管理 Intune 中的軟體更新Manage software updates in Intune

「Windows 即服務」是更新 Windows 10 裝置的方式。Windows as a Service is the way to update Windows 10 devices. 使用 Windows 10 時,新的「功能更新」和「品質更新」會包含所有先前更新的內容。With Windows 10, new Feature Updates and Quality Updates includes the contents of all previous updates. 只要您已安裝最新更新,即可確保您的 Windows 10 裝置處於最新狀態。As long as you've installed the latest update, you know your Windows 10 devices are up-to-date. 不同於舊版 Windows,您現在必須安裝整個更新而不是部分更新。Unlike with previous versions of Windows, you now must install the entire update instead of part of an update.

藉由使用「商務用 Windows Update」,您將可以簡化更新管理體驗。By using Windows Update for Business, you simplify the update management experience. 您無須針對多組裝置核准個別的更新。You don’t need to approve individual updates for groups of devices. 您可以藉由設定更新首度發行策略,對您的環境進行風險管理。You can manage risk in your environments by configuring an update rollout strategy. 而 Windows Update 則會確保在適當的時間安裝更新。And Windows Update makes sure that updates are installed at the right time. Microsoft Intune 可讓您在裝置上設定更新設定,並可讓您將更新安裝延後。Microsoft Intune provides the ability to configure update settings on devices, and gives you the ability to defer update installation. Intune 不會儲存更新,只會儲存更新原則指派。Intune doesn’t store the updates, but only the update policy assignment. 裝置會直接存取 Windows Update 以取得更新。Devices access Windows Update directly for the updates. 使用 Intune 來設定及管理 Windows 10 更新通道Use Intune to configure and manage Windows 10 update rings. 更新通道是一組設定,用來設定安裝 Windows 10 更新的時機和方式。An update ring includes a group of settings that configure when and how Windows 10 updates get installed. 例如,您可以進行下列設定:For example, you can configure the following settings:

  • Windows 10 維護通道:選擇您希望裝置群組從中收到更新的維護通道。Windows 10 Servicing Channel: Choose the servicing channel from which you want groups of devices to receive updates. 下列是可用的通道:The following channels are available:

    • 半年通道Semi‐Annual Channel
    • 半年通道 (已設定目標)Semi‐Annual Channel (Targeted)
    • Windows 測試人員 - 快Windows Insider ‐ Fast
    • Windows 測試人員 - 慢Windows Insider ‐ Slow
    • 發行 Windows 測試人員Release Windows Insider

    如需有關可用維護通道的詳細資料,請參閱 Windows 即服務概觀For details on the available servicing channels, see Overview for Windows as a Service.

  • 延遲設定︰設定更新延遲設定,以延遲裝置群組的更新安裝。Deferral Settings: Configure update deferral settings to delay update installations for groups of devices. 請使用這些設定來分階段進行更新首度發行,以便全程檢閱進度。Use these settings to stage your update roll-out so you can review progress along the way.

  • 暫停︰如果您在更新首度發行期間發現問題,延後更新的安裝。Pausing: Postpone the installation of updates if you discover an issue at any point during the update rollout.

  • 維護期間︰設定可以安裝更新的時數。Maintenance window: Configure the hours in which updates can be installed.

  • 更新類型︰選擇要安裝的更新類型。Update type: Choose the types of updates that get installed. 例如,高品質更新、功能更新或驅動程式。For example, Quality Updates, Feature Updates, or drivers.

  • 安裝行為︰設定安裝更新的方式。Installation behavior: Configures how the update gets installed. 例如,裝置會在安裝後自動重新啟動嗎?For example, does the device automatically restart after the installation?

  • 對等下載︰您可以選擇設定對等下載。Peer downloading: You choose to configure peer downloading. 如有設定,當裝置完成下載更新時,其他裝置可以從該裝置下載更新。If configured, when a device has finished downloading an update, other devices can download the update from that device. 此設定可加速下載程序。This setting speeds up the download process.

建立更新響鈴之後,將它們指派給裝置群組。After you create update rings, you assign them to groups of devices. 藉由使用更新響鈴,您可以建立可反映您業務需求的更新策略。By using update rings, you can create an update strategy that mirrors your business needs. 如需詳細資訊,請參閱使用商務用 Windows Update 來管理更新For more information, see Manage updates using Windows Update for Business.

