From 7d1d0f9eb50415f71531834406ba76d24ef414dc Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 2 Sep 2022 12:07:03 -0700 Subject: [PATCH 1/7] metadata update --- windows/deployment/update/deploy-updates-configmgr.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md index ef6be01503..bc3f4c1e0e 100644 --- a/windows/deployment/update/deploy-updates-configmgr.md +++ b/windows/deployment/update/deploy-updates-configmgr.md @@ -2,9 +2,9 @@ title: Deploy Windows client updates with Configuration Manager description: Deploy Windows client updates with Configuration Manager ms.prod: w10 -author: aczechowski +author: mestew ms.localizationpriority: medium -ms.author: aaroncz +ms.author: mstewart ms.reviewer: manager: dougeby ms.topic: article From 0f664c7d1d62974ce83db76178a4f0ddee1bf0ad Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 16 Sep 2022 16:03:37 -0700 Subject: [PATCH 2/7] add aadajAttribution --- windows/deployment/update/waas-wu-settings.md | 41 ++++++++++++++++--- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index 4604ac1c8e..7ce0aae346 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -3,12 +3,12 @@ title: Manage additional Windows Update settings description: In this article, learn about additional settings to control the behavior of Windows Update. ms.prod: w10 ms.localizationpriority: medium -author: aczechowski -ms.author: aaroncz -manager: dougeby +author: mestew +ms.author: mstewart +manager: aaroncz ms.topic: article -ms.custom: seo-marvel-apr2020 ms.collection: highpri +date: 09/22/2022 --- # Manage additional Windows Update settings @@ -36,6 +36,7 @@ You can use Group Policy settings or mobile device management (MDM) to configure | [Allow signed updates from an intranet Microsoft update service location](#allow-signed-updates-from-an-intranet-microsoft-update-service-location) | [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | All | | [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) | [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | 1607 | | [Configure Automatic Updates](#configure-automatic-updates) | [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | All | +| | [Windows Update notifications display organization name](#bkmk_display-name)

*Organization name is displayed by default. A registry value can disable this behavior. | Windows 11 devices that are Azure Active Directory joined or registered | >[!IMPORTANT] >Additional information about settings to manage device restarts and restart notifications for updates is available on **[Manage device restarts after updates](waas-restart.md)**. @@ -230,7 +231,7 @@ To do this, follow these steps: > [!NOTE] > This setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions. -To use Automatic Updates with a server that is running Software Update Services, see the Deploying Microsoft Windows Server Update Services 2.0 guidance. +To use Automatic Updates with a server that is running Windows Software Update Services (WSUS), see the [Deploying Microsoft Windows Server Update Services](/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services) guidance. When you configure Automatic Updates directly by using the policy registry keys, the policy overrides the preferences that are set by the local administrative user to configure the client. If an administrator removes the registry keys at a later date, the preferences that were set by the local administrative user are used again. @@ -246,3 +247,33 @@ HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ * WUStatusServer (REG_SZ) This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS). + +## Display organization name in Windows Update notifications + +When Windows 11 clients are associated with an Azure AD tenant, the organization name appears in the Windows Update notifications. For instance, when you have a compliance deadline configured for Windows Update for Business, the user notification will display a message similar to **Contoso requires important updates to be installed**. The organization name will also display on the **Windows Update** page in the **Settings** for Windows 11. + +The organization name appears automatically for Windows 11 clients that are associated with Azure AD in any of the following ways: +- [Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join) +- [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) +- [Hybrid Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) + +To disable displaying the organization name in Windows Update notifications, add or modify the following in the registry: + + - **Registry key**: `HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsUpdate\Orchestrator\Configurations` + - **DWORD value name**: UsoDisableAADJAttribution + - **Value data:** 1 + +The following PowerShell script is provided as an example to you: +```powershell +$registryPath = "HKLM:\Software\Microsoft\WindowsUpdate\Orchestrator\Configurations" +$Name = "UsoDisableAADJAttribution" +$value = "1" + +if (!(Test-Path $registryPath)) { + + New-Item -Path $registryPath -Force | Out-Null + +} + +New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null +``` From 67584ca6335920febfce8d3f275bfe64c187f7d9 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 16 Sep 2022 16:15:12 -0700 Subject: [PATCH 3/7] add aadajAttribution --- windows/deployment/update/waas-wu-settings.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/deployment/update/waas-wu-settings.md b/windows/deployment/update/waas-wu-settings.md index 7ce0aae346..cfe3f8800a 100644 --- a/windows/deployment/update/waas-wu-settings.md +++ b/windows/deployment/update/waas-wu-settings.md @@ -269,10 +269,9 @@ $registryPath = "HKLM:\Software\Microsoft\WindowsUpdate\Orchestrator\Configurati $Name = "UsoDisableAADJAttribution" $value = "1" -if (!(Test-Path $registryPath)) { - - New-Item -Path $registryPath -Force | Out-Null - +if (!