fleet icon indicating copy to clipboard operation
fleet copied to clipboard
verified publisher icon fleetdm

Pin Windows update version/build in Fleet

Open harrisonravazzolo opened this issue 1 year ago • 5 comments

  • propsect-TODO: Google doc: https://docs.google.com/document/d/18J9Wrfm-8ZTOJ_mFJ0lxbbauGNNTn4EdtOiv9p4LtJY/edit?usp=sharing
  • prospect-TODO: Gong snippet TODO
  • @noahtalerman: User requested this because they want to set a version floor for Windows (similar to how macOS updates works today) instead of always patching/updating. Some devices you don't want to update to latest because software might break b/c it's not compatible with a new Windows version.
    • @username: In the interim TODO
    • @username: Eventually TODO

harrisonravazzolo avatar Jan 04 '25 20:01 harrisonravazzolo

@harrisonravazzolo can you please add prospect codenames and Gong snippets / notes?

noahtalerman avatar Jan 06 '25 19:01 noahtalerman

Hey @noahtalerman - here is the first notes from call with prospect - https://docs.google.com/document/d/18J9Wrfm-8ZTOJ_mFJ0lxbbauGNNTn4EdtOiv9p4LtJY/edit?usp=sharing

I don't have a prospect tag created quite yet

harrisonravazzolo avatar Jan 06 '25 19:01 harrisonravazzolo

Tricky one here because this has just come up in calls with prospects but I don't remember with who exactly or maybe the call wasn't recorded.

I mainly created this issue because in my experience with other MDMs, and at other companies this sort of version pinning was useful and used in production. Mainly if we had a more legacy system that we did not want to patchh right away because stuff would break, but we did want to make sure the endpoint was patched to a version we knew was compatible. imo this should be part of intune parity to allow windows admin flexibility.

harrisonravazzolo avatar Jan 06 '25 21:01 harrisonravazzolo

Problem

As an IT admin of a fleet of workstations comprised of Windows 10 and 11, and running proprietary software that is susceptible to incompatibility issues, I want the ability to pin certain builds of Windows.

For example, builds v21H2, v22H2, v23H2 are some of the available versions currently provided by Microsoft.

What have you tried?

From the OS updates module in Fleet, I tried to set a version of build I want to deploy to my endpoints that is not latest

Potential solutions

You could use Teams to manage, where certain teams do not leverage the update module. However, I already use Teams in a different way.

What is the expected workflow as a result of your proposal?

From the update module, Fleet knows the currently available versions and allows me to select from a dropdown. Perhaps a feed like the Windows Update Catalog could be used.

Note that is version pinning functionality is available in Intune Screenshot 2025-01-04 at 12 19 04 PM

noahtalerman avatar Jan 07 '25 19:01 noahtalerman

@harrisonravazzolo chatted with @allenhouchins and @nonpunctual and learned that we're just capturing this request but don't need to prioritize it now.

Moving this one off the drafting board and leaving it off feature fest for now.

noahtalerman avatar Jan 07 '25 19:01 noahtalerman