Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows 10

Optimize Windows Update with New Update Baseline Tool for Windows 10

Microsoft’s servicing updates for Windows 10 have been controversial and confusing for consumers and businesses. Last year, Microsoft finally relented on the biannual feature updates somewhat by issuing a second feature update for Windows 10 that was delivered like a minor cumulative update for users on the first feature update released in 2019.

But that wasn’t the only change Microsoft has made to servicing since Windows 10 first launched. Microsoft removed the update deferral settings from Windows Update in the Windows 10 May 2020 Update Settings app because they caused too much confusion for users.

And back in 2017, Microsoft changed the Current Branch, Current Branch for Business, and Long Term Servicing Branch in favor of two servicing channels: Semi-Annual Channel and Long Term Servicing Channel.

Not only is servicing sometimes difficult to follow but Windows Update settings are also complex, adding to the overall confusion about how to configure updates to complete in a timely way but without annoying users.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Windows 10 Update Baseline

To address this issue, Microsoft released the Windows 10 Update Baseline tool in June. The tool comes with advice about how to optimize Windows Update settings, including Microsoft’s recommended update settings in the form of a Group Policy Object (GPO) that can be imported into the Group Policy Management Console (GPMC).

Windows Update settings optimized for velocity and user experience

The tool contains a detailed PDF explaining the different settings that affect Windows Server Update Services (WSUS) and Windows Update for Business (WUfB). And how those settings relate to update velocity and the effect on user productivity.

For example, organizations often determine a compliance deadline by which time devices should receive the latest updates. Microsoft explains that Windows components adapt their behavioral heuristics based on compliance deadlines. Windows can also make tradeoffs between user experience and update velocity to ensure that the compliance deadlines you set are met.

At 44 pages long, the document provides a comprehensive look at how Windows Update settings work in practice. You will find everything you need to know about Windows Update settings in one place.

At the end of the document, there’s a policy and settings reference guide that lists all Microsoft’s recommended Group Policy and Mobile Device Management (MDM) settings for Windows Update. The settings are optimized for velocity and user experience.

Group Policy and MDM settings

Organizations that would like to deploy Microsoft’s recommended Windows Update settings in their environments can use the provided script to import the GPO into GPMC. Although the PDF provided with the script states that the settings in the GPO differ slightly from those outlined in the whitepaper. So, that’s worth checking out.

Active Directory (AD) administrators can decide where to link the GPO so that it overrides any existing Windows Update settings in an environment. But like always, it’s best to test out the settings in a lab environment before applying them in production.

If you want to set Microsoft’s recommended Windows Update settings using MDM, you’ll need to configure each setting manually in Microsoft Intune or other MDM solutions.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: