Using Intune, Win10 cloud only machines which are installed via clean USB media and all drivers are picked up via Microsoft Updates. This is controlled via Intune. With 1909 and 2004 everything was fine and entire Device Manager is covered. With 20H2, many devices are not installed. And they are not discovered during Update manual scan. Devices are 3-5 years old.
@yannara, Thanks for uploading in Intune Q&A.
To clarify our issue, I would like to collect the following information to clarify:
1. Could you check a device without being enrolled into intune to see if we can get the 20H2 drivers?
2. How did we configure the windows 10 update ring policy for these affected devices? Could you get a screen shot?
Thanks and I look forward to your reply.
@yannara, Thanks for letting us know the latest status. For the first test, I know it still need some time. We will wait for it. Because this is a very important test to clarify our issue.
For the Windows update ring setting, we find the windows drivers are set as allow which means the driver updates via Windows Update is allowed. Could you check the deployment status under the windows update ring policy we created to see if it is successful.
If there's any update, feel free to let us know.
Please understand, that this problem lies only in 20H2 build. If I re-install it with 1909 and 2004, there will be no problem.
@yannara,, Thanks for the reply. I will prepare a Windows 10 20H2 device to test. It needs to take some days. If there's any progress, I will update here.
Excelent, thanks. Take your time and post here with results. If you do not experience the problem, look for internal change log in 20H2 what MS have done, because if you now create new USB media with Media Creation Tool, it probably will be newer than mine. There is documented change that in 20H2, behavior of signed drivers by OEM has changed, and I suspect you have a bug in that new feature or something.
The difference between 1909 and 20H2 is like a night and day. I installed one Lenovo laptop with 20H2 manually, no Intune. Device manager had lot of missing devices. Then I installed same device with 1909 manually. While checking updates, it does offer lot of drivers to be installed. 20H2 doesn't do that.
@yannara, Thanks for letting us know the latest status. I fully understand your feeling.
From the testing, it seems the related driver updates for windows 10 20H2 is not downloaded and installed. As Intune support, we are not familiar with it. To troubleshoot it, we suggest to involve windows support engineer to double confirm on this. For log analysis case, Phone support can be more efficient. Here is a link to get the Phone support.
https://support.microsoft.com/en-us/help/4051701/global-customer-service-phone-numbers
But if you prefer to support it on Q&A, we will try our best to involve the window support Q&A engineer for you. Or you can submit the issue on windows 10 support directly which will be quicker.
https://docs.microsoft.com/en-us/answers/topics/windows-10-general.html
Thanks for the understanding and have a nice day!
Please push this via Q&A and involve Windows support. There is no rush, but I would like at some point to get the info, when this will be fixed. So far, we halt 20H2 deployment.
@yannara, Thanks for the reply. We have created a collaboration task to windows support team. Windows client Q&A support will be involved in our thread when the resource is found. Thanks and have a nice day!
Hi yannara,
Smart as you, I think you have searched automatically for driers in Device Manager on those 20H2 PCs, if this way no help, the only way we could do now is finding drivers on manufacturer website.
You know the drivers come from OEM, Microsoft itself doesn’t write or release drivers, once we can’t get drivers from Update or Intune, it means that Microsoft doesn’t have drivers for this device now, we can do nothing on Windows side.
In your scenario, please go to Lenovo website and find out the type of your laptop, download the latest drivers then install, check the situation of devices in device manager.
Good luck.
Are you serious? :D
Please read this story and understand, that in 1909 drivers are installed but not in 20H2. So this is clearly build difference. All drivers should come from Microsoft Update Catalog. Also I have used 2004 and there was no problem in that build. We have found an article that in 20H2 there is a change of OEM driver handling, signed drivers but it doesn't explain clearly what is changed. My best bet is, that there is a some kind of a bug in 20H2 around this driver matching.
It is not a bug but a new driver installation strategy.
Driver vendors are allowed to publish these drivers in Windows Update with two values – Automatic and Manual.
Windows 10 is prioritized to look for the highest highest-ranking driver marked as “Automatic” by the vendor. If the automatic driver is not available, Windows 10 version 1909 or older proceeds to get the Manual driver to get the peripheral up and running.
Starting in Windows 10 version 2004 and 20H2, Microsoft says it will not install drivers marked “Manual” automatically and this will break your device.
Understanding Windows Update rules for driver distribution
https://docs.microsoft.com/en-au/windows-hardware/drivers/dashboard/understanding-windows-update-automatic-and-optional-rules-for-driver-distribution
Thanks. Finally a decent explanation to this behavior. Is there any registry key or some method to change this behavior back, so 20H2 would install "Manual" drivers automatically? This is a huge problem to us right now.
@Crystal-MSFT I found the root cause. 20H2 does offer drivers from MS catalog, via new Settings Updates -> optional updates -> drivers. I can download and install drivers from there, but they are not installed automatically via Intune / Autopilot. In Intune I cannot find any new settings to control that behavior. MMC Device Manager can't find drivers either, but via Settings yes.
How we can go from here? Should I open another thread only with Intune tags to explain current situation?
@yannara, Actually, Windows Update Ring policies make use of the Windows Policy CSP to configure the update policies on the Windows clients. Once Intune deploys the Windows Update Ring policy to an assigned device, Policy CSP will write the appropriate values to the Windows registry to make the policy take effect. After the policy is applied successfully, it starts to obtain the update which use the existing update solution such as Windows Update or WSUS. for our issue, we can firstly clarify if the Intune policy has been deployed successfully.
For the Windows drivers setting, when it is set as allow in Intune policy, the type of "Exclude drivers from Windows quality updates" will shows as Mobile Device Management. And the registry key "ExcludeWUDriversInQualityUpdate" under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device\Update with value 0. We can check if it is the same in our environment.
Hope it can help.
Hi,
Update Ring status is successfull for devices
Exclude drivers from Windows quality updates is set to 0 on all 20H2 machines.
Thanks for help so far, waiting for your response.
@yannara, Thanks for checking the information. From the information we checked, it shows that the policy is applied successfully. It can be that the windows 10 20H2 has some behavior change that stops this. We can refer to Teemo's suggestions on this.
11 people are following this question.
