Skip to Content

MC1191345: Windows quality updates during the out-of-box experience

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1191345: Windows quality updates during the out-of-box experience

Summary

  • Quality updates can be installed during the out-of-box experience (OOBE) for Windows 11, version 22H2 or later, starting January 2026.
  • Configuration of the “Install Windows updates” setting in the Enrollment Status Page (ESP) determines if updates are allowed during OOBE.
  • Devices with ESP disabled or using Windows Autopilot device preparation will not receive updates during OOBE.
  • Administrators should review and configure the ESP profile and update rings policy based on organizational requirements.
  • Documentation and user guidance should be updated accordingly.

Admin Impact: Medium
User Impact: Low
Release Start: 01 Jan 2026
Release End: 01 Jan 2026
Services: Intune
Category: Plan for change
Tags: Feature Update, Admin Action

History

12/1/2025 Item Added to Message Center

Microsoft Message

Beginning with the January 2026 Windows security update, quality updates can be installed during the out-of-box experience (OOBE) for devices that are on Windows 11, version 22H2 or later. You can enable and manage these updates through Intune’s Install Windows updates setting in the Enrollment Status Page (ESP).

How this will affect your organization

If you are using Windows Autopilot and ESP and have configured the Install Windows updates setting to “Yes”, updates will be delivered during OOBE. When configured to “No”, updates will be prevented during OOBE. Additionally, update rings settings (if assigned, as defined below) will be delivered during the ESP and the quality updates page will be shown while the update is applied after ESP completes. Refer to Set up the Enrollment Status Page for more details, requirements, and limitations.

Note: Devices enrolled with Windows Autopilot device preparation or ESP disabled cannot get Windows updates during OOBE, so they do not receive the latest security updates at that stage. Normal Windows update checks resume after OOBE is finished.

What you need to do to prepare

Review your ESP profile and ensure Install Windows updates setting is configured based on your organization’s requirements. To manage quality updates installed during OOBE for devices using ESP:

  1. In the ESP profile, set Install Windows updates to “Yes” to allow updates or “No” to prevent updates.
  2. (Recommended) Use or create an update rings policy to manage pause and deferral settings for quality updates. Quality updates installed during OOBE will follow this policy.
  3. Assign the ESP profile and the update rings policy to “All devices” or device groups with devices registered for Windows Autopilot.

Update your documentation and user guidance as needed.

Related information

Get ready for Windows quality updates out of the box