From 57dda95fd759e66fc065e3c2228168a683a2bc89 Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Wed, 18 Jan 2023 11:43:28 -0500
Subject: [PATCH] More changes to Update CSP
---
.../mdm/policies-in-policy-csp-admx-backed.md | 2 +-
...in-policy-csp-supported-by-group-policy.md | 2 +-
.../mdm/policy-csp-update.md | 1499 ++++++++---------
3 files changed, 750 insertions(+), 753 deletions(-)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 36696838f9..c45d67308a 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -4,7 +4,7 @@ description: Learn about the ADMX-backed policies in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
-ms.date: 01/17/2023
+ms.date: 01/18/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index 7c231966ef..b5b7fa8d91 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
-ms.date: 01/17/2023
+ms.date: 01/18/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 04f5d87e6b..040028b422 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP.
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
-ms.date: 01/17/2023
+ms.date: 01/18/2023
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@@ -22,88 +22,325 @@ ms.topic: reference
Update CSP policies are listed below based on the group policy area:
-- [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
- - [BranchReadinessLevel](#branchreadinesslevel) (Select when Preview Builds and Feature Updates are received)
- - [DeferFeatureUpdatesPeriodInDays](#deferfeatureupdatesperiodindays) (Select when Preview Builds and Feature Updates are received)
- - [DeferQualityUpdatesPeriodInDays](#deferqualityupdatesperiodindays) (Select when Quality Updates are received)
- - [ExcludeWUDriversInQualityUpdate](#excludewudriversinqualityupdate) (Do not include drivers with Windows Updates)
- - [ManagePreviewBuilds](#managepreviewbuilds) (Manage preview builds)
- - [PauseFeatureUpdates](#pausefeatureupdates) (Select when Preview Builds and Feature Updates are received)
- - [PauseFeatureUpdatesStartTime](#pausefeatureupdatesstarttime) (Select when Preview Builds and Feature Updates are received)
- - [PauseQualityUpdates](#pausequalityupdates) (Select when Quality Updates are received)
- - [PauseQualityUpdatesStartTime](#pausequalityupdatesstarttime) (Select when Quality Updates are received)
- - [ProductVersion](#productversion) (Select the target Feature Update version)
- - [TargetReleaseVersion](#targetreleaseversion) (Select the target Feature Update version)
-- [Manage updates offered from Windows Server Update Service](#manage-updates-offered-from-windows-server-update-service)
- - [AllowUpdateService](#allowupdateservice) (Specify intranet Microsoft update service location)
- - [DetectionFrequency](#detectionfrequency) (Automatic Updates detection frequency)
- - [DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection](#donotenforceenterprisetlscertpinningforupdatedetection) (Specify intranet Microsoft update service location)
- - [FillEmptyContentUrls](#fillemptycontenturls) (Specify intranet Microsoft update service location)
- - [SetPolicyDrivenUpdateSourceForDriverUpdates](#setpolicydrivenupdatesourcefordriverupdates) (Specify intranet Microsoft update service location)
- - [SetPolicyDrivenUpdateSourceForFeatureUpdates](#setpolicydrivenupdatesourceforfeatureupdates) (Specify intranet Microsoft update service location)
- - [SetPolicyDrivenUpdateSourceForOtherUpdates](#setpolicydrivenupdatesourceforotherupdates) (Specify intranet Microsoft update service location)
- - [SetPolicyDrivenUpdateSourceForQualityUpdates](#setpolicydrivenupdatesourceforqualityupdates) (Specify intranet Microsoft update service location)
- - [SetProxyBehaviorForUpdateDetection](#setproxybehaviorforupdatedetection) (Specify intranet Microsoft update service location)
