Overview
This knowledge base will demonstrate how to manually approve or automatically approve all recommended driver updates. With Windows Driver Update management you can review, approve for deployment and pause deployments of driver updates for your managed Windows 10 and windows 11 devices.
The available Windows driver update policies are:
- Manually approve and deploy driver updates: With this option, each new driver update that is added to the policy has its status set to Needs review. An admin must edit the policy to change the status of each individual update to Approved before that update can deploy to applicable devices. When you manually approve an update, you can specify a date on which it becomes available for Windows Update to install on applicable devices. This date is distinct from the deferral period that is required for automatically approved updates in policies that use automatic approvals.
- Automatically approve all recommended driver updates: With this option, all new recommended driver updates that are added to the policy are added with a status of Approved and begin to install on applicable devices without having to be reviewed or approved by an admin. Use an automatic approval policy when you want to ensure the drivers on your devices remain current with an OEMs latest recommended update. All other updates that aren't a recommended driver update are added to the policies other driver list with a status of Needs review. Like updates added to a policy that use manual approval, before Windows Update can install them, an admin must explicitly assign these updates a status of Approved and can set a start date.
Prerequisites
You must have the following licenses, subscriptions and network configurations.
- Intune: Your tenant requires the Microsoft Intune Plan 1 subscription.
- Microsoft Entra ID: Microsoft Entra ID Free (or greater) subscription.
- Windows Editions:
- Pro
- Enterprise
- Education
- Pro for Workstations
- Windows subscription and licenses:
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Windows Virtual Desktop Access E3 or E5
- Microsoft 365 Business Premium
- Unsupported: Windows 10/11 Enterprise LTSC
- The device is running a version of Windows 10/11 that is still in support.
- The device is enrolled in Microsoft Intune and (hybrid) Entra joined.
- The telemetry is enabled, on the device, with a minimum level of Required.
- The Microsoft Account Sign-In Assistant (wlidsvc) service, on the device, is not Disabled.
- The device has access to the network endpoints required for Intune managed devices.
- The Intune setting Windows drivers, in an update ring, is set to Allow.
- The Intune setting Enable features that require Windows diagnostic data in processor configuration in turned On.
Note: If you're blocked when creating new policies for capabilities that require WUfB-DS and you get your licenses to use WUfB through an Enterprise Agreement (EA), contact the source of your licenses such as your Microsoft account team or the partner who sold you the licenses. The account team or partner can confirm that your tenants' licenses meet the WUfB-DS license requirements. See Enable subscription activation with an existing EA .
Create Windows driver update policies
1. Navigate to Microsoft Intune portal, then select Manage 10 and later updates.
2. Select Driver Updates then select Create profile.
3. Under Basics, enter the following:
Name: Driver Updates Policy - Pilot (Manual Approval)
Description: Driver Updates Policy - Pilot (Manual Approval)
Then select Next.
4. Under Settings, for the following, select Manually approve and deploy driver updates.
5. Under Scope tags, leave as default. Optional to change what is desired. Then select Next.
6. Under Assignments, select the required pilot groups then select Next.
7. Under Review + create, review the settings then select Create.
8. You can follow steps 4 to 8 to create the 'Driver Updates Policy - Production (Manual Approval)' where you assign it to 'All Devices' once pilot deployment has been satisfied.
9. Once the driver updates for Windows 10 and later profile is assigned, it can take up to 24 hours before the inventory of the Windows drivers update starts to populate.
Review Windows drivers
1. After 24 hours, the inventory has shown the list of Windows drivers update. Click on '26 to review'
2. This will load to 'Recommended drivers' tab
3. Click on each driver name, select Approve or Decline.
4. In this case, we will approve everything except for firmware (BIOS drivers). You can select when the update is available in 'Windows Update' by selecting a date DD/MM/YYYY. Then click Save.
5. Do this repeatedly for all the other drivers you see fit for your organisation.
6. For Firmware (BIOS drivers) or Intel - System, select 'Decline' then click Save.
It will then display with:
Any drivers related to 'Firmware' or 'Intel - System' will also be declined, there appear at the bottom of the page.
7. You can also select 'Bulk Actions' once the firmware (BIOS) or Intel - System have been declined. Select 'Bulk Actions'.
8. Under Select action, select the following:
Driver action: Approve multiple drivers
Make available in Windows Updates: 06/08/2024 
Then select Next.
9. Under select available drivers, tick on the boxes on the right-hand column to choose the drivers then click Save.
Then click Save.
10. Under Review + save, click on Save.
11. Then a pop-up will appear.
12. When the 'Driver updates for Windows 10 and later profile', the drivers are approved. The Windows device will pick up the approved updates.
13. Navigating back to 'Windows 10 and later updates', it now shows under Drivers to review: 0 to review.