Intro
Today I’d like to show you how I’ve was able to force reboot 197 devices to fix Windows Updates issue with just a few lines of code
The issue
Some users don’t have a habit to restart device from time to time… In our environment that behavior led to problem with installing Quality updates on endpoints. December 2019 Feature update requires one reboot after downloading to start installing. Without that one reboot Quality updates just stacked and it all lead to major security risks! Yes, Intune allows you to set Deadline for updates but it is connected with applying update process.
To check how big this issue could be you can go to Windows 10 update rings and then select desired update ring. Your eyes probably see something like:
❗❗ Look carefully because this view only shows update profile assignment status ❗❗ not real status of updates per device. To see that you need to click on End user update status🕵🏼
There you can see detailed status for each device. And the options are:
| Status | Value | Description |
| upToDate | 0 | There are no pending updates, no pending reboot updates and no failed updates. |
| pendingInstallation | 1 | There are updates that’s pending installation which includes updates that are not approved. There are no Pending reboot updates, no failed updates. |
| pendingReboot | 2 | There are updates that requires reboot. There are not failed updates. |
| failed | 3 | There are updates failed to install on the device. |
Time to fix it! 🔱
Solution for described scenario is plain simple reboot which should allow Windows Update service to push installation forward. You can nicely ask user to perform reboot but it might have effectiveness around a few or a dozen percentage. To fix it immediately you will need:
- PowerShell SDK for Microsoft Intune Graph API
- Account with Global Administrator Rights or proper configuration of Powershell MSGraph in your tenant
- Powershell console
After you install Microsoft Graph module you need to connect to service and from there you will be able to grab list of devices with their update statuses and perform reboot. I recommend to get familiar with documentation here and Graph Explorer here it will come in handy in your journey with MicrosoftGraph 🌌.
Time to make some mess!
#Connecting to GraphAPI
Connect-MSGraph
#Get list of Windows devices
$MSGraphComputers = (Get-DeviceManagement_ManagedDevices).value | Where { $PSItem.operatingSystem -eq 'Windows'}
#Get list of Windows10 Update rings
$WindowsUpdateRings = Get-DeviceManagement_DeviceConfigurations | Where { $PSItem.'@odata.type' -like '*windowsupdate*' } | ogv -PassThru
#Get list of update states
$DeviceUpdateStates = foreach($Ring in $WindowsUpdateRings){
(Invoke-MSGraphRequest -HttpMethod GET -Url "https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations/$($Ring.id)/microsoft.graph.windowsUpdateForBusinessConfiguration/deviceUpdateStates").Value
}
#Force reboot devices
$DeviceUpdateStates | Where { $PSItem.'Update Status' -eq 'Failed' } | Invoke-DeviceManagement_ManagedDevices_RebootNow
Device will be restarted within 10 minutes with first notification:
and 2 minutes before:
Yeah it is in language set in Windows
Summary
See you in next! 😉 🧠
For more great content, check out the Resource Centre
About the Author:
My first encounter with personal computer was when I was 5 years old. It had Windows 95 and 98 in dualboot. Yep I think you remember that some games from 95 did not work on 98 so keeping both was good option 😄
Time passed…
… I’ve graduated from University of Technology in Wrocław and I got my first job as an IT help in 2016 in Historical Center Zajezdnia (Centrum Historii Zajezdnia). Our there my job was to take care of a dozen of desktops, a few servers (WDS, WSUS, File server), local AD, Office 365 services (Sharepoint, Exchange, etc.), VoIP, IP Cameras, Firewall but also I was responsible for audio-video coverage during events. It was fun and I had a lot of time to dig into those systems and get to know them!
Back then I knew that Powershell is a command prompt with some different colors 😂
But Mateusz was more than happy to teach me why and how I should use Powershell! It opened whole new dimension being sysadmin. Thanks to his teachings and my determination I was able to get a job in my current company where my wings really spread.
Now I’m learning and using cutting edge technologies to automate everyday tasks and repetitive processes in our team. Also I’m giving a hand other teams by showing them those technologies and help them implement some automation into their duties.
Reference:
Horbacz. M. (2021). The power of Three! Intune + Powershell + Microsoft Graph. Available at: https://universecitiz3n.tech/intune/Intune-BulkActions/ [Accessed: 16th May 2021].