開始之前Before you start

  • 若要更新 Windows 10 電腦,這些電腦必須至少執行 Windows 10 專業版並已安裝 Windows 年度更新。To update Windows 10 PCs, they must be running at least Windows 10 Pro with the Windows Anniversary update.

  • Windows Update 支援下列 Windows 10 版本:Windows Update supports the following Windows 10 versions:

    不支援執行「Windows 10 行動裝置版」的裝置。Devices running Windows 10 Mobile aren't supported.

  • 在 Windows 裝置上,[意見與診斷] > [診斷與使用方式資料] 必須至少設定為 [基本]。On Windows devices, Feedback & diagnostics > Diagnostic and usage data must be set to at least Basic.

    診斷與使用方式資料的 Windows 設定

    您可以手動設定此設定,或使用 Intune 裝置限制設定檔 (用於 Windows 10 和更新版本)。You can configure this setting manually, or you can use an Intune device restriction profile for Windows 10 and later. 若要這樣做,請至少將 [一般] > [提交診斷資料] 的設定設為 [基本]。To do this, configure the setting General > Diagnostic data submission to at least Basic. 如需有關裝置設定檔的詳細資訊,請參閱設定裝置限制設定For more information about device profiles, see configure device restriction settings.

  • 在 Intune 管理主控台中,有四種設定可控制軟體更新行為。In the Intune administration console, there are four settings that control software updates behavior. 這些設定是 Windows 10 桌上電腦和行動裝置上,一般組態原則的一部分:These settings are part of the general configuration policy for Windows 10 desktop and Mobile devices:

    • 允許自動更新Allow automatic updates
    • 允許發行前版本功能Allow pre-release features
    • 已排程的安裝日Scheduled Install Day
    • 已排程的安裝時間Scheduled Install Time

    Azure 傳統入口網站在裝置組態設定檔中也有一些其他 Windows 10 更新設定。The Azure classic portal also has a limited number of other Windows 10 updates settings in the device configuration profile. 當您移轉至 Azure 入口網站時,如果已設定這當中的任何設定,強烈建議您執行下列操作︰If you have any of these settings configured when you migrate to the Azure portal, we strongly recommend that you do the following:

  1. 在 Azure 入口網站上,以您需要的設定建立 Windows 10 更新響鈴。Create Windows 10 update rings in the Azure portal with the settings that you need. Azure 入口網站已不再支援 [允許搶鮮版功能] 設定,因其不再適用於最新的 Windows 10 組建。The Allow pre-release features setting is not supported in the Azure portal because it is no longer applicable to the latest Windows 10 builds. 當您建立更新響鈴時,可以設定另外三個設定,以及其他 Windows 10 更新設定。You can configure the other three settings, as well as other Windows 10 updates settings, when you create update rings.

    注意

    移轉之後,在傳統入口網站中建立的 Windows 10 更新設定不會顯示在 Azure 入口網站中。Windows 10 updates settings created in the classic portal are not displayed in the Azure portal after migration. 不過,系統會套用這些設定。However, these settings are applied. 如果您移轉這當中的任何設定,並從 Azure 入口網站中編輯所移轉的原則,系統就會將這些設定從原則中移除。If you migrate any of these settings, and edit the migrated policy from the Azure portal, these settings are removed from the policy.

  2. 刪除傳統入口網站中的更新設定。Delete the update settings in the classic portal. 移轉至 Azure 入口網站並將相同設定新增至更新通道之後,您必須在傳統入口網站中刪除這些設定,以避免任何可能發生的原則衝突。After you migrate to the Azure portal, and add the same settings to an update ring, you must delete the settings in the classic portal to avoid any potential policy conflicts. 例如,當相同的設定具有不同的設定值時,就會發生衝突。For example, when the same setting is configured with different values, there is a conflict. 您很難得知此狀況,因為在傳統入口網站中設定的設定不會顯示在 Azure 入口網站中。There isn't an easy way to know because the setting configured in the classic portal does not display in the Azure portal.

建立及指派更新通道Create and assign update rings

  1. 登入 Azure 入口網站Sign in to the Azure portal.

  2. 選取 [所有服務],篩選 [Intune],然後選取 [Microsoft Intune]。Select All services, filter on Intune, and then select Microsoft Intune.

  3. 選取 [軟體更新] > [Windows 10 更新通道] > 建立。Select Software updates > Windows 10 Update Rings > Create.

  4. 輸入名稱、描述 (選擇性),然後選擇 [設定]。Enter a name, a description (optional), and then choose Configure.

