Microsoft recommends these Windows Update policies for devices in your organization


Managing Windows Update in Microsoft can be complicated, especially when administrators implement more policies than necessary and don’t use default settings when managing a variety of Windows devices.

To help administrators better manage the update cycle in their organizations, Microsoft has released a Tech Community Blog that details how to best manage Windows Update policies across the organization’s environment, including devices. single-user, multi-user devices, educational devices, kiosks and display panels. , Microsoft Teams Rooms and other devices.

As with all software updates, security is the priority, but this must be balanced with the end-user experience and the productivity needs of the organization. The policies explained by Microsoft are designed to limit downtime while ensuring the security of every device in an organization’s environment.

Although each device category should be treated differently, Microsoft urges administrators to leverage the default Windows Update experience to maintain user productivity and security. With default settings, devices automatically check for updates, download and install updates, and restart daily at an optimized time to reduce downtime.

“For most scenarios, this is the best experience,” the company says in a Tech Community blog. “In fact, that’s also what hundreds of millions of Windows users experience on their home or personal computer.”

However, Microsoft says some common use cases require additional strategies that administrators should leverage to meet specific user needs.

For example, managing updates on single-user devices requires fewer interruptions during the workday in addition to protecting data before the update cycle begins. In addition, these devices must meet specific compliance standards.

For these devices, Microsoft recommends using the “Specify delays for automatic updates and restarts” policy to safely keep the device up to date without affecting productivity.

For devices used by multiple users in a lab or library, Microsoft recommends using Group Policy to configure automatic updates and schedule installation time to ensure updates are installed at specific times and out of use periods with little ability for the end user to schedule the reboot.

These group policies for multi-user devices include “Configure automatic updates”, “Remove access to use all Windows Update features”, “Disable automatic updates restart during active hours” and “Specify delays for automatic updates and restarts”.

Microsoft defines educational devices as single-user devices or shared devices that can be stored in the classroom for shared use. The company therefore recommends disabling notifications and restarting during the school day using group policies, “Display options for update notifications”, “Specify timeouts”. for automatic updates and restarts” and “Disable automatic restart for updates during active hour”.

Kiosks and billboards also do not require notifications, restarts, or end-user interaction during business hours. Microsoft therefore recommends the policies “Display options for update notifications”, “Configure automatic updates”, Disable automatic restart of updates during active hours” and “Specify timeouts for updates”. automatic updates and restarts” to limit notifications, schedule updates and restarts outside of active hours, and enforce update deadlines.

However, Microsoft has also highlighted devices that most don’t see as needing an update, including factory machines, critical infrastructure and, of course, roller coasters. Unlike other use cases, these systems require end-user action and absolutely no automatic restarts.

“Given the criticality of these devices, it’s critical that they stay secure, stay functional, and don’t get interrupted in the middle of a task,” Microsoft says.

For Microsoft Teams Rooms, Micr4osoft recommends not setting any policy on device updates, as they are actively managed by Microsoft. These policies could conflict with what Teams Rooms management has in place, according to Microsoft.


About Author

Comments are closed.