Getting latest Windows updates in Autopilot devices
While Microsoft has delayed their baked in solution to updating your OS during Autopilot. You can still do it with a required application in Intune.
We had high hopes that Microsoft was going to add updating Windows during the pre-provisioning phase of Autopilot, but they updated their post on Friday that they are back to the drawing board and we won't be getting that feature for now.
Getting the latest updates with Autopilot is not impossible though, there are still ways to do this in pre-provisioning. We do have a sample app and script that can be tweaked and is provided from Microsoft to accomplish this. I will use this post to show how to implement.
First we download the UpdateOS.intunewin file from the github and then go to our Intune portal. From there it's Apps -> Windows -> Add.
In the App type, select Windows app (Win32) and click on Select.
Select the file you just downloaded here and select Ok.
Update the fields as you see necessary/company policy dictates and hit Next.
For the install command we put powershell.exe -noprofile -executionpolicy bypass -file .\UpdateOS.ps1 and for the uninstall we can put cmd.exe /c del %ProgramData%\Microsoft\UpdateOS\UpdateOS.ps1.tag and then hit Next.
Update the red asterisk fields as necessary by your current policy and Next.
Update the Rules format to Manually configure detection rules. Rule type is File. Path is %ProgramData%\Microsoft\UpdateOS\ and the File will be UpdateOS.ps1.tag. Detection method is File or folder exists.
Skip through Depending and Supersedence sections. Select the Group(s) you use for Autopilot devices in the Required section and then click Next and Create.
Now this will kick off during the pre-provisioning workflow and your new user won't be prompted to restart for updates.