  5. 在 [設定] 中,輸入下列資訊:In Settings, enter the following information:

    • 維護通道:設定裝置從中接收 Windows 更新的通道。Servicing channel: Set the channel from which the device receives Windows updates.

    • Microsoft 產品更新︰選擇是否要從 Microsoft Update 掃描應用程式更新。Microsoft product updates: Choose to scan for app updates from Microsoft Update.

    • Windows 驅動程式︰選擇是否要在更新期間排除 Windows Update 驅動程式。Windows drivers: Choose to exclude Windows Update drivers during updates.

    • 自動更新行為:選擇如何安裝自動更新、何時重新啟動或重新開機。Automatic update behavior: Choose how automatic updates are installed, when to restart or reboot. 如需詳細資訊,請參閱 Update/AllowAutoUpdateFor details, see Update/AllowAutoUpdate.

      • 自動行為頻率如果您針對更新行為選取 [在排定的時間自動安裝並重新啟動],就會顯示此設定。Automatic behavior frequency: If you select Auto install and restart at scheduled time for the update behavior, then this setting is shown. 請使用此設定來排定何時安裝更新,包括週、日及時間。Use this setting to schedule when updates are installed, including the week, the day, and the time.
    • 重新啟動檢查:預設為啟用。Restart checks: Enabled by default. 當您重新啟動裝置時,會進行一些檢查,包括檢查作用中的使用者、電池電量、執行中的遊戲等。When you restart a device, there are some checks that occur, including checking for active users, battery levels, running games, and more. 若要在重新啟動裝置時略過這些檢查,請選取 [略過]。To skip these checks when you restart a device, select Skip.

    • 品質更新延遲期間 (天):輸入品質更新延遲的天數。Quality update deferral period (days): Enter the number of days for which quality updates are deferred. 最多可以延遲接收這些「品質更新」至其發行後 30 天。You can defer receiving these Quality Updates up to 30 days from their release.

      「品質更新」通常會修正和改進現有的 Windows 功能,而且會在每個月的第一個星期二發行。Quality Updates are typically fixes and improvements to existing Windows functionality, and are published the first Tuesday of every month. 不過,Microsoft 也可能隨時發行這些更新。Though they can be released at any time by Microsoft. 您可以定義在 Windows Update 提供「品質更新」之後,是否要延遲接收「品質更新」,以及要延遲多久。You can define if, and how long, you are to defer receiving Quality Updates after they're available on Windows Update.

    • 功能更新延遲期間 (天):輸入功能更新延遲的天數。Feature update deferral period (days): Enter the number of days for which Feature Updates are deferred. 最多可以延遲接收「功能更新」至其發行後 180 天。You can defer receiving Feature Updates up to 180 days from their release.

      「功能更新」通常是 Windows 的新功能。Feature Updates are typically new features for Windows. 在您設定 [維護通道] 設定之後,便可以定義在 Windows Update 提供「功能更新」之後,是否要延遲接收「功能更新」,以及要延遲多久。After you configure the Servicing channel setting, you can define if, and how long, you are to defer receiving Feature Updates after they're available on Windows Update.

      例如:若 [維護通道] 已設定為 [半年通道 (已設定目標)] 且延遲期間為 30 天:假設 Windows Update 在 1 月以 [半年通道 (已設定目標)] 的形式首次公開提供「功能更新 X」。For example: If the Servicing channel is set to Semi-Annual Channel (Targeted), and the deferral period is 30 days: Let's say that Feature Update X is first publicly available on Windows Update as a Semi-Annual Channel (Targeted) in January. 裝置要等到 2 月 (30 天後) 才會接收更新。The device does not receive the update until February - 30 days later.

      若 [維護通道] 已設定為 [半年通道] 且延遲期間為 30 天:假設 Windows Update 在 1 月以 [半年通道 (已設定目標)] 的形式首次公開提供「功能更新 X」。If the Servicing channel is set to Semi-Annual Channel, and the deferral period is 30 days: Let's say the Feature Update X is first publicly available on Windows Update as a Semi-Annual Channel (Targeted) in January. 四個月後 (4 月),「功能更新 X」才會發行到半年通道。Four months later, in April, Feature Update X is released to Semi-Annual Channel. 裝置會在此「半年通道」發行的 30 天後收到「功能更新」,而在 5 月進行更新。The device receives the Feature Update 30 days following this Semi-Annual Channel release, and updates in May.

