Community sign out New post
Miradore Management Suite Portal

Knowledge base

Knowledge base

Self-service support

  1. Miradore Support
  2. Miradore Online
  3. Configuration profiles

Windows Update

Follow

This article describes Miradore's Windows update configuration profile that can be used to deploy update policies and general update settings to your managed Windows 10 devices. This means that you can configure when and how Windows Updates are installed on devices and how the devices are restarted.

Requirements:

 

How to deploy windows update settings to a device

First you need to create a new configuration profile and define the update policies that are sent to the device. Start by navigating to Mobile management > Configuration profiles and start the Create configuration profile wizard from the Actions menu on the right. See Creating a configuration profile for more details.

 

Windows update policy settings

The available Windows update configuration profile settings are described below.

General

Automatic updates
 
Defines the type of automatic updates. Possible values are:
  • Notify user before downloading
  • Install automatically and notify user when restarting
  • Install and restart automatically (default)
  • Install automatically and restart on specific time
  • Install automatically and restart without end-user control
  • Disabled
 
Active hours start
 
Added in Windows 10, version 1607. Defines start of active hours. Update reboots are not scheduled during active hours. Supported values are 0-23 where 0 is 12 AM. The default value is 8 (8 AM).
 
Active hours end
 
End of active hours. Update reboots are not scheduled during active hours. Supported values are 0-23 where 0 is 12 AM. The default value is 17 (5 PM).
 
Scan app updates from Microsoft Update
 
Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
 

Advanced options

Update branch
 
Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from. The supported values are:
  • Fast ring - Windows Insider build (added in Windows 10, version 1709)
  • Slow ring - Windows Insider build (added in Windows 10, version 1709)
  • Release - Windows Insider build (added in Windows 10, version 1709)
  • Semi-annual targeted - Device gets all applicable feature updates from Semi-annual Channel (Targeted). This is the default value
  • Semi-annual - Device gets feature updates from Semi-annual Channel
Preview builds
 
Added in Windows 10, version 1709. Specifies if preview builds are considered when updating.
 
Update check frequency (1-22 hours)
 
Added in Windows 10, version 1703. Defines how often updates are checked. Supported values are 1-22 hours. Default value is 22 hours.
 
Disable dual scan
 
Added in Windows 10, version 1709, but was added to 1607 and 1703 service releases. Do not allow update deferral policies to cause scans against Windows Update. If this policy is not enabled, then configuring deferral policies will result in the client unexpectedly scanning Windows update. With the policy enabled, those scans are prevented, and users can configure deferral policies as much as they like. This is the same as the Group Policy in Windows Components > Window Update > Do not allow update deferral policies to cause scans against Windows Update.
 
Exclude Windows Update drivers during update
 
Added in Windows 10, version 1607. Specifies whether to exclude Windows Update drivers during updates.
 
Pause feature updates
 
Added in Windows 10, version 1607. Pauses feature updates for 60 days or when disabled again.
 
Defer feature updates until (0-365 days)
 
Added in Windows 10, version 1607. Defines how many days to defer feature updates. Supported values are 0-365 days. The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
 
Pause quality updates
 
Added in Windows 10, version 1607. Pauses quality updates for 35 days or when disabled again.
 
Defer quality updates until (0-30 days)
 
Added in Windows 10, version 1607. Defines how many days to defer quality updates. Supported values are 0-30 days. 
 

Schedule

Auto-restart imminent warning notification schedule
 
Added in Windows 10, version 1703. Specifies period for auto-restart imminent warning notifications. The default value is 15 minutes. Supported values are 15, 30, or 60 minutes.
 
Auto-restart warning notification schedule
 
Added in Windows 10, version 1703. Specifies period for auto-restart warning notifications. Supported values are 2, 4, 8, 12, or 24 hours. The default value is 4 hours.
 
Scheduled update install day
 
Specifies installation day for scheduled updates. Note! This field is configurable only if Install automatically and restart on specific time has been selected as automatic update type in general settings.
 