(Test-Path $registryPath)) +{ + New-Item -Path $registryPath -Force | Out-Null } New-ItemProperty -Path $registryPath -Name $name -Value $value -PropertyType DWORD -Force | Out-Null From 48dcfb109a1373848efe7c500afc3963ca5f3b08 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Sun, 18 Sep 2022 10:34:51 -0700 Subject: [PATCH 4/7] restart --- windows/deployment/update/waas-restart.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index a43f01d033..9b3d4c1fdd 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -10,6 +10,7 @@ ms.topic: article ms.custom: - seo-marvel-apr2020 ms.collection: highpri +date: 09/22/2022 --- # Manage device restarts after updates @@ -18,11 +19,11 @@ ms.collection: highpri **Applies to** - Windows 10 - +- Windows 11 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) -You can use Group Policy settings, mobile device management (MDM), or Registry (not recommended) to configure when devices will restart after a Windows 10 update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both. +You can use Group Policy settings, mobile device management (MDM), or Registry (not recommended) to configure when devices will restart after a Windows update is installed. You can schedule update installation and set policies for restart, configure active hours for when restarts will not occur, or you can do both. ## Schedule update installation @@ -100,7 +101,7 @@ To configure active hours max range through MDM, use [**Update/ActiveHoursMaxRan ## Limit restart delays -After an update is installed, Windows 10 attempts automatic restart outside of active hours. If the restart does not succeed after seven days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from seven days to any number of days between two and 14. +After an update is installed, Windows attempts automatic restart outside of active hours. If the restart does not succeed after seven days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from seven days to any number of days between two and 14. ## Control restart notifications @@ -198,10 +199,10 @@ There are three different registry combinations for controlling restart behavior ## Related articles -- [Update Windows 10 in the enterprise](index.md) +- [Update Windows in the enterprise](index.md) - [Overview of Windows as a service](waas-overview.md) -- [Configure Delivery Optimization for Windows 10 updates](../do/waas-delivery-optimization.md) -- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) +- [Configure Delivery Optimization for Windows updates](../do/waas-delivery-optimization.md) +- [Configure BranchCache for Windows updates](waas-branchcache.md) - [Configure Windows Update for Business](waas-configure-wufb.md) - [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) From 54ea9580c22ec6a6460e32569379cd7d5dcb6614 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Sun, 18 Sep 2022 13:40:43 -0700 Subject: [PATCH 5/7] add apply only during active houurs --- windows/deployment/update/waas-restart.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index 9b3d4c1fdd..c46490b56a 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -105,11 +105,24 @@ After an update is installed, Windows attempts automatic restart outside of acti ## Control restart notifications -In Windows 10, version 1703, we have added settings to control restart notifications for users. +### Display options for update notifications + +Starting in Windows 10 version 1809, you can define which Windows Update notifications are displayed to the user. This policy doesn't control how and when updates are downloaded and installed. You can use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Display options for update notifications** with these values: + +**0** (default) - Use the default Windows Update notifications +**1** - Turn off all notifications, excluding restart warnings +**2** - Turn off all notifications, including restart warnings + +To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-configuration-service-provider#update-updatenotificationlevel). + +Starting in Windows 11, version 22H2, **Apply only during active hours** was added as an additional option for **Display options for update notifications**. When **Apply only during active hours** is selected, the notifications will only be disabled during active hours when options `1` or `2` are used. To ensure that the device stays updated, a notification will still be shown during active hours if **Apply only during active hours** is selected and once a deadline has been reached when [Specify deadlines for automatic updates and restarts](wufb-compliancedeadlines.md) is configured. + +To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-csp-update#update-NoUpdateNotificationDuringActiveHours). + ### Auto-restart notifications -Administrators can override the default behavior for the auto-restart required notification. By default, this notification will dismiss automatically. +Administrators can override the default behavior for the auto-restart required notification. By default, this notification will dismiss automatically. This setting was added in Windows 10, version 1703. To configure this behavior through Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update** and select **Configure auto-restart required notification for updates**. When configured to **2 - User Action**, a user that gets this notification must manually dismiss it. From 254bec13c07f82e20ffbb5dfe3ea50dcf0b5133c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Sun, 18 Sep 2022 13:45:52 -0700 Subject: [PATCH 6/7] add apply only during active hours note --- windows/deployment/update/waas-restart.md | 3 +-- windows/deployment/update/waas-wufb-group-policy.md | 12 +++++++----- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index c46490b56a..42ddd4fd6b 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -115,11 +115,10 @@ Starting in Windows 10 version 1809, you can define which Windows Update notific To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-configuration-service-provider#update-updatenotificationlevel). -Starting in Windows 11, version 22H2, **Apply only during active hours** was added as an additional option for **Display options for update notifications**. When **Apply only during active hours** is selected, the notifications will only be disabled during active hours when options `1` or `2` are used. To ensure that the device stays updated, a notification will still be shown during active hours if **Apply only during active hours** is selected and once a deadline has been reached when [Specify deadlines for automatic updates and restarts](wufb-compliancedeadlines.md) is configured. +Starting in Windows 11, version 22H2, **Apply only during active hours** was added as an additional option for **Display options for update notifications**. When **Apply only during active hours** is selected, the notifications will only be disabled during active hours when options `1` or `2` are used. To ensure that the device stays updated, a notification will still be shown during active hours if **Apply only during active hours** is selected, and once a deadline has been reached when [Specify deadlines for automatic updates and restarts](wufb-compliancedeadlines.md) is configured. To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-csp-update#update-NoUpdateNotificationDuringActiveHours). - ### Auto-restart notifications Administrators can override the default behavior for the auto-restart required notification. By default, this notification will dismiss automatically. This setting was added in Windows 10, version 1703. diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 1aa46d22c9..2dce2b51e4 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -178,12 +178,14 @@ There are additional settings that affect the notifications. We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Display options for update notifications** with these values: -**0** (default) – Use the default Windows Update notifications -**1** – Turn off all notifications, excluding restart warnings -**2** – Turn off all notifications, including restart warnings +**0** (default) - Use the default Windows Update notifications +**1** - Turn off all notifications, excluding restart warnings +**2** - Turn off all notifications, including restart warnings -> [!NOTE] -> Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled. +Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled. + +> [!NOTE] +> Starting in Windows 11, version 22H2, **Apply only during active hours** was added as an additional option for **Display options for update notifications**. When **Apply only during active hours** is selected, the notifications will only be disabled during active hours when options `1` or `2` are used. To ensure that the device stays updated, a notification will still be shown during active hours if **Apply only during active hours** is selected, and once a deadline has been reached when [Specify deadlines for automatic updates and restarts](wufb-compliancedeadlines.md) is configured. Still more options are available in **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure auto-restart restart warning notifications schedule for updates**. This setting allows you to specify the period for auto-restart warning reminder notifications (from 2-24 hours; 4 hours is the default) before the update and to specify the period for auto-restart imminent warning notifications (15-60 minutes is the default). We recommend using the default notifications. From 3ec13229f4395b818ccd479c608fb267fa1b862f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Sun, 18 Sep 2022 13:50:41 -0700 Subject: [PATCH 7/7] formatting --- windows/deployment/update/waas-restart.md | 6 +++--- windows/deployment/update/waas-wufb-group-policy.md | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md index 42ddd4fd6b..46d0719b49 100644 --- a/windows/deployment/update/waas-restart.md +++ b/windows/deployment/update/waas-restart.md @@ -109,9 +109,9 @@ After an update is installed, Windows attempts automatic restart outside of acti Starting in Windows 10 version 1809, you can define which Windows Update notifications are displayed to the user. This policy doesn't control how and when updates are downloaded and installed. You can use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Display options for update notifications** with these values: -**0** (default) - Use the default Windows Update notifications -**1** - Turn off all notifications, excluding restart warnings -**2** - Turn off all notifications, including restart warnings +**0** (default) - Use the default Windows Update notifications
+**1** - Turn off all notifications, excluding restart warnings
+**2** - Turn off all notifications, including restart warnings
To configure this behavior through MDM, use [**Update/UpdateNotificationLevel**](/windows/client-management/mdm/policy-configuration-service-provider#update-updatenotificationlevel). diff --git a/windows/deployment/update/waas-wufb-group-policy.md b/windows/deployment/update/waas-wufb-group-policy.md index 2dce2b51e4..e5027dfc14 100644 --- a/windows/deployment/update/waas-wufb-group-policy.md +++ b/windows/deployment/update/waas-wufb-group-policy.md @@ -178,9 +178,9 @@ There are additional settings that affect the notifications. We recommend that you use the default notifications as they aim to provide the best user experience while adjusting for the compliance policies that you have set. If you do have further needs that are not met by the default notification settings, you can use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Display options for update notifications** with these values: -**0** (default) - Use the default Windows Update notifications -**1** - Turn off all notifications, excluding restart warnings -**2** - Turn off all notifications, including restart warnings +**0** (default) - Use the default Windows Update notifications
+**1** - Turn off all notifications, excluding restart warnings
+**2** - Turn off all notifications, including restart warnings
Option **2** creates a poor experience for personal devices; it's only recommended for kiosk devices where automatic restarts have been disabled.