Recovering from a bad Quality Update, when its fix is released "Out of Band", using Intune?

Occasional Contributor


Originally posted on Twitter, June 3rd,


To @microsoft @Windows @WindowsUpdate @windowsinsider @MSWindowsITPro


A thread/rant, after being unable to deploy functional PCs since May 10th, when Quality Update KB5013942 broke the @MicrosoftStore .


Being fully sold on the "Autopilot + Azure AD Joined + @MSIntune" dream, we expect updates (and drivers) to be published through Windows Update and applications to be in the Microsoft Store.


Most applications our company requires are not yet in the Store (including Microsoft's). So, we have to re-package them for installation through the Company Portal app. The Company Portal app is installed by the Microsoft Store… that broke May 10th.


I filed a bug report right away using Feedback Hub. Last I looked, there were no updates from Microsoft. Just tried to check and (ironically) Feedback Hub is broken, "We're having trouble connecting."


We have waited patiently for the update to the update (19044.1706 to 19044.1708) listed on the Windows 10 Release History Page. However, I just found our wait was in vain.


Reading the Known Issues section of KB5013942, it says something to the effect, "No big deal. Just install it manually. Or use WSUS. Or use MEMCM". What about those using Windows Update for Business (WUfB) on thousands of PCs, drop-shipping PCs to remote locations?


Many on my team believe Microsoft is not committed to Autopilot + Intune management. As proof, they point to incidents like this, applications not in the Store (including Microsoft's), and major hardware vendors (including Microsoft) not releasing drivers through Windows Update.


Are my expectations unreasonable?


@WindowsUpdate , when the fix to a bad update is "Out of Band", using Intune and Windows Update for Business to manage thousands of PCs, what are we to do? Wait till the next Patch Tuesday and hope for the best?

5 Replies
If you break me with "fill in the blank" you need to provide a way to fix me with "fill in the blank".
best response confirmed by NathanHartley (Occasional Contributor)
Hi @NathanHartley,

First, Thank you for the feedback and I'm sorry that you've experienced these issues. Our goal is to always provide the best possible products and services with the highest level of quality and functionality possible. Unfortunately, sometimes, things don't go as planned.

Next, for the root issue you called out, business impacting bugs, outages, and issues should be handled by contacting support. There's no SLA associated with feedback hub to my knowledge and only issues that do not significantly impact you, your org, and its business should be handled using it.

For our (Microsoft's commitment) to Autopilot and Intune, both are 100% the preferred solutions for Windows endpoint provisioning and management. We have a significant engineering investment in MEM and that is not planned to change. The store is slightly outside the scope of MEM and is currently undergoing some changes which is where I suspect the issues you have or are experiencing are rooted. These changes will bring a renewed emphasis on the store that includes adding our applications to it as well as third parties doing so as well (the changes will better enable this and make it easier as well).

On the driver front, we are all subject to whims of the OEMs as Microsoft is not in any way responsible for the vast majority of drivers published to WUfB. If you have issues in this regard, you should address these with and bring pressure on your preferred OEMs to publish their drivers to WUfB. Each OEM has their own perspective, and all have their own tools as well that they often prioritize. We are actively working on a better experience around delivering drivers and firmware from WUfB though that is fully integrated with Intune. Look for the public preview on this "soon". This will hopefully up the desire for OEMs to publish their drivers and firmware to WUfB.

Finally, on the specific issue of an optional update not being available to deploy via WUfB, this is a current design choice that we are looking to change. Keep in mind that all out of band updates are made available in the monthly cumulative update that follows the oob update's release, but we understand this delay may cause some pain on inconvenience. As for the workarounds, you can always download the update manually and package it as a Win32 app for deployment using Intune. I don't know why the KB article does not call this out, but this is something we have many customers perform when needed.
Thank you for the thorough reply. I will be sure to share this with my team.

While our PC support team waited for me to cave in and package the Quality Update that I was awaiting, they employed two workarounds. For new PCs, they installed a clean copy of Windows, created using the Media Creation Tool. This worked because that image does not have Quality Updates applied. Giving time to install whatever was needed before the broken update installed. For PCs that were in use, they assigned the Win32 software as "required".

Regarding contacting support, could someone point me in the right direction? Which support channel should I have used exactly? I find new Microsoft support options frequently and they all look as if they are run by different teams. I used Feedback Hub (as did many others with this problem) because I was sure that when Windows 10 was released, or I could be mixing it up with when I joined Windows Insiders, that we were to use Feedback Hub for reporting issues with Windows and Microsoft Store apps.
Feedback hub is for insiders.
Microsoft Support for business is what they recommend.
However I'd like to report that when I opened a bug for RDbroker service on Server 2022 getting removed with the March/April/May updates and we opened a support case, we were told by Microsoft support that they did not do root cause analysis unless we were a Premier customer. I had to use alternative means/social media to get someone to investigate the issue. Bottom line this process is not without issues as well.

As to putting pressure on OEMs, I have been trying.


For drivers, I encourage my team to only purchase products found in Windows Compatible Products List, or at least their drivers are found in Microsoft Update Catalog. So far, I have only re-packaged a few.


Until the recent announcement that the security model of the original Microsoft Store had been given up on, I have been praising and pressuring under the Twitter hashtags #ShouldBeUWP (all the tweets have this one), #ShouldBeMSIX and #CouldBeAPPX. Now I need a new hashtag.