Windows 10

Microsoft announced a new policy that allows admins to control how optional updates are deployed on Windows 10 enterprise endpoints on their networks.

The policy will be available after installing the November optional update, and it can be configured as a Group Policy Object (GPO) or a Configuration Service Provider (CSP) policy to choose how monthly preview updates will be delivered to users across the entire organization via Windows Update for Business.

“With the upcoming November 2023 optional update, you will be able to automatically deploy optional Windows updates or enable users in your organization to get them just like on Windows 11,” Microsoft said.

“Configure this policy as a Group Policy Object (GPO) or as a Configuration Service Provider (CSP) policy and choose the types of optional updates that suit your organizational goals.

On Windows 10 devices where the new policy will be configured, users will have the option to choose to:

  • Automatically get the latest optional updates by selecting “Automatically receive optional updates (including CFRs).”
  • Only get the latest optional cumulative updates automatically if “Automatically receive optional updates” is selected.
  • Select what optional updates to get by visiting Settings > Windows Update › Advanced options > Optional updates after selecting “Users can select which optional updates to receive.”

Microsoft Program Manager Anton Fontanov said that all configured quality update deferral settings will be respected regardless of the option chosen after configuring the ‘Enable optional updates’ policy.

'Enable optional updates' policy
‘Enable optional updates’ policy (Microsoft)

​You can find the policy under:

  • Group Policy: Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows UpdateWindows Update for BusinessEnable optional updates
  • Configuration Service Provider (CSP) Policy: /Policy/Config/Update/AllowOptionalContent

Besides selecting the type of optional non-security updates to get, Windows 10 users will also have the option to toggle on “Get the latest updates as soon as they’re available” to get all the latest updates (this will require a system restart).

“Users that opt to do nothing will eventually receive the fixes and features in the optional updates as part of the following security or feature update,” Fontanov said.

“No matter which option they choose, be assured that your users’ devices will continue to get regular security updates per your configured policies.”

Since August, Windows 11 admins can also control how optional updates are being deployed on enterprise devices on devices managed with Windows Update for Business or Windows Server Update Services (WSUS).

Source: www.bleepingcomputer.com