Windows 11 23H2 feature update also known as Windows 11 2023 update is now available. New features of Windows 11 version 23H2 are already Included in Windows 11 22H2, if you have applied the latest Quality update. However, the new features are not Activated yet.
These new features will remain Inactive until you use the “enablement package”, a small payload to activate these new settings. The enablement package (eKB) makes it easier to update to 23H2 with just one Restart and reduces the time it takes to complete the upgrade process.
You have the option to manually download an Enablement package KB5027397, if you prefer. It is recommended to Install it on top of the latest Quality Updates when you are using Windows 11, version 22H2.
An alternative method is to use the Intune admin center to upgrade your Windows 11 22H2 devices to Windows 11 23H2 by simply creating a Feature update policy.
By utilizing a Feature Updates policy in Intune, you can choose the specific Windows feature update version for your organization’s devices. This effectively locks that feature update version on all devices.
For instance, if you set up your devices to operate on Windows 11 23H2 using a feature update profile, all devices will stay at this specific feature update level.
Windows Feature update policies works along with Update Rings policies to prevent a device from receiving a feature update version beyond the specified value in the feature update policy.
Table of Contents
Prerequisites
- Windows 11 devices must be Enrolled and managed by Intune
- Users of the Devices should be assigned one of the following licenses:
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows Virtual Desktop Access E3 or E5
- Microsoft 365 Business Premium
- Devices can be either Entra joined or Entra Hybrid joined.
- Following Windows 10 and Windows 11 Editions are supported:
- Pro/Education/Enterprise/Pro Education/Pro for Workstations.
- Telemetry/Diagnostic data sharing with Microsoft should be Enabled and set to Required level.
- Microsoft Account Sign-in Assistant service (wlidsvc) should not be in disabled state. It needs to be kept in Manually triggered state.
When you have an Update Ring policy, set the “Feature update deferral period (days)” to 0 to avoid any delays in delivering feature update to devices via Feature update policy.
Recommended
Step 1 – Create a Feature Update Policy
To create a feature update policy, follow below steps:
- Sign in to Intune admin center
- Click on Devices > Feature update for Windows 10 and later
Deployment settings
On Deployment settings tab, Configure below options:
- Name: Provide a name of the Feature update policy
- Description: Provide a useful description.
- Feature update to deploy: Use the drop-down to select Windows 11, version 23H2.
- Rollout options: There are three roll-out options:
- Make update available as soon as possible – This is the default option selected, It will deploy feature update on users devices without any delay.
- Make update available on a specific date – You can select a day on which you want this feature update to be availalbe for targeted devices.
- Make update available gradually – You can provide a range of time to make the updates available to devices. Intune will automatically create a subset of target devices based on the range configured and duration mentioned between those days. For more Information, refer to the link: Make updates available gradually.
Assignments
Now, you can assign this Feature update deployment to the devices you want to upgrade. Click on Add group and select an Entra security group containing Windows devices. Click Next.
Review + create
Review the Deployment Summary and click on Create button.
- Feature update profile has been created successfully.
End-user Experience
Once this Feature update deployment profile is applied to users devices, they will receive a notification and need to perform a device reboot to finalize the installation process.
User do not need to take any action to get this feature update deployment profile on their devices. Windows devices regularly check-in with Intune for new policy updates.
However, if you want to speed up this process, you can also force an Intune sync from the device. A restart of the device also triggers Intune device check-in process.
Troubleshooting
If there are any issues with the deployment of the Windows 11 23H2 feature update, there are multiple places to investigate and find out what went wrong.
1. Investigate Event Viewer logs
To start with your troubleshooting, you can check Event viewer logs on the target device. Follow below steps to check:
- Press Windows Key + R to open the Run dialog box.
- Type eventvwr and press Enter to open Event viewer.
- Navigate to Application and Services logs > Microsoft > Windows > DeviceManagement– Enterprise-Diagnostics-Provider > Admin.
2. Check if Safeguard hold is applied
If a device has a Safeguard hold applied for a feature update version being deployed through Intune, the upgrade may not proceed. To learn more about opting out of Safeguard hold, refer to this link.
3. Check Reports on Intune admin center
Export Feature update reports to investigate the deployment’s status. Confirm that the deployment is in the offering state; if it’s in a paused or scheduled state, the update won’t be deployed. For instructions on exporting Feature update reports, refer to the link: 3 Ways to Export Windows Feature Update Report from Intune.
4. Check if Telemetry level is set to Required
In some instances, if the Telemetry level is not set to “Required,” Feature updates via Intune may not be offered to the devices. Ensure that the Telemetry or Diagnostic data setting is set to “Required.” For more information on Telemetry/Diagnostic data settings, refer to the link: Intune: Configure Windows Telemetry/Diagnostic data [3 ways].