    • 傳遞最佳化下載模式選擇裝置下載 Windows 更新的方法。Delivery optimization download mode: Choose the method for which devices download Windows updates. 如需詳細資訊,請參閱 DeliveryOptimization/DODownloadModeFor details, see DeliveryOptimization/DODownloadMode.

  6. 完成時,選取 [確定]。When done, select OK. 在 [建立更新通道] 中,選取 [建立]。In Create Update Ring, select Create.

新的更新響鈴會隨即顯示在更新響鈴清單中。The new update ring is displayed in the list of update rings.

  1. 若要指派更新響鈴,在更新響鈴清單中,選取響鈴,在 [<響鈴名稱>] 索引標籤中選擇 [指派]。To assign the ring, in the list of update rings, select a ring, and then on the <ring name> tab, choose Assignments.
  2. 在下一個索引標籤中,選擇 [Select groups to include] (選取要包含的群組),然後選擇要指派此響鈴的群組。On the next tab, choose Select groups to include, and then choose the groups to which you want to assign this ring.
  3. 完成之後,選擇 [選取] 來完成這項指派。Once you are done, choose Select to complete the assignment.

更新合規性報告Update compliance reporting

您可以在 Intune 中檢視更新合規性,或使用 Operations Management Suite (OMS) 中稱為 Update Compliance 的免費解決方案。You can view update compliance in Intune or by using a free solution in the Operations Management Suite (OMS) called Update Compliance.

在 Intune 中檢視更新合規性Review update compliance in Intune

檢視原則報告,以檢視您已設定之 Windows 10 更新通道的部署狀態。Review a policy report to view the deployment status for the Windows 10 update rings that you have configured.

  1. 登入 Azure 入口網站Sign in to the Azure portal.

  2. 選擇 [所有服務],篩選 [Intune],然後選取 [Microsoft Intune]。Choose All services, filter on Intune, and select Microsoft Intune.

  3. 選取 [軟體更新] > [概觀]。Select Software updates > Overview. 您可以看到所指派任何更新通道的狀態一般資訊。You can see general information about the status of any update rings you assigned.

  4. 請開啟下列其中一個報表:Open one of the following reports:

    針對所有部署通道For all deployment rings:

    1. 在 [軟體更新] 上 > [Windows 10 更新通道]On the Software updates > Windows 10 Update Rings
    2. 在 [監視] 區段,選擇 [依更新通道別部署狀態]。In the Monitor section, choose Per update ring deployment state.

    針對特定部署通道For specific deployment rings:

    1. 在 [軟體更新] > [Windows 10 更新通道] 中,選擇要檢閱的部署通道。In Software updates > Windows 10 Update Rings, choose the deployment ring to review.
    2. 在 [監視] 區段中,從下列報表選擇,以檢視更新通道的更多詳細資訊:In the Monitor section, choose from the following reports to view more detailed information about the update ring:
      • 裝置狀態Device status
      • 使用者狀態User status

使用 OMS 檢視更新合規性Review update compliance using OMS

您可以使用 Operations Management Suite (OMS) 中的免費解決方案 Update Compliance 來監視 Windows 10 更新的首度發行。You can monitor Windows 10 update rollouts by using a free solution in the Operations Management Suite (OMS) called Update Compliance. 如需詳細資訊,請參閱使用Update Compliance 來監視 Windows UpdatesFor details, see Monitor Windows Updates with Update Compliance. 當您使用此解決方案時,可以將商業識別碼部署至任何您用 Intune 管理、且要報告更新合規性的 Windows 10 裝置。When you use this solution, you can deploy a commercial ID to any of your Intune managed Windows 10 devices for which you want to report update compliance.

在 Intune 主控台中,您可以使用自訂原則的 OMA-URI 設定來設定商業識別碼。In the Intune console, you can use the OMA-URI settings of a custom policy to configure the commercial ID. 如需詳細資訊,請參閱 Microsoft Intune 中 Windows 10 裝置的 Intune 原則設定For details, see Intune policy settings for Windows 10 devices in Microsoft Intune.

