Drivers and firmware also need regular updates. Just like regular applications, they contain bugs that need to be fixed. Until recently, this was quite complicated for Intune-managed devices because there was no native tool to manage driver and firmware updates.

Fortunately, this is no longer the case and Intune can natively manage driver and firmware updates. Driver and firmware updates can now be approved manually or set to automatically approve after a set number of days for recommended updates.

Windows driver update policies in Microsoft Intune

There are two ways to manage driver updates using Microsoft Intune.

  1. Enable automatic approvals of recommended driver updates is a policy that automatically approves the installation of recommended drivers. This category typically includes the latest drivers that are marked as required by their author (usually the manufacturer of the device). If a new version of a driver is released by the author, the new version is again automatically approved for installation and the previous version is moved to the “other drivers” category.
  2. Configure policy to require manual approval of all updates is the second option that requires manual administrator approval. If the administrator approves a particular driver, it is installed on the endpoint devices. If a new version of that driver comes out, it remains inactive until the administrator approves it again.

Create a policy for driver updates in Microsoft Intune

In the Microsoft Intune Admin center go to Devices – Windows – Driver updates for Windows 10 and later and click the Create profile button.

On the Basics setting page, type a name of the policy. On the Settings page, select whether you want to approve the recommended drivers automatically or manually approve all drivers. I recommend that you select automatic approval of recommended drivers.

On the last page, select the device group to which you want to apply the policy. It is important to keep in mind that only one policy should be applied on one device. Otherwise, you might end up applying drivers from some other policy to the device as well, which will not be desirable. And Microsoft Intune has no built-in option for driver rollback.

Driver lists

Once you have created a new driver update policy, you can look at the drivers that are approved or pending approval.

You will see two lists of drivers – recommended drivers and other drivers.

As I mentioned earlier, recommended drivers are drivers that the manufacturer has marked as required. Other drivers are all other drivers.

It is important to remember that firmware updates, which I also mentioned at the beginning of this article, always fall under the other drivers category and are never approved automatically.

If a driver or firmware is pending approval and you want to approve it, just click on it, select Approve in the drop-down box, and select a date to start installation on the endpoint devices.

You can find a detailed video showing all the settings with spoken commentary describing each configuration option in detail on my Patreon. By subscribing you also support my work. Thank you!