WinGet default behavior: upgrade everything. Including Java, line-of-business dependencies, anything your apps rely on staying stable. That's how teams break production.
The fix: per-app version pinning. Before your upgrade sweep:
winget pin add --id Oracle.JavaRuntimeEnvironmentNow Java stays fixed. Everything else updates.
Same idea at the OS level. Most teams treat Windows versions as one pool. 23H2 devices behave differently than 24H2. We separate compliance by build — target each independently and control rollout instead of reacting to it.
Tomorrow — what a broken Intune environment actually looks like.
— Hal
If you're dealing with something like this, reply with ASSESS — I'll tell you if it's fixable.
Want more patterns like this?
Get the full 6-part guide — what Intune doesn't tell you, but you'll hit in production.