Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Windows Update for Business Rings
| Settings | Test | Pilot | Fast | Broad | Critical Devices | Comments |
|---|---|---|---|---|---|---|
| Policy name | Test Ring – Install updates immediately | Pilot Ring – Install updates after 2 days | Fast Ring – Install updates after 4 days | Broad Ring – Install updates after 7 days | Critical Ring – Install updates after 10 days. | |
| Microsoft product updates | Allow | Allow | Allow | Allow | Allow | Include updates for other Microsoft products from Windows Update. |
| Windows drivers | Allow | Allow | Allow | Allow | Allow | Include drivers from Windows Update. |
| Quality update deferral period (days) | 0 | 2 | 4 | 7 | 10 | Quality updates is deferred by the specified number of days after they're released. |
| Feature update deferral period (days) | 0 | 10 | 30 | 60 | 90 | Feature updates is deferred by the specified number of days after they're released. |
| Set feature update uninstall period | 30 | 30 | 30 | 30 | 30 | After this period expires, the previous update binaries are removed from the device, and the user can no longer revert to the previous version of Windows. |
| User Experience | ||||||
| Automatic update behavior | Auto install at reboot without end-user control | Auto install at maintenance time, outside of active hours | Auto install at maintenance time, outside of active hours | Auto install at maintenance time, outside of active hours | Auto install at maintenance time, outside of active hours | Active hours are configured to be between 8:00AM to 5:00PM by default. The maintenance time is outside of these hours. |
| Restart checks | Skip | Allow | Allow | Allow | Allow | Update processes (scan, download, install, and reboot) doesn't occur during scheduled Active Hours if this setting is enabled. |
| Option to pause Windows updates | Disable | Disable | Disable | Disable | Disable | Controls if the user is able to pause the installation of updates. |
| Option to check for Windows updates | Enable | Enable | Enable | Enable | Enable | Allow users to manually initiate a Windows Update scan to find, download, and install updates. |
| Change Update notification level | Use the default Windows Update notifications | Use the default Windows Update notifications | Use the default Windows Update notifications | Use the default Windows Update notifications | Use the default Windows Update notifications | |
| Use deadline settings | Allow | Allow | Allow | Allow | Allow | |
| Deadline for feature updates | 0 | 2 | 2 | 2 | 2 | Specifies the number of days before feature updates are installed on a device automatically. |
| Deadline for quality updates (days) | 0 | 2 | 2 | 2 | 2 | Specifies the number of days before quality updates are installed on a device automatically. |
| Grace period (days) | 0 | 2 | 2 | 2 | 2 | Specifies the number of days before a device automatically reboots after installing updates. |
| Auto reboot before deadline | Yes | Yes | Yes | Yes | No | When configured, the device attempts to restart outside of the defined active hours before the configured deadline to install updates. |
Delivery Optimization
| Settings | Configuration | Comments |
|---|---|---|
| Policy name | Production – Win10 – Delivery Optimization | |
| Download mode | HTTP blended with peering behind same NAT (1) | Specifies the Download method that Delivery optimization can use to manage network bandwidth consumption. |
| Bandwidth | ||
| Bandwidth optimization type | Not Configured | |
| Delay background HTTP download (in seconds) | 60 | The setting delays the HTTP download from Microsoft Update to prioritize the peer download. |
| Delay foreground HTTP download (in seconds) | 60 | The setting delays the HTTP download from Microsoft Update to prioritize the peer download. |
| Caching | ||
| Minimum RAM required for peer caching (in GB) | 4 | |
| Minimum disk size required for peer caching (in GB) | 32 | |
| Minimum content file size for peer caching (in MB) | 10 | |
| Minimum battery level required to upload (in %) | 60 | Minimum battery percentage required to allow Delivery Optimization to upload data to peers. |
| Modify cache drive | NA | |
| Maximum cache age (in days) | 7 | Specifies the maximum retention period of each content in the Delivery optimization cache. |
| Maximum cache size type | Not configured | |
| VPN peer caching | Disabled | Configures the device to participate in peer caching when connected over a VPN network. |
| Local Server Caching | ||
| Cache server fully qualified domain names (FQDN) or IP addresses | Optional. Host name of the server hosting the Delivery Optimization Cache Role | Delivery Optimization reference - Windows Deployment | Microsoft Docs. |
| Delay foreground download Cache Server fallback (in seconds) | 60 | The settings delays the fallback from Cache server to HTTP source for foreground content. |
| Delay background download Cache Server fallback (in seconds) | 60 | The settings delays the fallback from Cache server to HTTP source for background content. |
Update Compliance
| Settings | Configuration |
|---|---|
| Policy name | Windows Update Compliance |
| Administrative Templates | Windows Components > Data Collection and Preview Builds |
| Configure the Commercial ID | Enabled |
| CommercialID | {Enter your organizations commercial ID here} |
| System | |
| Allow Commercial Data Pipeline | Enabled |
| Allow device name to be sent in Windows diagnostic data | Allowed |
| Allow Telemetry | Basic |
| Allow Update Compliance Processing | Enabled |
| Configure Telemetry Opt In Change Notification | Enabled |
| Configure Telemetry Opt In Settings UX | Disable Telemetry opt-in Settings |
Windows Update Compliance policy
| Settings | Configuration |
|---|---|
| Policy name | Windows Update Operating System |
| Device Properties | |
| Minimum OS version | 10.0.17134.1 (example value) |
| Maximum OS version | Null |
| Minimum OS version for mobile devices | Null |
| Maximum OS version for mobile devise | Null |
| Valid Operating System Builds | {Empty} |
| Actions for noncompliance | |
| Mark Device noncompliant | Immediately |
| Send email to end-user | 0 |