用於設定商業識別碼的 OMA-URI (區分大小寫) 路徑是:./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialIDThe OMA-URI (case sensitive) path for configuring the commercial ID is: ./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialID

例如,您可以在 [新增或編輯 OMA-URI 設定] 中使用下列值:For example, you can use the following values in Add or edit OMA-URI Setting:

  • 設定名稱:Windows Analytics 商業識別碼Setting Name: Windows Analytics Commercial ID
  • 設定描述︰設定 Windows Analytics 解決方案的商業識別碼Setting Description: Configuring commercial ID for Windows Analytics solutions
  • OMA-URI (區分大小寫):./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialIDOMA-URI (case sensitive): ./Vendor/MSFT/DMClient/Provider/MS DM Server/CommercialID
  • 資料類型:字串Data Type: String
  • :<使用 OMS 工作區中的 [Windows 遙測] 索引標籤上顯示的 GUID>Value: <Use the GUID shown on the Windows Telemetry tab in your OMS workspace>

OMA-URI 設定 - 編輯資料列

注意

如需有關 MS DM 伺服器的詳細資訊,請參閱 DMClient 設定服務提供者 (CSP)For more information about MS DM Server, see DMClient configuration service provider (CSP).

暫停更新Pause updates

您可以讓裝置暫停接收功能更新或品質更新一段期間,自您暫停更新起最多 35 天。You can pause a device from receiving Feature Updates or Quality Updates for a period of up to 35 days from the time you pause the updates. 經過天數上限之後,暫停功能會自動過期,裝置將掃描 Windows Updates 尋找可用的更新。After the maximum days have passed, pause functionality automatically expires and the device scans Windows Updates for applicable updates. 在這次掃描後,您可以再一次暫停更新。Following this scan, you can pause the updates again.

  1. 登入 Azure 入口網站Sign in to the Azure portal.
  2. 選取 [All services] (所有服務),篩選 [Intune],然後選取 [Microsoft Intune]。Select All services, filter on Intune, and select Microsoft Intune.
  3. 選取 [軟體更新] > [Windows 10 更新通道]。Select Software updates > Windows 10 Update Rings.
  4. 在更新通道清單中,選擇您想要暫停的通道,然後選擇 [...] > [暫停品質] > 或 [暫停功能] (視您想要暫停的更新類型而定)。In the list of update rings, choose the ring you want to pause, and then, choose ... > Pause Quality > or Pause Feature, depending on the type of updates you want to pause.

重要

在您發出暫停命令後,裝置會在下次簽入服務時收到此命令。When you issue a pause command, devices receive this command the next time they check into the service. 也有可能在確認更新之前,就已經執行排定的更新。It's possible that before they check in, they might install a scheduled update. 此外,當您發出暫停命令時如果目標裝置已關閉,當您開啟裝置時,它可能會下載並安裝排定的更新,然後再去向 Intune 確認。Additionally, if a targeted device is turned off when you issue the pause command, when you turn it on, it might download and install scheduled updates before it checks in with Intune.

解除安裝 Windows 10 軟體更新的最新版本Uninstall the latest from Windows 10 software updates

如果您發現 Windows 10 電腦上發生重大問題,可以選擇解除安裝 (復原) 最新的功能更新或最新的品質更新。Should you discover a breaking issue on your Windows 10 machines, you can choose to uninstall (rollback) the latest feature update or the latest quality update. 解除安裝功能或品質更新只適用於裝置所在的維護通道。Uninstalling a feature or quality update is only available for the servicing channel the device is on. 解除安裝將會觸發原則,以在 Windows 10 電腦上還原先前的更新。Uninstalling triggers a policy to restore the previous update on your Windows 10 machines. 特別是對於功能更新,您可以將能夠套用解除安裝最新版本的時間限制為 2-60 天。For feature updates specifically, you can limit the time from 2-60 days that an uninstall of the latest version can be applied. 若要設定軟體更新解除安裝選項:To set software update uninstall options:

  1. 在 Intue 中,選取 [軟體更新]。In Intue, select Software updates.
  2. 選取 [Windows 10 更新通道] > 選取現有的更新通道 > [解除安裝]。Select Windows 10 Update Rings > select an existing update ring > Uninstall.

注意

在 Windows 10 電腦上成功復原品質更新之後,終端使用者會繼續在 [Windows 設定] > [更新] > [更新記錄] 中看到列出的更新。On Windows 10 machines, after the quality update is successfully rolled back, end-users continue to see the update listed in Windows settings > Updates > Update History.

Windows Holographic for Business 支援Windows Holographic for Business Support

Windows Holographic for Business 支援下列設定:Windows Holographic for Business supports the following settings:

  • 自動更新行為Automatic update behavior
  • Microsoft 產品更新Microsoft product updates
  • 服務通道:支援 [半年通道] 和 [半年通道 (已設定目標)] 選項Servicing channel: Supports Semi-annual channel and Semi-annual channel (Targeted) options