Install updates every week
 
Added in Windows 10, version 1709. Specifies if scheduled updates are installed on every week of the month. Note! This field is configurable only if Install automatically and restart on specific time has been selected as automatic update type in general settings.
 
Install updates on first week
 
Added in Windows 10, version 1709. Specifies if scheduled updates are installed on the first week of the month. Note! This field is configurable only if Install automatically and restart on specific time has been selected as automatic update type in general settings.
 
Install updates on second week
 
Added in Windows 10, version 1709. Specifies if scheduled updates are installed on the second week of the month. Note! This field is configurable only if Install automatically and restart on specific time has been selected as automatic update type in general settings.
 
Install updates on third week
 
Added in Windows 10, version 1709. Specifies if scheduled updates are installed on the third week of the month. Note! This field is configurable only if Install automatically and restart on specific time has been selected as automatic update type in general settings.
 
Install updates on fourth week
 
Added in Windows 10, version 1709. Specifies if scheduled updates are installed on the fourth week of the month. Note! This field is configurable only if Install automatically and restart on specific time has been selected as automatic update type in general settings.
 
Scheduled install time (0-23)
 
Specifies install time for scheduled updates. Supported values are 0-23 where 0 = 12 AM and 23 = 11 PM. The default value is 3. Note! This field is configurable only if Install automatically and restart on specific time has been selected as automatic update type in general settings.
 

Restart

Automatic restart deadline (2-30 days)
 
Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. Supported values are 2-30 days. The default value is 7 days.
 
Automatic restart notification schedule
 
Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications. Supported values are 15 minutes, 30 minutes, 1 hour, 2 hours, and 4 hours. The default value is 15 minutes.
 
Automatic restart notification dismissal type
 
Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed. Supported values are user dismissal and auto dismissal.
 
Turn off auto-restart notification
 
Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.
 
Skip restart checks (EDU)
 
Added in Windows 10, version 1703. Specifies whether all restart checks are skipped to ensure that reboot will happen at scheduled install time for devices in a cart (educational).
 
Automatic restart on pending restart (engaged)
 
Specifies if automatic scheduling and executing a pending restart is configured.
 
Engaged restart deadline (2-30 days)
 
Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling). Note! This field is configurable only if Automatic restart on pending restart (engaged) is checked.
 
Engaged restart snooze schedule (1-3 days)
 
Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications. Supported values are 1-3 days. The default value is 3 days.
 
Engaged restart transition schedule (2-30 days)
 
Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending. Supported values are 2-30 days. The default value is 7 days.
 

Metered connections

Allow automatic downloads over metered network
 
Added in Windows 10, version 1709. Defines if automatic updates can be downloaded over metered network (off by default).
 
Ignore mobile operator (MO) app download limit
 
Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
 
Ignore mobile operator (MO) update download limit
 
Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies.
 

Windows Server Update Service (WSUS)

Enable WSUS
 
Specifies if WSUS is enabled. Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premise deployments that need to update devices that cannot connect to the Internet.
 
Update service url
 
Specifies Windows Server Update Service (WSUS) location. Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premise MDMs that need to update devices that cannot connect to the Internet. Note! This field is configurable only if Enable WSUS is checked.
 
Alternative update service url
 
Specifies alternate Windows Server Update Service (WSUS) location. Note! This field is configurable only if Enable WSUS is checked.
 
Allow update service
 
Specifies if public Windows Update services are allowed when using WSUS and intranet update services. Note! This field is configurable only if Enable WSUS is checked.
 
Allow non Microsoft signed update
 
Specifies if device accepts updates from WSUS that are not signed by Microsoft. The update must be signed by a certificate found in the "Trusted Publishers" certificate store of the local computer. Note! This field is configurable only if Enable WSUS is checked.
 
Fill empty content urls
 
Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata Note! This field is configurable only if Enable WSUS is checked.
 
 
After you have created your configuration profile you can deploy it to the devices. See contact@miradore.com.