Upgrade to Windows 11 22H2 using Intune | Endpoint Manager
In this article, I will show you how to upgrade to Windows 11 22H2 using Intune (Microsoft Endpoint Manager) feature update. We will create an Intune feature update deployment policy to upgrade existing Windows 10/11 devices to Windows 11 version 22H2.
You can upgrade an existing Windows 10 device to Windows 11 using the Endpoint Manager (Intune) feature update deployment. The same feature update deployment policy can be used to upgrade Windows 11 21H2 to Windows 11 22H2.
There are different methods that one can use to upgrade to Windows 11 22H2. For example, you can perform a Windows 11 22H2 upgrade using Configuration Manager. You can use the Windows servicing feature, a task sequence, or a servicing plan to upgrade to Windows 11 version 22H2. Windows Autopatch can also be a nice choice for deploying Windows 11 22H2 upgrades.
Windows 11 22H2 is not an enablement package, so if your devices are running Windows 11 21H2, you should be aware of this. It’s rather a big upgrade that completely upgrades the existing OS. I wished it was an enablement package because that would have sped up deployment and installation.
With Intune, we basically utilize the Windows Update for Business (WUfB) to upgrade devices to Windows 11 22H2. Windows Update for Business is a free service that is available for all premium editions, including Windows 10 and Windows 11 Pro, Enterprise, Pro for Workstation, and Education editions. With WUfB, you can control Windows Update for Business policies using Mobile Device Management (MDM) tools such as Microsoft Intune.
Prerequisites for upgrading to Windows 11 22H2 using WUfB Feature Updates
If you are going to use Windows Update for Business (WUfB) feature updates to upgrade devices to Windows 11 22H2, here are some important prerequisites.
- The devices should have appropriate licences assigned. Refer to the info on subscriptions required for deploying feature update in Intune.
- The devices should be enrolled in Microsoft Intune and should be running a supported version of Windows Server operating system for version 22H2 upgrade.
- The device in Intune should be running a supported version of Windows 10/11. The device must be enrolled in Intune MDM and be Hybrid AD joined or Azure AD joined.
- Supported OS for WUfB include: Windows 10/11 Pro, Windows 10/11 Enterprise, Windows 10/11 Team – for Surface Hub devices and Windows Holographic for Business.
- The Microsoft Account Sign-In Assistant (wlidsvc) service must be turned on. If the service is blocked or set to Disabled, you may have issues with Windows 11 22H2 upgrades. By default, the service is set to Manual (Trigger Start), which allows it to run when needed.
Also Read: How to Upgrade Windows 11 Edition using Intune | MEM
Create Update Ring for Windows 11 22H2 in Intune
Windows Update for Business allows an administrator to define Windows Update servicing rings. Windows Update rings in Intune specify how and when Windows as a Service updates your Windows 10/11 devices with feature and quality updates. The WUfB Windows 11 22H2 feature update can be used to upgrade your eligible Windows 10 devices to Windows 11.
You can move on to the next step if you have already created an update ring in Intune for Windows 10 and later devices. Here are the steps for creating an update ring in Intune if you haven’t already.
- Sign in to Microsoft Endpoint Manager admin center.
- Go to Devices > Policy and select Update Rings for Windows 10 and later.
- On the right-pane, click Create Profile.
On the Basics page, specify the name for Update Ring such as “Update Ring for Windows 11 22H2“. Add a brief description for the update ring and click Next.
Configure Update Ring Settings for Windows 11 22H2 Upgrade
In this section, we’ll look at the update settings that are available when you create an update ring in Intune.
- Microsoft Product Updates: This allows you to control whether to scan for updates from Microsoft Update. By default, it is set to Allow.
- Windows Drivers: You can allow or block driver updates via Windows Update. Set to Allow by default.
- Quality update deferral period (days): Defer quality updates for the specified number of days.
- Feature update deferral period (days): Defer feature updates for the specified number of days.
- Upgrade Windows 10 devices to the latest Windows 11 release: Set to upgrade eligible Windows 10 devices to the latest Windows 11 release.
