Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows 10

Use Update Compliance to View Blocked Windows 10 Feature Updates

For organizations using Windows Update for Business (WUfB) or Windows Update, Microsoft often puts safeguard holds on Windows 10 feature updates to stop devices with known compatibility issues from receiving the updates. As Microsoft works with vendors to resolve the problems, safeguard holds are gradually lifted.

If you use Windows Server Update Services (WSUS), or another service for distributing updates to endpoints, you don’t need to worry about Microsoft’s safeguard holds. You are responsible for making sure that the feature updates you approve for distribution have been properly tested.

What is Update Compliance?

Update Compliance is an Azure Marketplace app that you can download for free. You can use it with Windows 10 Professional, Enterprise, and Education SKUs. It monitors the update status of your Windows endpoints.

To use Update Compliance, you need an Azure subscription that includes Log Analytics. Update Compliance is ideal for organizations that rely on WUfB to manage Windows Updates because it provides reporting that’s not part of WUfB.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

For more information on WUfB, see Why You Should Use Windows Update for Business Instead of Windows Server Update Services and Managing Windows 10 Updates in a Small Businesses Environment.

Windows 10 feature update safeguard holds

Microsoft uses telemetry data that it collects from devices to determine whether they are ready for a feature update. Feature updates are usually released twice yearly and can involve a full in-place upgrade of Windows 10.

Machine learning is used to process the telemetry data. And if a potential compatibility issue is identified, with either the hardware or a driver, Microsoft blocks the feature update for the device using a safeguard hold.

View safeguard hold details in Update Compliance

Before the latest announcement at the end of October, IT administrators were able to see which devices couldn’t update in Update Compliance because of safeguard holds. But now it is possible to see which individual safeguard hold is preventing a device updating.

Image #1 Expand
Use Update Compliance to View Blocked Windows 10 Feature Updates (Image Credit: Microsoft)


Two new queries help administrators view information about safeguard holds. “Devices with a safeguard hold” shows device data for all endpoints where safeguard holds are applied. And “Target build distribution of devices with a safeguard hold” shows how many endpoints have safeguard holds applied and which Windows 10 build they are currently running.

Update Compliance reports show the safeguard hold IDs in the DeploymentErrorCode column. You can check out safeguard hold IDs and the related issues for each Windows 10 release on the Windows release health dashboard.

Improving the Windows 10 update experience

Microsoft says information about widely deployed safeguard holds is publicly disclosed. But if a safeguard hold is due to a third-party software or hardware issue, it is often required to comply with confidentiality agreements.

The changes Microsoft has made to Update Compliance are designed to provide a better experience for administrators managing Windows endpoints. The new queries provide greater insight so that IT can understand why devices are not receiving Windows 10 feature updates.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: