Managing all of the devices used in a large organization or even an SMB can be difficult which is why Microsoft (opens in new tab) has released new guidance regarding the Windows Update policies admins should be using.
In a new blog post (opens in new tab), senior program manager at Microsoft, Aria Carley has shared a list of the policies admins should be setting for single-user devices, multi-user devices, education devices, kiosks, billboards, factory machines and more.
Carley’s first recommendation is the fewer policies, the better which is why admins should leverage the defaults first. By default, devices running Windows 11 (opens in new tab) will scan daily, automatically download and install any applicable updates at a time optimized to reduce interference.
In addition to personal tasks, single-user devices such as business laptops (opens in new tab) might be used for hybrid work (opens in new tab) and other tasks where interruption would hinder productivity. For these devices, Microsoft recommends using the following policies for quality updates: ConfigureDeadlineForQualityUpdates and Configure DeadlineGracePeriod. For feature updates though, admins should use the ConfigureDeadlineForFeatureUpdates and ConfigureDeadlineGracePeriodForFeatureUpdates policies.
Multi-user devices like a HoloLens (opens in new tab) or a workstation (opens in new tab) in a laboratory should be configured to show few to no notifications during use and they also shouldn’t automatically reboot while being used. As such, Microsoft recommends using its AllowAutoUpdate =3, ScheduledINstallTime, Update/SetDisableUXWUAccess, ActiveHoursStart and ActiveHoursEnd Windows Update policies.
Managing education devices, kiosks and billboards
Education devices (opens in new tab) are either single user or shared devices used by students and teachers in a shared setting. In a classroom setting, any form of notification can be extremely disruptive which is why Microsoft suggests using the UpdateNotificationLevel and NoUpdateNotificationsDuringActiveHours policies along with the ActiveHoursStart and ActiveHoursEnd policies.
Kiosks (opens in new tab) and billboards meanwhile feature simple user interfaces that can be used without training or documentation to accomplish a specific task or provide information. Still though, these devices need to stay secure and up to date without end users seeing “Restart now” notifications across their screens.
> Microsoft is working on fixing the fiddliest part of Windows updates (opens in new tab)
> Latest Microsoft Patch Tuesday release is the smallest for some time, but still fixed some serious bugs (opens in new tab)
> How to use the Microsoft Teams admin center (opens in new tab)
For this reason, Microsoft once again recommends that admins use its UpdateNotificationLevel, AllowAutoUpdate =3, ScheduledInstallTime, ActiveHoursStart, ActiveHoursEnd policies as well as those to specify deadlines for automatic updates and restarts.
These are just some of the examples mentioned in Carley’s blog post which all Windows admins should take a closer look at to prevent employees, end users and customers alike from being distracted by notifications and automatic restarts.
