Upgrade to Windows 11 24H2 using Intune

Microsoft has released Windows 11 24H2 feature update, also known as the Windows 11 2024 update. You can find more information about the new features of 24H2 on techcommunity.microsoft.com and learn.microsoft.com links.

It’s mentioned in the FAQs section of the techcommunity link that Windows 11 24H2 will be a full OS swap, not an enablement package. The minimum OS requirement for upgrading to 24H2 is Windows 11 23H2 or 22H2 with the May 2024 non-security preview update installed.

I recommend reviewing the links above, especially the FAQs section, which provides useful details about the update. In this blog post, we will not cover the features of Windows 11 24H2; instead, we’ll focus on its deployment via Intune. For detailed information about the features, refer to the above links.

Prerequisites

Before we proceed to the actual steps, I will provide below system requirements for upgrading the devices to 24H2 with Intune. For more general system requirements, refer to this link: Windows 11 Specs and System Requirements | Microsoft

  • Windows 11 devices must be Enrolled and managed by Intune
  • Users of the Devices should be assigned one of the following licenses:
    • Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
    • Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
    • Windows Virtual Desktop Access E3 or E5
    • Microsoft 365 Business Premium
  • Devices can be either Entra joined, or Entra Hybrid joined.
  • Following Windows 10 and Windows 11, Editions are supported:
    • Pro/Education/Enterprise/Pro Education/Pro for Workstations.
  • Telemetry/Diagnostic data sharing with Microsoft should be enabled and set to Required level.

Feature Update Policy

To upgrade Intune-managed devices to Windows 11 24H2, we will utilize a Feature Update policy. The Feature Updates policy in Intune allows you to specify the Windows feature update version for your organization’s devices, effectively locking Windows OS to that version of feature update.

You may already have an existing Feature Update policy that upgrades your company’s devices to Windows 11 23H2. One option for updating to 24H2 is to modify this existing policy by changing the Feature deployment setting to Windows 11 24H2.

However, this would result in all targeted devices being upgraded based on the rollout options configured in the policy. This is not the best practice as there could be some devices which you don’t want to upgrade or there are issues in the deployment or there could be some in-house apps which are not compatible with 24H2. Therefore, please use test ring to test and monitor the update first and once everything is working fine, include more devices.

In my experience, I’ve always used a phased approach when upgrading devices to new feature updates. This method allows for better monitoring of the update progress and helps identify any potential issues early on without affecting production/business users.

Let’s explore the best practices and approach you can follow for this deployment.

More Information about Feature update policy: Configure feature updates policy for Windows 10 Windows 11 devices in Intune | Microsoft Learn

Note

1. Divide your organization devices in to multiple groups

I recommend dividing the organization devices into multiple Entra security groups, which can also be called as rings. This will help with the phased deployment across all devices.

  • Test ring devices
  • Pilot ring devices
  • Production ring devices 01
  • Production ring devices 02 and so on..

2. Create a New Feature update Policy

Keep your existing feature update policy as it is, and create a new feature update policy specifically for upgrading devices to Windows 11 24H2. When assigning the new policy to groups like the Test ring, Pilot ring, and Production ring devices, ensure that these groups are excluded from any existing feature update policies, such as those upgrading devices to 23H2.

According to Microsoft, if you target multiple feature update profiles to the same device, the Windows Update service will always offer the latest version of the feature update. However, as a best practice, I also exclude devices from any previous feature update profiles to avoid potential conflicts.

Exclude devices from Existing feature update policy
  • Sign into the lntune admin center > Devices > Windows updates > Feature updates > Create profile.

Deployment settings

On the Deployment settings tab, Configure below options:

  • Name: Provide the name of the Feature update policy. e.g., Upgrade to Windows 11 24H2.
  • Description: Provide a useful description.
  • Feature update to deploy: Use the drop-down to select Windows 11, version 24H2.
  • Make available to users as a required update: When you select this option, the feature update will be automatically installed on the target end user devices.
  • Make available to users as optional update: As the setting name suggests, this is an optional update. That means it will be offered to the target devices, however it will not be downloaded or installed. To install an optional update, users will need to go to the Windows update settings and click on Download button to being the Installation process.
  • When a device isn’t eligible to run Windows 11, install the latest Windows 10 feature update: You can select this checkbox, if there are Windows 10 devices in your environment, and you want to upgrade them to the latest feature update. This option is provided so that you don’t have to create separate feature update policies for Windows 10 and Windows 11 devices. One policy will upgrade the devices to selected feature update on Windows 11 and also upgrade Windows 10 devices to latest feature update as well.
  • Rollout options: There are three rollout options:
    • Make update available as soon as possible – This is the default option selected, It will deploy feature update on users devices without delay.
    • Make update available on a specific date – You can select the day you want this feature update to be available for targeted devices.
    • Make update available gradually – You can provide a range of time to make the updates available to devices. Intune will automatically create a subset of target devices based on the range configured, and the duration mentioned between those days. For more information, refer to the link: Make updates available gradually.
Windows 11 24H2 Feature Update policy on Intune admin center
  • Assignments: Now, you can assign this feature update deployment to the devices you want to upgrade. Click on Add groups and select an Entra security group containing Windows devices. Click Next.
Assign feature update profile to Test ring first and then move on to Pilot and Production devices
  • Review + create: Review the Deployment Summary and click on the Create button.
Feature update profile for Windows 11 24H2 created on Intune admin center
Feature update profile for Windows 11 24H2 created on Intune admin center

End User Experience

Once this feature update deployment profile is applied to users devices, they will receive a notification and need to reboot to finalize the installation process.

User does not need to take any manual action to get this feature update. MDM device will regularly check in with Intune for new policy updates.

However, if you want to speed up this process, you can force an Intune sync from the device. A restart of the device also triggers the Intune device check-in process.

Troubleshooting

If there are any issues with the Windows 11 24H2 feature update deployment, there are multiple places to investigate and find out what went wrong.

1. Investigate Event Viewer logs

To start with your troubleshooting, you can check the Event Viewer logs on the target device. Follow the below steps to check:

  • Press Windows Key + R to open the Run dialog box.
  • Type eventvwr and press Enter to open Event Viewer.
  • Navigate to Application and Services logs > Microsoft Windows DeviceManagement– Enterprise-Diagnostics-Provider > Admin.
Investigate Windows Event viewe logs w.r.t. Intune Device management policies

2. Check if Safeguard hold is applied

If a device has a Safeguard hold applied for a feature update version deployed through Intune, the upgrade may not proceed. Refer to this link to learn more about opting out of Safeguard Hold.

3. Check Reports on Intune admin center

Export feature update reports to investigate the deployment’s status. Confirm that the deployment is in the offering state; the update won’t be deployed if it’s paused or scheduled. For instructions on exporting Feature update reports, refer to the link: 3 Ways to Export Windows Feature Update Report from Intune.

4. Check if Telemetry level is set to the Required

Sometimes, if the Telemetry level is not set to Required, Feature updates via Intune may not be offered to the devices. Ensure the Telemetry or Diagnostic data setting is set to Required. For more information on Telemetry/Diagnostic data settings, refer to Intune: Configure Windows Telemetry/Diagnostic data [3 ways].

Windows 11 24H2 Known Issues

Note

Leave a Comment