Managing all the devices used in a large organization or even a small business can be difficult, which is why Microsoft has released new guidelines regarding Windows Update policies for administrators to use.
In a new blog post, Aria Carley, Senior Program Manager at Microsoft, shared a list of policies administrators should set for single-user devices, multi-user devices, educational devices, kiosks, panel displays, factory machinery, and plus.
Carley's first recommendation is that fewer policies are better, so administrators should take advantage of the default ones first. By default, devices running Windows 11 daily scan for, automatically download, and install all applicable updates at an optimized time to reduce interference.
In addition to personal tasks, single-user devices like business laptops can be used for hybrid work and other tasks where interruption would hinder productivity. For these devices, Microsoft recommends using the following policies for quality updates: ConfigureDeadlineForQualityUpdates and Configure DeadlineGracePeriod. However, for feature updates, administrators must use the ConfigureDeadlineForFeatureUpdates and ConfigureDeadlineGracePeriodForFeatureUpdates policies.
Multi-user devices such as HoloLens or a workstation in a lab should be configured to show few or no notifications while in use, nor should they automatically reboot while in use. As such, Microsoft recommends using its Windows update policies AllowAutoUpdate=3, ScheduledINstallTime, Update/SetDisableUXWUAccess, ActiveHoursStart, and ActiveHoursEnd.
Management of educational devices, kiosks and display panels
Educational devices are single-user or shared devices used by students and teachers in a shared environment. In a classroom, any form of notification can be extremely disruptive, which is why Microsoft suggests using the UpdateNotificationLevel and NoUpdateNotificationsDuringActiveHours policies with the ActiveHoursStart and ActiveHoursEnd policies.
Kiosks and billboards, on the other hand, feature simple user interfaces that can be used without training or documentation to perform a specific task or provide information. However, these devices must remain secure and up-to-date without end-users seeing "Restart Now" notifications on their screens.
For this reason, Microsoft again recommends that administrators use their UpdateNotificationLevel, AllowAutoUpdate=3, ScheduledInstallTime, ActiveHoursStart, ActiveHoursEnd policies, as well as those for specifying wait times for updates and automatic restarts.
These are just a few of the examples mentioned in Carley's blog post that all Windows administrators should take a closer look at to prevent employees, end-users, and customers from being distracted by notifications and automatic reboots.