Microsoft is introducing a new feature that allows Windows administrators to automate the installation of quality updates during the Out of Box Experience (OOBE) on eligible Windows devices. From next month, devices running Windows 11 version 22H2 or later, and connected to Microsoft Entra or Entra hybrid environments, will automatically check for and install relevant updates during the final stage of the OOBE process. The new functionality aims to ensure that devices are fully updated before users sign in for the first time, significantly enhancing initial setup efficiency.
Control and Convenience for Administrators
Administrators can manage this new update behavior using the Windows Autopilot Enrollment Status Page (ESP) policy. While the system updates during OOBE comply with existing pause and deferral settings, new installations will default to enabling this feature for newly created ESP profiles. It is crucial to note that if a device does not employ an ESP profile, the update feature cannot be disabled, though it previously could be managed using PowerShell scripts.
This new capability arrives as part of Microsoft's ongoing improvements in automating and streamlining device management. The upcoming change eliminates the need for manual intervention using PowerShell to install updates during OOBE, thereby simplifying and speeding up the administrative processes associated with deploying new devices.
Requirements and Availability
To leverage this feature, devices need to have been imaged with the June 2025 non-security update or received the subsequent August 2025 update. Additionally, they must implement a Windows Autopilot ESP. While Microsoft endorses the use of Intune for managing these settings, certain non-Microsoft Mobile Device Management (MDM) solutions are expected to support similar functionalities.
The rollout of this feature is set to coincide with the September 2025 Windows security update, marking a significant step forward in encapsulating device deployment under a more unified and efficient framework. By ensuring devices are thoroughly updated before their first use, OOBE is helping businesses reduce potential vulnerabilities and administrative overhead associated with device setup.
This enhancement is poised to align with modern IT management strategies that prioritize reduced downtime and increased security from the very beginning of device use.