New Policy to Let IT Admins Manage Windows 11 Updates During OOBE
Microsoft is giving IT admins more control over Windows 11 updates during setup.
Published: Feb 10, 2025
Key Takeaways:
- Microsoft is introducing a policy that allows organizations to manage whether new Windows 11 devices receive quality updates during OOBE.
- IT admins will be able to configure update settings using Windows Autopilot, Microsoft Intune, or Group Policy.
- This new policy will be available for enterprise customers in mid-2025.
Microsoft has announced a major change that will give organizations greater control over how updates are installed on new Windows 11 devices. A new policy will soon allow administrators to decide whether quality updates are applied during the out-of-box experience (OOBE).
Previously, users had to manually check for updates through Windows Update after setting up a new Windows 11 device. With Windows 11 version 24H2, Windows Setup now checks for updates multiple times during the setup process. This new approach ensures that the PC is fully updated before the customer begins using it, but it does result in a longer setup time.
How does the new IT policy for Windows 11 updates work?
Starting in mid-2025, Microsoft will introduce a new policy that will allow commercial customers to disable the installation of cumulative updates during OOBE. Administrators will be able to configure this new setting through Windows Autopilot and Windows Autopilot device preparation.
This policy will also let IT admins sync existing update settings, including deferrals and pause policies, across managed PCs. They can deploy it using MDM solutions like Microsoft Intune or traditional Group Policy methods.
“This change will help ensure devices in your organization are secure out of the box by getting the quality update at the end of their out-of-box experience. It can take an average of 20 minutes though the download and installation time will depend on the size of the update, the user’s network conditions, and the hardware capabilities of the device,” Microsoft explained.
Microsoft clarified that this new policy that allows businesses to disable cumulative updates during OOBE doesn’t apply to the OOBE Zero Day Package (ZDP) updates. The ZDP updates are critical updates that are automatically downloaded and installed when users first set up a new Windows device.
In related news, Microsoft has quietly removed instructions for installing Windows 11 on PCs that don’t meet the TPM 2.0 hardware requirements. The company advises users who installed Windows 11 on unsupported devices to switch back to Windows 10 as soon as possible.