Co-Management and Driver/Firmware Management

In our trainings we get this question a lot, so I figured I should write it down… The question is: In a Co-managed environment, how can I manage drivers and firmware updates using the new control plane in Intune without switching the workload for updates to Intune? Basically, you want to manage quality updates with ConfigMgr, but update drivers and firmware via Intune. Pretty easy, simply set a policy on the client.

Entra Hybrid Joined Devices (FKA Hybrid Azure AD Joined Devices or HAADJ)

If you have a legacy Active Directory, which most ConfigMgr customers have, configure a group policy (GPO) that configures Windows Update as the source for Driver Updates. The GPO is named: Specify source service for specific classes of Windows Update.

Configuring the Specify source service for specific classes of Windows Update policy.

Entra Joined Devices (FKA Azure AD Joined Devices or AADJ)

For devices join to Entra ID only, create a driver policy, and also a remediation script that sets the below registry value on hourly basis.

HLKM:\Software\Policies\Microsoft\Windows\WindowsUpdate
SetPolicyDrivenUpdateSourceForDriverUpdates = 0 (REG_DWORD)

Note: It seems that the Custom CSP's for Windows Update, for example the below policy, are coupled with windows update workload. Meaning, you have to use a remediation script instead. Credits to Gowdhaman Karthikeyan @ Microsoft for this info.

./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForDriverUpdates

Resources

For more details check out this blog post: ConfigMgr – Co-Management: Manage Driver updates through Intune without moving WU Workload – GK's Blog (gowdhaman.in)

About the author

Johan Arwidmark

5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

>