- - [UpdateServiceUrl](#updateserviceurl) (Specify intranet Microsoft update service location)
- - [UpdateServiceUrlAlternate](#updateserviceurlalternate) (Specify intranet Microsoft update service location)
-- [Manage end user experience](#manage-end-user-experience)
- - [ActiveHoursEnd](#activehoursend) (Turn off auto-restart for updates during active hours)
- - [ActiveHoursMaxRange](#activehoursmaxrange) (Specify active hours range for auto-restarts)
- - [ActiveHoursStart](#activehoursstart) (Turn off auto-restart for updates during active hours)
- - [AllowAutoUpdate](#allowautoupdate) (Configure Automatic Updates)
- - [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](#allowautowindowsupdatedownloadovermeterednetwork) (Allow updates to be downloaded automatically over metered connections)
- - [AllowMUUpdateService](#allowmuupdateservice) (Configure Automatic Updates)
- - [ConfigureDeadlineForFeatureUpdates](#configuredeadlineforfeatureupdates) (Specify deadlines for automatic updates and restarts)
- - [ConfigureDeadlineForQualityUpdates](#configuredeadlineforqualityupdates) (Specify deadlines for automatic updates and restarts)
- - [ConfigureDeadlineGracePeriod](#configuredeadlinegraceperiod) (Specify deadlines for automatic updates and restarts)
- - [ConfigureDeadlineGracePeriodForFeatureUpdates](#configuredeadlinegraceperiodforfeatureupdates) (Specify deadlines for automatic updates and restarts)
- - [ConfigureDeadlineNoAutoReboot](#configuredeadlinenoautoreboot) (Specify deadlines for automatic updates and restarts)
- - [NoUpdateNotificationsDuringActiveHours](#noupdatenotificationsduringactivehours) (Display options for update notifications)
- - [ScheduledInstallDay](#scheduledinstallday) (Configure Automatic Updates)
- - [ScheduledInstallEveryWeek](#scheduledinstalleveryweek) (Configure Automatic Updates)
- - [ScheduledInstallFirstWeek](#scheduledinstallfirstweek) (Configure Automatic Updates)
- - [ScheduledInstallFourthWeek](#scheduledinstallfourthweek) (Configure Automatic Updates)
- - [ScheduledInstallSecondWeek](#scheduledinstallsecondweek) (Configure Automatic Updates)
- - [ScheduledInstallThirdWeek](#scheduledinstallthirdweek) (Configure Automatic Updates)
- - [ScheduledInstallTime](#scheduledinstalltime) (Configure Automatic Updates)
- - [SetDisablePauseUXAccess](#setdisablepauseuxaccess) (Remove access to "Pause updates" feature)
- - [SetDisableUXWUAccess](#setdisableuxwuaccess) (Remove access to use all Windows Update features)
- - [SetEDURestart](#setedurestart) (Update Power Policy for Cart Restarts)
- - [UpdateNotificationLevel](#updatenotificationlevel) (Display options for update notifications)
-- [Legacy Policies](#legacy-policies)
- - [AutoRestartDeadlinePeriodInDays](#autorestartdeadlineperiodindays) (Specify deadline before auto-restart for update installation)
- - [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](#autorestartdeadlineperiodindaysforfeatureupdates) (Specify deadline before auto-restart for update installation)
- - [AutoRestartNotificationSchedule](#autorestartnotificationschedule) (Configure auto-restart reminder notifications for updates)
- - [AutoRestartRequiredNotificationDismissal](#autorestartrequirednotificationdismissal) (Configure auto-restart required notification for updates)
- - [DisableDualScan](#disabledualscan) (Do not allow update deferral policies to cause scans against Windows Update)
- - [EngagedRestartDeadline](#engagedrestartdeadline) (Specify Engaged restart transition and notification schedule for updates)
- - [EngagedRestartDeadlineForFeatureUpdates](#engagedrestartdeadlineforfeatureupdates) (Specify Engaged restart transition and notification schedule for updates)
