6.3 Update Rings, Feature Updates, Platform Updates, and Delivery Optimization
Key Takeaways
- Update rings manage ongoing Windows Update behavior such as deferrals, restart experience, deadlines, active hours, user notifications, and staged rollout groups.
- Feature update policies target or hold a specific Windows release and are the preferred answer when the scenario requires version control rather than general update timing.
- Expedited quality update policies are for urgent supported Windows quality or security updates and do not replace the normal monthly servicing strategy.
- Apple update management uses Intune update policies and current declarative device management concepts, while Android Enterprise updates use device restriction profiles or FOTA for supported OEMs.
- Delivery Optimization reduces bandwidth impact through peer, cache, and bandwidth settings; update monitoring verifies deployment status, failures, and whether devices actually reached the intended version.
The update objective decides the policy
The MD-102 Protect devices domain includes update planning, update rings, update policies for iOS/iPadOS and macOS, Android updates through configuration profiles or firmware-over-the-air deployments, Delivery Optimization, and update monitoring. Do not collapse all update requirements into update rings.
A ring controls the regular Windows Update experience. A feature update policy controls which Windows feature release is offered or held. An expedited quality update policy accelerates an urgent supported update. Platform-specific policies handle Apple and Android update models. Delivery Optimization changes how content is downloaded; it is not a compliance or version-targeting policy.
Windows update decision table
| Requirement | Best control | Why |
|---|---|---|
| Create pilot, broad, and production stages for regular monthly Windows servicing | Update rings | Rings control deferrals, restart settings, deadlines, active hours, and user experience by group |
| Keep devices on a specific Windows release until app validation is complete | Feature updates for Windows 10 and later | Feature update policies target a version and keep that version enforced until changed or removed |
| Move devices to a newer Windows feature version in a managed rollout | Feature update policy with rollout planning | The policy controls target version; rings still affect restart and client experience |
| Deploy a critical security update faster than normal deferrals allow | Expedited quality update policy | Expedite policies temporarily bypass normal timing for a selected supported update |
| Control download source, peer caching, cache size, or bandwidth impact | Delivery Optimization profile or settings catalog | Delivery Optimization optimizes content delivery rather than choosing update approval status |
| Verify offer, install, failure, and device status | Windows update reports | Reporting shows where devices are stuck and which update events or failures need remediation |
Platform update controls
| Platform | Intune update approach | Exam cue |
|---|---|---|
| Windows | Update rings, feature update policies, quality update policies, driver update policies, expedited quality updates | Deferrals, deadlines, restart behavior, target Windows version, urgent patches |
| iOS/iPadOS and macOS | Apple software update policies using current declarative device management concepts where supported | Target a specific OS version, enforce latest version, set deadlines, reduce user disruption |
| Android Enterprise corporate devices | Device restriction profiles for OTA behavior, or FOTA deployments for supported manufacturers such as Samsung or Zebra | Corporate-owned Android update scheduling, freeze windows, OEM firmware control |
| Mixed fleet | Separate platform-specific assignments and reports | A Windows update ring does not manage iOS, macOS, or Android update behavior |
Delivery Optimization in plain terms
Delivery Optimization helps Windows devices get Microsoft content more efficiently. It can use download modes, peer selection, bandwidth limits, cache rules, and Microsoft Connected Cache scenarios. On MD-102, choose it when the organization wants to reduce WAN usage or improve download efficiency for updates and apps. Do not choose it to force a feature version, mark a device compliant, or onboard Defender for Endpoint.
Monitoring and remediation
Update management is incomplete without reporting. For Windows, review update ring reports, feature update reports, quality update reports, driver update reports, and device-level failures. For Apple, remember that a policy reporting success can mean the configuration arrived, not necessarily that the OS version already changed; monitor software update reports and device OS versions. For Android, verify the device type, OEM support, FOTA deployment status, and device restriction behavior.
When troubleshooting an update scenario, ask four questions:
- Is the device eligible for the update policy and platform?
- Is the device receiving the intended policy assignment?
- Is another policy delaying or conflicting with the update, such as ring deferrals affecting feature update timing?
- Does reporting show offer, download, install, restart, or failure state?
High-value exam contrasts
Use update rings for ongoing servicing behavior. Use feature update policies to target or hold a Windows version. Use expedited quality updates for urgent, time-bound patch response. Use Delivery Optimization for content delivery efficiency. Use platform-specific Apple and Android update controls for non-Windows devices.
A company must keep Windows devices on Windows 11 version 24H2 until a finance application is validated on a newer release. Which Intune policy is the best match?
Which policy choices correctly match the update requirement? Select all that apply.
Select all that apply
A branch office has slow WAN links, and Windows update downloads are saturating bandwidth. The organization still wants the same update schedule but more efficient content delivery. Which control should be reviewed?