Introduction

With the expedited updates feature in Microsoft Endpoint you can deploy updates like the most recent patch Tuesday release or out-of-band security updates.

For example, we just saw a flaw with the windows print spooler where the attacker could execute arbitrary code with SYSTEM privileges on a non-patch system.

Not all updates can be expedited as it is currently only available for Windows 10 security updates.

So why use this feature instead of my configured Windows 10 ring rollout?

You want to use this feature to speed things up. Expedite updates uses the available services, like push notification channels, which is a process to download and install updates as soon as possible, without having to wait for the device to check in for updates.

 

 

Requirements

– Use Intune to expedite Windows 10 quality updates – Azure | Microsoft Docs

 

 

Create expedite patch deployment

Go to endpoint.microsoft.com

Choose Devices

 

Choose Windows 10 quality updates (Preview)

 

Create profile

 

Give it a name that you can easily find

 

 

 

Add groups

 

I have grouped devices into waves, so that I can test on small groups before going global

 

Create

 

Done

 

Patch report for your management

When something bad happens and your company is potentially at risk, management usually are a bit pushy on some reports. This is how you can give them what they want.

Go to endpoint.microsoft.com

 

Windows updates (preview)

 

Choose reports

 

Windows Expedited Update report (Preview)

 

Select an expedited update profile

 

Select the expedited update we created earlier

 

Generate

 

Export data and give it to the management.

 

Summary

I hope this post gave you some insight how to get around with zero-day patching and Endpoint Manager easily and quickly. It is here to ease your life as an admin in your daily job. Go try it out yourself!

Happy patching!

 

Source:

Use Intune to expedite Windows 10 quality updates – Azure | Microsoft Docs

Windows message center | Microsoft Docs