- Set feature update uninstall period (2–60 days): Configure the feature update uninstall period. The default value is 10 days.
- Enable pre-release builds: Enable pre-release builds if you want devices to be on a Windows Insider channel. Enabling pre-release builds will cause devices to reboot. The default value is set to Not Configured.
- Automatic Update Behavior: Manage automatic update behavior to scan, download, and install updates.
- Active Hours Start: Configure a period when restarts due to update installations will be suppressed.
- Active Hours End: Configure a period when restarts due to update installations will be suppressed.
- Restart Checks: Set to skip all checks before restart: battery level = 40%, user presence, display needed, presentation mode, full-screen mode, phone call state, game mode, etc.
- Option to pause Windows Updates: An option in Windows Update that, when enabled, lets device users pause updates for a certain number of days.
- Option to check for Windows updates: A button in Windows Update that, when enabled, lets device users check the update service for updates.
- Use deadline settings: Allows user to use deadline settings.
- Deadline for feature updates: Specifies the number of days a user has before feature updates are installed on their devices automatically.
- Deadline for quality updates: Specifies the number of days a user has before quality updates are installed on their devices automatically.
- Grace period: Specifies a minimum number of days after deadline until restarts occur automatically.
- Auto-reboot before deadline: Specifies if the device should auto-reboot before deadline.
If you notice, most of the options are set to default in my case. These values should be customized based on the business requirements. When you are done configuring the options, click Next.
Under Assignments, choose + Add groups to include, and then assign the update ring to one or more groups. Select Next to continue.
Note: While update rings can deploy to both device and user groups, consider using only device groups when you also use feature updates.
Under Review + Create, review the settings, and then select Create when ready to save your Windows update ring. Your new update ring is displayed in the list of update rings.
This completes the steps to create update ring for Windows 22H2 in Intune. In the next section we will look at the steps to upgrade to Windows 11 22H2 using Intune feature update deployment.
Upgrade to Windows 11 22H2 using Intune Feature Update Deployment Policy
The feature update policy in Intune controls the overall feature update process, such as Rollout Options. The Intune feature update deployment policy is nothing but a WUfB policy that helps IT admins upgrade to Windows 11 22H2. Let’s create a Windows 11 22H2 Feature Update Deployment Policy to upgrade all the eligible Windows devices to the Windows 11 22H2 version.
- Sign in to Microsoft Endpoint Manager admin center.
- Go to Devices > Policy and select Update Rings for Windows 10 and later.
- On the right-pane, click Create Profile.
On the Deployment Settings tab, enter the name for the profile, such as “Upgrade to Windows 11 22H2 using Intune.” Add a brief description to this profile.
Under the Feature deployment settings, click the Feature update to deploy drop-down, select Windows 11, version 22H2.
Intune Rollout Options for Windows 11 22H2 Upgrade
When you create a new feature deployment policy in Intune, you get three rollout options which lets you schedule the Windows 11 22H2 upgrades. These rollout options lets you decide how exactly you want to deploy the Windows 11 22H2 upgrades.
The following rollout options are available in Intune for feature update deployment:
- Make update available as soon as possible.
- Make update available on specific date.
- Make update available gradually.
Let’s understand about each rollout option that Intune offers and this should help you choose the correct option for your deployment.
1. Make update available as soon as possible: With this option, there’s no delay in making the update available to devices. This selection is the default behavior for Windows Update. This rollout option is useful when you are testing the Windows 11 22H2 upgrades on a pilot batch of devices in Intune.
2. Make update available on a specific date: With this option, you can select a day on which the update in the policy will become available to install. Windows Update won’t make the update available to devices with this configuration until that day is reached.
3: Make update available gradually: This process helps distribute the availability of the update across a range of time that you configure, with Windows Update making an update available to different subsets of the devices targeted by the policy, at different times. This option can reduce the effect to your network when compared to offering the update to all devices at the same time.
When you select this Intune feature update rollout option, there are additional configurations involved:
- First group availability: Configure the first day that Windows Update will offer the update to devices that receive this policy. This date must be at least two days in the future from when you configure this policy.
- Final group availability: Configure the last day that Windows Update makes the update available to what will be the final offer group. The last offer group includes all remaining devices that haven’t already received the offer. Depending on the number of days between groups, the last offer might not occur on the last day of the schedule. Devices that are assigned this policy after the final group availability date will receive the offer immediately.
- Days between groups: Windows Update uses this value to determine how many offer groups to use when making the update available to devices.
I am going to select the rollout option “Make update available as soon as possible“. This will ensure the Windows 11 22H2 upgrade is made available to targetted devices as soon as possible. Click Next.
On the Assignments page, include the groups to which you want to deploy the feature update deployment policy. Under Included Groups, click on Add Groups and here you can either select Azure AD Devices or Users to deploy the WUfB Windows 11 22H2 feature update.
Tip: Create a Windows 11 Azure AD device group and add few pilot devices that are eligible for Windows 11 22H2 upgrade. Use this group for testing and once the upgrades are successful, you can edit the policy and expand the upgrades to larger number of devices.
Once you have finished adding the groups for Assignments, click Next.
On the Review + Create tab, you can see the summary of all the deployment settings, including the rollout configurations for WUfB Windows 11 22H2 feature update policy. Click on the Create button to complete the policy creation and initiate the deployment.
End User Experience – Windows 11 22H2 Upgrade with Intune
After waiting for over 45 minutes, finally the Windows 11 22H2 upgrade appeared on my devices. The Windows 11, version 22H2 upgrade appeared on the Windows Update window. The upgrade started to download and subsequently, the Windows 11 21H2 was upgraded to Windows 11 22H2 with a single reboot.
On another device, the Windows 11 22H2 upgrade failed with the following message: This PC doesn’t currently meet Windows 11 system requirements.
- The processor isn’t supported for this version of Windows
- The PC must support TPM 2.0.
If you encounter the same error, ensure the device meets the specified criteria for Windows 11 and then attempt to perform the upgrade again.
Troubleshoot Windows 11 22H2 Upgrade Issues
Additional troubleshooting may occasionally be needed when you apply the Intune feature update deployment policy to upgrade devices to Windows 11 version 22H2. For instance, you may need to check a few things if devices don’t receive the Windows 11 22H2 upgrade.
Fact: Even though I selected the rollout option “Make update available as soon as possible” while creating the WUfB Windows 11 22H2 upgrade policy, the update took some time to appear. Honesty, it took around 45 minutes to see the Windows 11 22H2 upgrade on my devices.
The point that I am trying to make here is be patient after you deploy the upgrade policy and don’t panic if you don’t see the Windows 11 22H2 upgrade. It will eventually appear and if it doesn’t, here are the troubleshooting steps that you can perform:
- Manually Sync the Intune Policies on devices: As a basics troubleshooting step, you can manually sync Intune policy on a device that doesn’t get the Windows 11 22H2 upgrade. You can follow this guide to know how to manually sync Intune policies on Windows devices.
- Examine the Event logs: Event Logs are very critical and play a major role during troubleshooting the Windows 11 22H2 upgrade issues. On the device that doesn’t get Windows 11 22H2 upgrade, launch the Event viewer. Navigate to Application and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider. Here you will find the events logged for Admin, Autopilot and Operational categories. Select Admin and examine the events for errors.
- Check the WUfB Policy registry entries and values: When you deploy the Intune WUfB feature policy, the settings are applied at registry level. To determine what WUfB settings are applied for device, you can browse to the following registry key. Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\3E958E50-698D-4DEB-AC3D-03EFBEA01C2F\default\Device\Update.
Conclusion
The goal of writing this step-by-step guide is to help Intune admins upgrade to Windows 11 22H2 using Intune feature update deployment policy. I have covered every step in detail which should make it easier to roll out Windows 11 22H2 using Intune in your setup. If you require any further assistance related to the deployment or want to provide the feedback, use the comments section.
So I need both an update ring and feature update policy for the Windows 11 update to work?