In a post on the Windows IT Pro Blog, Microsoft has provided what it describes as “an easy, go-to reference” for sysadmins to help them choose which Widows Update policies to put in place.
There is different advice for single-user devices, multi-user devices, education devices, kiosks, billboards, factory machines, and Microsoft Teams Room devices. Microsoft kicks off with a pretty simple suggestion: “The fewer policies, the better. Leverage the defaults!”. That said, there are also lots of recommendations for different scenarios.
The blog post has been penned by Aria Carley who previously wrote a guide to the Windows Update policies that users should not set. This time, the focus is on the policies that are helpful.
Things kick off with a recommendation for single user device to configure the “Specify deadlines for automatic updates and restarts” policy. This involves setting the deadline and grace period for quality updates and feature updates.
There is different advice for multi-user devices with Microsoft noting:
For these devices, there may be a set period when they are able to be used. For example, if they are plugged in overnight in a laboratory that doesn’t allow access post 12AM, you could confidently update them at that time. Additionally, you likely don’t want to have the end user schedule the update as they may inconveniently schedule it during a time another user is present, which would result in a poor experience.
Four key polices are suggested: Configure Automatic Updates, Remove access to use all Windows Update features, Turn off auto-restart for updates during active hours, and Specify deadlines for automatic updates and restarts.
Take a look at the blog post for Microsoft’s full list of recommendations.
Image credit: Walter Cicchetti / Shutterstock