As many people know, installing the April 2024 monthly update on our Windows devices (Windows 11, KB5036980) caused an issue with the Enterprise subscription activation. Since installing this KB, Windows devices are no longer upgraded from Pro to Enterprise when using an E3 or E5 license. Also, existing devices started to downgrade from Enterprise to Pro.
Although the community shared workarounds, as Rudy Ooms did, it seemed hard for Microsoft to fix the issue. Microsoft Support first shared information on a possible fix in the July monthly update, but the known issue was still listed after releasing this update.
But finally, Microsoft released an update to fix this issue on July 25. The fix is available as a Cumulative Update Preview as KB5040527.
As this is an out-of-band (preview) update, the update is NOT installed automatically in most environments. If that’s the case for your environment it means the update needs to be manually downloaded and installed or be packaged and deployed.
The update is available via the Microsoft Update Catalog.
The fix will also be part of the next monthly update in August, which means waiting a couple of weeks before the update is installed and the issue is fixed.
If you are managing your Windows devices with Microsoft Intune, you also have the option to expedite the update via a Quality updates policy. With this feature, we can expedite the installation of the most recent Windows 10/ 11 (preview) security updates. Then there is no need to manually install the update, or package it for deployment.
Deploy KB5040529 with a Quality update policy
To expedite the preview update and automatically install the update on our Windows devices, we can make use of the Quality Update feature in Intune.
The Quality update policy is found in the Microsoft Intune admin center under Devices, Windows 10, and later updates. On the Quality update tab, we have the option to create a new profile.
Provide a Name for the new Quality update profile and add a description (optional).
Select update 2024.07 D from the drop-down list.
And configure the number of days before a restart is forced.
Assign the profile to a group of your choice and let’s wait till the update is deployed.
Monitoring the update progress
To monitor the progress of this out-of-band update we have a report available in Intune.
This is found in the Reports section, under Windows updates.
To view the report, select the just created expedite update profile and hit the Generate report button.
It shows the Update status of this update. As you can see in this example on 5 devices the update is already installed and on the other 3 devices, the update is in progress.
And the preview update is automatically installed on your devices.
2 Comments
https://learn.microsoft.com/en-us/mem/intune/protect/windows-10-expedite-updates
With Expedite Windows quality updates in Microsoft Intune Only update builds that are generally available are supported. Preview builds, including the Beta and Dev channels, are not supported with expedited updates
KB5040527 is not a preview build but is a Cumulative Update preview, and is available to push with such an expedite update profile.