In today’s Ask the Admin, I’ll show you how to configure Windows Update for Business in the Windows 10 November update (build 1511).
Along with the visual and performance improvements in the Windows 10 November update are features designed to encourage businesses to adopt Microsoft’s new operating system. While still a work in progress, as is the rest of Windows 10, Windows Update for Business is a set of options that give businesses more control over when updates are installed.
Before the latest update, Windows 10 (build 10240) Professional and Enterprise edition owners could defer non-security updates for a few months using the Defer upgrades checkbox under Advanced options in the Windows Update section of the Settings app, or using Group Policy. Now a new Group Policy setting has been added to give businesses more flexibility.
While none of this is much of problem for organizations that use System Center Configuration Manager (SCCM) or Windows Server Update Services (WSUS) for distributing updates, smaller businesses that connect directory to Microsoft’s update servers need more control over updates.
Windows Update for Business isn’t a product, but set of controls built-in to Windows 10. Additionally, there are three branches to which devices can be subscribed:
If you don’t make any changes to your Windows 10 device, you are by default subscribed to the Current Branch. If you check the Defer upgrades box in Windows Update settings, you are then part of the Current Branch for Business. It’s important to note that none of the branches prevent critical security updates from installing, they are only designed to stop updates that include fixes and new functionality.
Before you get started, if you’re not familiar with Group Policy, take a look at How to Create and Link a Group Policy Object in Active Directory on the Petri IT Knowledgebase for a primer on working with Active Directory Group Policy Objects (GPOs). If you don’t have Active Directory but do have Windows 10 Professional or Enterprise editions, you can set the Windows Update configuration in local policy, which can be accessed using the Microsoft Management Console (MMC):
The GPO options for deferring upgrades and updates are as follows:
If the GPO is enabled but both the Defer Upgrades and Defer Updates settings are set to 0, computers within scope will be part of the Current Branch for Business.
The new Windows Update settings will be deployed to computers that fall in scope of the GPO or local policy object when Group Policy is refreshed.