Managing Windows Update in Microsoft can be complicated — especially when admins implement more policies than necessary and don’t leverage the default settings while managing a variety of Windows devices.
To help admins better manage the update cycle in their organizations, Microsoft has released a Tech Community blog that details how to best manage Windows Update policies across and organization’s environment, including single-user devices, multi-user devices, education devices, kiosks and billboards, Microsoft Teams Rooms devices and others.
As with any software updates, security is the priority, but that must be balanced with the end user experience and the organization’s productivity needs. The policies explained by Microsoft are designed to limit downtime while keeping each device in an organization’s environment secure.
Although each category of devices should be treated differently, Microsoft urges admins to leverage the default Windows Update experience to keep users productive and secure. With default settings, devices will automatically scan for updates, download and install updates and restart daily at a time optimized to reduce downtime.
“For most scenarios, this is the best experience,” the company says in a Tech Community blog. “In fact, it is also what hundreds of millions of Windows users experience on their home or personal computers.”
However, Microsoft advises that some common use cases require additional policies admins should leverage to meet specific user requirements.
For example, managing updates on single-user devices require fewer disruptions during the workday in addition to protecting data before the update cycle starts. In addition, these devices need to meet specific compliance standards.
For these devices, Microsoft recommends using the policy, “Specify deadlines for automatic updates and restarts” keep the device up to date secure without impacting productivity.
For devices used by multiple users in a laboratory or library setting, Microsoft recommends using Group Policy to configure automatic updates and schedule install time to make sure updates are installed at specific times and outside periods of use with little end user ability to schedule the reboot.
These group policies for mutli-user devices include “Configure Automatic Updates”, “Remove access to use all Windows Update features”, “Turn off auto-restart for updates during active hours” and “Specify deadlines for automatic updates and restart.”
Microsoft defines education devices as single user or shares devices that may be stored in the classroom for shared use, so the company recommends turning off notifications and reboots during the school day using the group policies, “Display options for update notifications”, “Specify deadlines for automatic updates and restarts”, and “Turn off auto-restart for updates during active hour”.
Kiosks and billboards also require no notifications, reboots or end user interaction during active hours, so Microsoft recommends the policies “Display options for update notifications”, “Configure Automatic Updates”, Turn off auto-restart for updates during active hours”, and “Specify deadlines for automatic updates and restarts” to limit notifications, schedule updates and restarts outside of active hours and enforce update deadlines.
However, Microsoft also highlighted devices that most don’t think of as needing to update, including factory machines, critical infrastructure and, of course, rollercoasters. Unlike other use cases, these systems require end user action and absolutely no automatic reboots.
“Given the criticality of these devices, it is pivotal that they stay secure, stay functional, and are not interrupted in the middle of a task,” Microsoft says.
For Microsoft Teams Rooms, Micr4osoft recommends not setting any policies on device updates, as they are actively managed by Microsoft. Those policies could conflict with what the Teams Rooms management has in place, according to Microsoft.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply