Windows 10|Windows Client OS

Understanding Windows Update for Business

In this Ask the Admin, I will explain what Windows Update for Business (WUfB) is and how it is different from Windows Update, Windows Server Update Services (WSUS), and System Center Configuration Manager (SCCM).



Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Windows pulls updates directly from Microsoft’s Windows Update servers. There are some limited options that users can set to determine when and how updates are downloaded and applied. But if organizations wanted to take control of the update process in Windows 8.1 or earlier, it involves installing some local infrastructure. This would be in the form of WSUS with or without SCCM integration. WSUS allows administrators to create deployment rings, download updates from Microsoft for distribution on a local area network, and decide when updates are applied to devices.

WUfB makes it easier for organizations to manage updates in Windows 10 Pro, Enterprise, and Education SKUs. Unlike the update mechanisms that most organizations are familiar with, WUfB does not require any infrastructure to be installed. Instead, it allows IT to control how updates are applied using Group Policy or Mobile Device Management (MDM). WUfB relies on the peer-to-peer technology in Windows 10 to efficiently distribute updates amongst devices on the local area network. A local server is not required. It is worth noting that WUfB does not include the reporting facilities provided by WSUS.

Configuring Windows Update for Business

To configure WUfB using MDM, a mobile-device management solution such as Microsoft Intune is required. And while Intune could manage updates for Windows 7 devices, it requires a client to be installed on each endpoint. WUfB is a clientless and serverless solution. The best way to configure WUfB using Group Policy is with Active Directory Group Policy. But WUfB can also be configured using local policy.

Windows Update for Business Group Policy settings in Windows 10 (Image Credit: Russell Smith)
Windows Update for Business Group Policy Settings in Windows 10 (Image Credit: Russell Smith)

The Group Policy settings for WUfB can be found under Computer Configuration > Administrative Templates > Windows Components > Windows Update. The available settings are below. They apply to Windows 10 version 1607 or above:

  • Select when Feature Updates are received
  • Select when Quality Updates are received
  • Do not include drivers with Windows Updates

The first two options allow IT to set updates to be deferred or paused. Feature updates can be deferred between 1 and 180 days or paused for up to 60 days. Quality updates can be deferred between 1 and 35 days or paused for up to 35 days.

In this article, I explained what WUfB is and how it can be configured using Group Policy or MDM.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: