check before: 2025-09-01
Product:
Intune, SharePoint, Windows
Platform:
Online, Windows Desktop, World tenant
Status:
Change type:
Admin impact, Updated message, User impact
Links:
Details:
Summary:
Windows 11 (22H2+) devices will install quality updates by default during out-of-box experience (OOBE). Intune’s August release adds an "Install Windows updates" setting in Enrollment Status Page (ESP) to control this. Update rings can manage update timing; devices without ESP cannot block updates during OOBE.
Details:
Update: The timing of this change has been delayed, review the Windows blog announcement for additional details.
In an upcoming Windows security update, quality updates will get installed by default during the out-of-box experience (OOBE) for devices that are on Windows 11, version 22H2 or later.
Expected in Intune's August (2508) service release, we will introduce a new setting "Install Windows updates" in the Enrollment Status Page (ESP) to allow you to manage the installation of quality updates during OOBE. Stay tuned to What's new in Intune for the release.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-08-13
updated:
2025-09-10
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Quality Updates Installation During OOBE
If quality updates are installed during OOBE without proper configuration, it may lead to unexpected system behavior or compatibility issues with existing applications, resulting in user frustration and decreased productivity.
- roles: IT Administrator, End User
- references: https://learn.microsoft.com/intune/intune-service/enrollment/windows-enrollment-status, https://techcommunity.microsoft.com/blog/windows-itpro-blog/coming-soon-quality-updates-during-the-out-of-box-experience/4374291
User Experience Disruption
Users may experience delays during the OOBE process due to the installation of updates, leading to a negative first impression of the device setup and potential dissatisfaction.
- roles: End User, Support Staff
- references: https://techcommunity.microsoft.com/blog/windows-itpro-blog/get-ready-for-windows-quality-updates-out-of-the-box/4434498, https://learn.microsoft.com/intune/intune-service/protect/windows-10-update-rings
Increased Support Tickets
Unprepared updates during OOBE may lead to an increase in support tickets as users encounter issues, putting additional strain on IT support resources.
- roles: Support Staff, IT Administrator
- references: https://aka.ms/IntuneWN, https://techcommunity.microsoft.com/blog/windows-itpro-blog/coming-soon-quality-updates-during-the-out-of-box-experience/4374291
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Imagine setting up a new smartphone. You know how, when you first turn it on, it asks you to connect to Wi-Fi, log into your accounts, and maybe even download some initial updates? This initial setup phase is what we call the "out-of-box experience" or OOBE for Windows devices.
With the latest changes, Windows 11 devices (version 22H2 and later) will automatically install important updates during this initial setup. Think of it like your phone automatically downloading the latest security patches before you even start using it. This ensures that the device is as secure and up-to-date as possible right from the start.
For those managing devices with Intune, a tool used to control and configure devices in an organization, there's a new setting called "Install Windows updates" in the Enrollment Status Page (ESP). This setting allows you to decide whether these updates should happen during the setup. It's like deciding whether your phone should update its software during the initial setup or wait until later.
If you're using Windows Autopilot, a service that helps set up and configure new devices, this setting will automatically be set to "Yes" for new profiles, meaning updates will happen during setup. For existing profiles, it will be set to "No," preventing updates during the initial setup unless you change it.
Devices that are set up without using ESP, or those with ESP turned off, will automatically receive updates during the setup. This is similar to a phone that doesn't give you the option to skip updates during its initial setup.
To manage when these updates happen, you can use something called "update rings." This is like setting a schedule for when your phone should check for and install updates. You can create policies that determine how long updates can be paused or deferred.
In summary, these changes are about ensuring devices are secure and up-to-date from the moment they are first turned on, while also giving IT administrators the flexibility to manage how and when updates are applied.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-09-10 | MC prepare | Update your documentation and user guidance as needed. To manage quality updates installed during OOBE for devices using ESP:
In the ESP profile, set Install Windows updates to "Yes" to allow updates or "No" to prevent updates. (Recommended) Use or create an update rings policy to manage pause and deferral settings for quality updates. Quality updates installed during OOBE will follow this policy. Assign the ESP profile and the update rings policy to "All devices" or device groups with devices registered for Windows Autopilot. [Related information:] Coming soon: Quality updates during the out-of-box experience Set up the Enrollment Status Page https://aka.ms/IntuneWN https://learn.microsoft.com/intune/intune-service/enrollment/windows-enrollment-status https://learn.microsoft.com/intune/intune-service/protect/windows-10-update-rings https://techcommunity.microsoft.com/blog/windows-itpro-blog/coming-soon-quality-updates-during-the-out-of-box-experience/4374291 | Update your documentation and user guidance as needed. To manage quality updates installed during OOBE for devices using ESP:
In the ESP profile, set Install Windows updates to "Yes" to allow updates or "No" to prevent updates. (Recommended) Use or create an update rings policy to manage pause and deferral settings for quality updates. Quality updates installed during OOBE will follow this policy. Assign the ESP profile and the update rings policy to "All devices" or device groups with devices registered for Windows Autopilot. [Related information:] Coming soon: Quality updates during the out-of-box experience Set up the Enrollment Status Page https://aka.ms/IntuneWN https://learn.microsoft.com/intune/intune-service/enrollment/windows-enrollment-status https://learn.microsoft.com/intune/intune-service/protect/windows-10-update-rings https://techcommunity.microsoft.com/blog/windows-itpro-blog/coming-soon-quality-updates-during-the-out-of-box-experience/4374291 https://techcommunity.microsoft.com/blog/windows-itpro-blog/get-ready-for-windows-quality-updates-out-of-the-box/4434498 |
| 2025-09-10 | MC Summary | Starting September 2025, Windows 11 (22H2+) devices will install quality updates by default during out-of-box experience (OOBE). Intune's August release adds an "Install Windows updates" setting in Enrollment Status Page (ESP) to control this. Update rings policies can manage update timing during OOBE. | Windows 11 (22H2+) devices will install quality updates by default during out-of-box experience (OOBE). Intune’s August release adds an "Install Windows updates" setting in Enrollment Status Page (ESP) to control this. Update rings can manage update timing; devices without ESP cannot block updates during OOBE. |
| 2025-09-10 | MC Last Updated | 08/13/2025 00:59:52 | 2025-09-09T23:51:27Z |
| 2025-09-10 | MC Messages | Beginning with the September 2025 Windows security update, quality updates will get installed by default during the out-of-box experience (OOBE) for devices that are on Windows 11, version 22H2 or later.
Expected in Intune's August (2508) service release, we will introduce a new setting "Install Windows updates" in the Enrollment Status Page (ESP) to allow you to manage the installation of quality updates during OOBE. Stay tuned to What's new in Intune for the release. | Update: The timing of this change has been delayed, review the Windows blog announcement for additional details.
In an upcoming Windows security update, quality updates will get installed by default during the out-of-box experience (OOBE) for devices that are on Windows 11, version 22H2 or later. Expected in Intune's August (2508) service release, we will introduce a new setting "Install Windows updates" in the Enrollment Status Page (ESP) to allow you to manage the installation of quality updates during OOBE. Stay tuned to What's new in Intune for the release. |
| 2025-09-10 | MC Title | Plan for Change: Windows quality updates during the out-of-box experience | (Updated) Plan for Change: Windows quality updates during the out-of-box experience |
| 2025-09-10 | MC MessageTagNames | User impact, Admin impact | Updated message, User impact, Admin impact |
Last updated 4 months ago ago
