoint.microsoft.com
Choose Devices
Choose Windows 10 quality updates (Preview)
Create profile
Give it a name that you can easily find
Add groups
I have grouped devices into waves, so that I can test on small groups before going global
Create
Done
Patch report for your management
When something bad happens and your company is potentially at risk, management usually are a bit pushy on some reports. This is how you can give them what they want.
Go to endpoint.microsoft.com
Windows updates (preview)
Choose reports
Windows Expedited Update report (Preview)
Select an expedited update profile
Select the expedited update we created earlier
Generate
Export data and give it to the management.
Summary
I hope this post gave you some insight how to get around with zero-day patching and Endpoint Manager easily and quickly. It is here to ease your life as an admin in your daily job. Go try it out yourself!
Happy patching!
Source:
Use Intune to expedite Windows 10 quality updates – Azure | Microsoft Docs
