MMS is Amazing

Let me tell you about the time I went to the Midwest Management Summit at Mall of America (again). Every year for the past three years, I have flown across the continent to attend this amazing conference, and every time I’ve come back energized and replete with new knowledge.

For those of you who aren’t aware, MMSMOA is a very community centric endpoint management and security conference, with a focus on Microsoft technologies like ConfigMgr, Intune, Defender and Azure. Attendance is limited to 750 attendees to maintain a high participant to presenter ratio. Lots of folks from the community and more than a few Microsoft Employees are in attendance and presenting, and presentations are not recorded. This leads to a very informal experience with a lot of interaction including directly with the developers! The conference has a real hanging out with your 750 best friends feel. Think user group writ large.

MMS Mall of America

The information presented at the conference has a tendency to feel like a firehose however, due to the density of the presentations (4-5 per day) and the length which is 75 mins per, with 15-30 mins of Q&A. In true drinking from the information firehose fashion some of it gets absorbed and some of it splashes off and is lost. However, there is always at least one moment when I learn something unexpected.

Where Matt learns something he probably should have known

This year my unexpected new tidbit was a clarification of a single option that I had somehow missed. You see, when you create a Windows Update for Business configuration profile in Intune, there are several options for scheduling available.

After attending a session at MMS 2022, I learned from Aria Carley and Bryan Dam (Two windows update rockstars, seriously go follow them now) the best options you can chose to have the most successful update strategy is “Allow updates during Maintenance Time” or “Allow updates and restart at Maintenance Time”. These options give the endpoint devices the most opportunity to accomplish the update process, which leads to more successful, consistent update throughout your environment. For more on this check out Aria’s blog here:

The Windows Update policies you should set and why

This is great, and has been the advice I’ve given to customers ever since, however, there has always been a problem with this. In environments where updates were previously configured with either ConfigMgr or Group Policy, the devices tended to have some legacy or alternative settings applied, which would conflict with the new Intune settings, and removal of the configurations wasn’t always successful.

This leads to the setting I’ve been sleeping on: Reset to default

This setting cleans up all conflicting policies and resets Windows Update for Business to defaults. What is the default? Why “Allow Updates during Maintenance Time” of course!

Wrapup

So the takeaway here is, if you are having troubles with updates in your environment after migrating to Intune, go set this right now! Thanks Santos Martinez, who clarified this for me as an aside from other similarly awesome information, and thanks again MMS! See you again next year!