After months of testing, Microsoft finally released Windows 11 23H2! Although Microsoft normally releases 2 feature updates a year they did not for Windows 11. Feature update 23H2 is the second one ever for Windows 11 and the first one in 2023.
Devices being managed with Intune can be upgraded via a Feature Update policy. The blog shows you how to upgrade to Windows 11 23H2. This post shows you how to do it using Feature Update policies. This does not demonstrate how to configure Windows Autopatch.
Note: Feature updates can be assigned to specific groups. We create a dynamic group which is limited to devices running Windows 11 already. Devices running Windows 10 are out of scope and will not be upgraded.
Create a Dynamic group for Windows 11 devices
- Navigate to https://portal.azure.com. Open Azure Active Directory.
- Click Groups -> New group.
- Fill in the required fields like shown below.
- Click Edit dynamic query. Use the following query to select only the devices running Windows 11 and being MDM (Intune) managed.
(device.deviceOSVersion -startsWith "10.0.2") -and (device.DeviceOSType -startsWith "Windows") -and (device.managementType -eq "MDM")
Note: Device OS version 10.0.2 is for Windows 11 devices. If you would like to select Windows 10 devices you need Device OS version 10.0.1.
Create a Feature update profile
Feature updates are managed in MDM (Endpoint Manager / Intune). Therefor we can close the Azure Portal and switch to Endpoint Manager / Intune.
- Navigate to https://endpoint.microsoft.com
- Click Devices -> Feature update for Windows 10 and later
- Click Create profile.
- Configure the options as shown below.
Note: Modify the rollout options to your preferred method. The first option deploys the feature update as soon as possible on all managed devices, which are part of the assignment. The second one does the same but starts on a specific date. This is useful if u prefer a delay after deploying the feature update profile. Using the gradually option deploys the update between specific dates and splits devices into groups without knowing when which device will be upgraded 🙂 The only thing you know is the start and finish date.
Assign the policy to the Dynamic group we’ve created before, click Next and finally Finish.
Your devices will now start updating to the newest feature update depending on the rollout option you selected.
Note: If you have update rings deployed with a feature update deferral period this will impact your Feature update deployment. It is recommend to set the Feature update deferral period (days) to 0. This configuration ensures your feature updates are not delayed by update deferrals that might be configured in an update ring policy.