Install Quality Updates during ESP Intune

I am trying to automate the creation of the Enrollment Status Page (ESP). I was browsing graph explorer when I stumbled upon this. The graph explorer shows the option to install quality (windows) updates during ESP when enrolling into Intune:

This is the current GUI for the ESP:

This does not show the option to turn Quality Updates on or off…

Furthermore, it shows these 4 features:

It would be amazing to have these features. I am guessing that they do the following:

  • allowNonBlockingAppInstallation: I figure that this allows apps to be installed that aren’t selected in the “selectedMobileAppIds” (Block device use until required apps are installed if they are assigned to the user/device)
  • installQualityUpdate: This probably would be to require that Windows is updated during ESP
  • trackInstallProgressForAutopilotOnly: Option to only track the Autopilot progress and not for applications or certificates etc.
  • disableUserStatusTrackingAfterFirstUser: This is probably for shared devices. That only the first user sees the ESP.

So, how can you see this yourself?

Firstly, log on to the graph explorer.

After that fill in this URL: https://graph.microsoft.com/beta/deviceManagement/deviceEnrollmentConfigurations

In this bar:

And after that, you can see the Install Quality updates during ESP in Intune feature!

References

Other posts:
ZScaler Custom Compliance in Intune
Register Windows 365 Images in Azure

4 thoughts on “Install Quality Updates during ESP Intune”

  1. That’s an interesting find! I’ve played around with it and some of them are actually available already:
    “trackInstallProgressForAutopilotOnly” is specially tied to the option “Only show page to devices provisioned by out-of-box experience (OOBE)”
    While there is a difference between OOBE enrollment (for non-autopilot devices) and Autopilot deployment, I suppose they meant to put emphasis on the “provisioned” part.

    This setting “disableUserStatusTrackingAfterFirstUser” sounded like something I read not too long ago, so I went to look back and it seems to be mentioned in the docs: https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-enrollment/understand-troubleshoot-esp#why-is-the-esp-showing-for-deployments-not-related-to-windows-autopilot-such-as-when-a-user-logs-in-for-the-first-time-on-a-configuration-manager-co-management-enrolled-device
    This part specifically: when the Only show page to devices provisioned by out-of-box experience (OOBE) setting is on and the policy is set, **only the first user who signs into the device gets the ESP**

    I didn’t notice it the first time, but sure enough, when I disabled that setting again, “disableUserStatusTrackingAfterFirstUser” is set to “false”

    Reply

Leave a Comment