Microsoft to admins: These are the Windows Update policies you should be using

(Image credit: Shutterstock)

Managing all of the devices used in a large organization or even an SMB can be difficult which is why Microsoft has released new guidance regarding the Windows Update policies admins should be using.

In a new blog post, senior program manager at Microsoft, Aria Carley has shared a list of the policies admins should be setting for single-user devices, multi-user devices, education devices, kiosks, billboards, factory machines and more.

Carley’s first recommendation is the fewer policies, the better which is why admins should leverage the defaults first. By default, devices running Windows 11 will scan daily, automatically download and install any applicable updates at a time optimized to reduce interference.

In addition to personal tasks, single-user devices such as business laptops might be used for hybrid work and other tasks where interruption would hinder productivity. For these devices, Microsoft recommends using the following policies for quality updates: ConfigureDeadlineForQualityUpdates and Configure DeadlineGracePeriod. For feature updates though, admins should use the ConfigureDeadlineForFeatureUpdates and ConfigureDeadlineGracePeriodForFeatureUpdates policies.

Multi-user devices like a HoloLens or a workstation in a laboratory should be configured to show few to no notifications during use and they also shouldn’t automatically reboot while being used. As such, Microsoft recommends using its AllowAutoUpdate =3, ScheduledINstallTime, Update/SetDisableUXWUAccess, ActiveHoursStart and ActiveHoursEnd Windows Update policies.

Managing education devices, kiosks and billboards

Education devices are either single user or shared devices used by students and teachers in a shared setting. In a classroom setting, any form of notification can be extremely disruptive which is why Microsoft suggests using the UpdateNotificationLevel and NoUpdateNotificationsDuringActiveHours policies along with the ActiveHoursStart and ActiveHoursEnd policies.

Kiosks and billboards meanwhile feature simple user interfaces that can be used without training or documentation to accomplish a specific task or provide information. Still though, these devices need to stay secure and up to date without end users seeing “Restart now” notifications across their screens.

For this reason, Microsoft once again recommends that admins use its UpdateNotificationLevel, AllowAutoUpdate =3, ScheduledInstallTime, ActiveHoursStart, ActiveHoursEnd policies as well as those to specify deadlines for automatic updates and restarts.

These are just some of the examples mentioned in Carley’s blog post which all Windows admins should take a closer look at to prevent employees, end users and customers alike from being distracted by notifications and automatic restarts.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.