Microsoft has announced significant changes to Windows updates during the Out-Of-Box Experience (OOBE) phase, which completely reshape the current landscape for preparing new devices. This change impacts how new devices are prepared and configured when integrated into environments managed through MDM (Mobile Device Management) solutions, such as Microsoft Intune.

What Does OOBE Mean?

OOBE, o Out-Of-Box Experience, es la etapa de configuración inicial que comienza cuando un dispositivo Windows se enciende por primera vez.

OOBE, or Out-Of-Box Experience, is the initial setup stage that begins when a Windows device is powered on for the first time. During this phase, the operating system guides the user through the necessary steps to configure the device, such as selecting a language, connecting to a network, and, in the case of company-managed devices, performing enrollment and configuration processes with the corresponding MDM. This phase is where we can make use of Autopilot to configure our corporate devices.

New Automatic Updates in OOBE

En el futuro, Microsoft implementará un nuevo proceso de actualizaciones que afectará a los dispositivos que se registren en una plataforma MDM durante la fase OOBE.

In the future, Microsoft will implement a new update process that will affect devices enrolled in an MDM platform during the OOBE phase. This means that automatic updates will not only add security improvements and bug fixes, but may also resolve issues detected on the device and, in some cases, even introduce new functionalities.

Which Updates Will Be Installed?

The automatic updates deployed during the OOBE phase will be the quality updates released each month. However, the latest available version will not always be applied. Microsoft will evaluate the relevance and criticality of each update to determine which ones should be implemented, based on the version of Windows the device has at the time of enrollment.

When Will It Be Available?

Although Microsoft initially announced that it would be available with the October 2024 monthly update, it has ultimately decided to postpone the rollout to a later date in order to develop tools that will allow IT administrators to better manage this new process and adapt it to their update policies.

What Impact Will These Changes Have on Windows Updates During OOBE?

Although this functionality will enhance security and make it easier to keep the entire device fleet up to date, it also has a negative impact on the way we currently prepare devices. The main issue to consider is that devices will take longer to become available for use. With the downloading and installation of updates, the OOBE phase will take longer than what we are currently used to.

In conclusion

Although we consider this a positive measure, especially designed for IT admins, I believe it will have an impact on the end-user experience. The waiting time for the device to finish updating properly before it can be used will be longer than it is today.

On the other hand, we must consider all the possible scenarios we encounter in our daily work, and there are some that will greatly benefit from these changes. For example, in the case of devices that have been inactive in stock for a long time, there is a risk that the user may start working without having all the security patches released in recent months applied.

On the other hand, devices that are already up to date with updates and are being reassigned to another user (for example, after a wipe from Intune) should not experience a significant increase in setup time, since the device already has all the security patches released by Microsoft.

In summary, we are eager for this new functionality to become available because of all the advantages it offers. Once technicians and users get used to the new device preparation times, it will no longer be an issue. In fact, it is common to find organizations that apply all security updates during their OSD process using ConfigMgr.