check before: 2026-01-01
Product:
Intune, SharePoint, Windows
Platform:
Online, Windows Desktop, World tenant
Status:
Change type:
Feature update, Admin impact
Links:
Details:
Summary:
Starting January 2026, Windows 11 (22H2+) devices can install quality updates during out-of-box experience (OOBE) via Intune’s Enrollment Status Page (ESP). Configure the "Install Windows updates" setting in ESP and use update rings to manage updates. Devices without ESP or Autopilot preparation won't update during OOBE.
Details:
Beginning with the January 2026 Windows security update, quality updates can be installed during the out-of-box experience (OOBE) for devices that are on Windows 11, version 22H2 or later. You can enable and manage these updates through Intune's Install Windows updates setting in the Enrollment Status Page (ESP).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-12-02
updated:
2025-12-02
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Quality Updates Installation Failure
Devices without ESP or Autopilot preparation will not receive critical security updates during OOBE, leading to potential vulnerabilities.
- roles: IT Administrator, Security Officer
- references: https://learn.microsoft.com/intune/intune-service/enrollment/windows-enrollment-status, https://techcommunity.microsoft.com/blog/windows-itpro-blog/get-ready-for-windows-quality-updates-out-of-the-box/4434498
User Experience Degradation
Users may experience delays or issues if devices are not updated during OOBE, leading to a poor initial setup experience.
- roles: End User, Support Technician
- references: https://learn.microsoft.com/intune/intune-service/enrollment/windows-enrollment-status, https://techcommunity.microsoft.com/blog/windows-itpro-blog/get-ready-for-windows-quality-updates-out-of-the-box/4434498
Increased Support Tickets
Failure to configure updates properly may result in increased support requests from users facing issues due to outdated software.
- roles: Support Technician, IT Administrator
- references: https://learn.microsoft.com/intune/intune-service/protect/windows-10-update-rings, https://techcommunity.microsoft.com/blog/windows-itpro-blog/get-ready-for-windows-quality-updates-out-of-the-box/4434498
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced User Experience During Setup
By enabling quality updates during the out-of-box experience (OOBE), new devices will have the latest security and feature updates installed right from the start, ensuring users have a smoother and more secure experience when they first log in.
- next-steps: Review and configure the Enrollment Status Page (ESP) settings to enable the 'Install Windows updates' option. Communicate the changes to the IT team and update user guidance materials accordingly.
- roles: IT Administrators, End Users, Support Teams
- references: https://learn.microsoft.com/intune/intune-service/enrollment/windows-enrollment-status, https://techcommunity.microsoft.com/blog/windows-itpro-blog/get-ready-for-windows-quality-updates-out-of-the-box/4434498
Streamlined IT Operations
Managing updates through Intune's Enrollment Status Page allows IT to automate the update process, reducing the manual workload associated with preparing devices for new users and ensuring compliance with security standards.
- next-steps: Create or modify update rings policies to align with the organization's update strategy. Train IT staff on the new procedures for managing updates during OOBE.
- roles: IT Operations Managers, System Administrators
- references: https://learn.microsoft.com/intune/intune-service/protect/windows-10-update-rings, https://techcommunity.microsoft.com/blog/windows-itpro-blog/get-ready-for-windows-quality-updates-out-of-the-box/4434498
Improved Security Posture
Installing quality updates during OOBE ensures that devices are protected with the latest security patches before they are handed over to users, reducing the risk of vulnerabilities being exploited during initial use.
- next-steps: Conduct a security assessment to identify any potential risks associated with not enabling updates during OOBE. Update security policies to reflect the new update management approach.
- roles: Security Officers, Compliance Managers, IT Administrators
- references: https://learn.microsoft.com/intune/intune-service/enrollment/windows-enrollment-status, https://techcommunity.microsoft.com/blog/windows-itpro-blog/get-ready-for-windows-quality-updates-out-of-the-box/4434498
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
