Microsoft is introducing a game-changing feature for IT administrators managing Windows device deployments. Coming at the end of August 2025, you’ll gain unprecedented control over Windows quality updates during the Out-of-Box Experience (OOBE) through Microsoft Intune’s Enrollment Status Page (ESP). This enhancement promises to revolutionize how organizations handle device provisioning and ensure users start with the most secure, up-to-date systems from day one.
Update: This feature is now appearing in Intune tenants! I can confirm that the new quality update setting has started rolling out, as it appeared in my tenant today. If you haven’t seen it yet, check your Enrollment Status Page settings – it should be available now or coming soon to your environment.
Table of Contents
What’s New in Windows Autopilot?
The upcoming update introduces native Windows quality update support directly within the Windows Autopilot Enrollment Status Page. This means that instead of devices potentially missing critical updates during initial setup, they can now receive and install the latest security patches and quality improvements as part of the provisioning process.
The most significant aspect of this update is that the new quality update setting will be enabled by default for new ESP profiles, ensuring that organizations benefit from enhanced security posture without requiring additional configuration. However, if you already have an ESP profile set up, this setting will be disabled by default – you’ll need to manually enable it to take advantage of the new capability.
Prerequisites: Is Your Environment Ready?
Before you can take advantage of this new capability, your environment must meet specific criteria:
Device Requirements
- Operating System: Windows 11, version 22H2 or later
- Supported SKUs: Pro, Enterprise, Education, or SE editions
- Update Status: Devices must have either: The August 2025 OOBE zero-day patch (ZDP) update, or
- Be imaged with the June 2025 Windows non-security update or later
Infrastructure Requirements
- Management Platform: Microsoft Intune for Windows quality update management Autopilot Configuration: Windows Autopilot Enrollment Status Page (ESP) profile assigned via:
- Windows Autopilot preregistered device group, or
- “All devices” assignment
Configuring the New Quality Update Setting
Managing this new feature is straightforward through the Microsoft Intune admin center:
Step-by-Step Configuration
- Login to the Microsoft Intune Admin Center.
- Go to Devices > Enrollment > Enrollment Status Page.
- Select your ESP profile or create a new one.
- In the Settings section, toggle to Yes or No for Install Windows quality updates (might restart the device).
OOBE Experience with Windows Updates
When this feature is enabled, the Windows update process becomes seamlessly integrated into the device setup experience. During the final stages of OOBE, users will see a dedicated screen indicating that Windows is checking for and installing quality updates. The interface provides clear progress information, letting users know that their device is being optimized with the latest security patches and improvements before they begin using it. This transparent approach ensures users understand why the setup process may take a few additional minutes, while reinforcing that they’re receiving a fully updated and secure device from the moment they first sign in.
Conclusion
The introduction of Windows quality update controls in Microsoft Intune’s OOBE experience marks a significant step forward in enterprise device management. By enabling automatic quality updates during Windows Autopilot provisioning, organizations can enhance their security posture while maintaining streamlined deployment processes.
As you prepare for this August 2025 release, take time to evaluate your current ESP configurations and consider how this new capability can strengthen your overall device deployment strategy. With proper planning and implementation, this feature will help ensure that your users start their Windows experience with the most secure and up-to-date foundation possible.
Ready to get started? Begin by reviewing your current Microsoft Intune ESP profiles and identifying which devices in your environment will benefit from this enhanced OOBE update experience.