- - [EngagedRestartSnoozeSchedule](#engagedrestartsnoozeschedule) (Specify Engaged restart transition and notification schedule for updates)
- - [EngagedRestartSnoozeScheduleForFeatureUpdates](#engagedrestartsnoozescheduleforfeatureupdates) (Specify Engaged restart transition and notification schedule for updates)
- - [EngagedRestartTransitionSchedule](#engagedrestarttransitionschedule) (Specify Engaged restart transition and notification schedule for updates)
- - [EngagedRestartTransitionScheduleForFeatureUpdates](#engagedrestarttransitionscheduleforfeatureupdates) (Specify Engaged restart transition and notification schedule for updates)
- - [ScheduleImminentRestartWarning](#scheduleimminentrestartwarning) (Configure auto-restart warning notifications schedule for updates)
- - [ScheduleRestartWarning](#schedulerestartwarning) (Configure auto-restart warning notifications schedule for updates)
- - [SetAutoRestartNotificationDisable](#setautorestartnotificationdisable) (Turn off auto-restart notifications for update installations)
-- [Maintenance Scheduler](#maintenance-scheduler)
- - [AutomaticMaintenanceWakeUp](#automaticmaintenancewakeup) (Automatic Maintenance WakeUp Policy)
-- [Other policies](#other-policies)
- - [AllowNonMicrosoftSignedUpdate](#allownonmicrosoftsignedupdate)
+- [Windows Insider Preview](#windows-insider-preview)
- [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
- [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
+- [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
+ - [AllowNonMicrosoftSignedUpdate](#allownonmicrosoftsignedupdate)
+ - [AutomaticMaintenanceWakeUp](#automaticmaintenancewakeup)
+ - [BranchReadinessLevel](#branchreadinesslevel)
+ - [DeferFeatureUpdatesPeriodInDays](#deferfeatureupdatesperiodindays)
+ - [DeferQualityUpdatesPeriodInDays](#deferqualityupdatesperiodindays)
+ - [DisableWUfBSafeguards](#disablewufbsafeguards)
+ - [ExcludeWUDriversInQualityUpdate](#excludewudriversinqualityupdate)
+ - [ManagePreviewBuilds](#managepreviewbuilds)
+ - [PauseFeatureUpdates](#pausefeatureupdates)
+ - [PauseFeatureUpdatesStartTime](#pausefeatureupdatesstarttime)
+ - [PauseQualityUpdates](#pausequalityupdates)
+ - [PauseQualityUpdatesStartTime](#pausequalityupdatesstarttime)
+ - [ProductVersion](#productversion)
+ - [TargetReleaseVersion](#targetreleaseversion)
+- [Manage updates offered from Windows Server Update Service](#manage-updates-offered-from-windows-server-update-service)
+ - [AllowUpdateService](#allowupdateservice)
+ - [DetectionFrequency](#detectionfrequency)
+ - [DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection](#donotenforceenterprisetlscertpinningforupdatedetection)
+ - [FillEmptyContentUrls](#fillemptycontenturls)
+ - [SetPolicyDrivenUpdateSourceForDriverUpdates](#setpolicydrivenupdatesourcefordriverupdates)
+ - [SetPolicyDrivenUpdateSourceForFeatureUpdates](#setpolicydrivenupdatesourceforfeatureupdates)
+ - [SetPolicyDrivenUpdateSourceForOtherUpdates](#setpolicydrivenupdatesourceforotherupdates)
+ - [SetPolicyDrivenUpdateSourceForQualityUpdates](#setpolicydrivenupdatesourceforqualityupdates)
+ - [SetProxyBehaviorForUpdateDetection](#setproxybehaviorforupdatedetection)
+ - [UpdateServiceUrl](#updateserviceurl)
+ - [UpdateServiceUrlAlternate](#updateserviceurlalternate)
+- [Manage end user experience](#manage-end-user-experience)
+ - [ActiveHoursEnd](#activehoursend)
+ - [ActiveHoursMaxRange](#activehoursmaxrange)
+ - [ActiveHoursStart](#activehoursstart)
+ - [AllowAutoUpdate](#allowautoupdate)
+ - [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](#allowautowindowsupdatedownloadovermeterednetwork)
+ - [AllowMUUpdateService](#allowmuupdateservice)
+ - [ConfigureDeadlineForFeatureUpdates](#configuredeadlineforfeatureupdates)
+ - [ConfigureDeadlineForQualityUpdates](#configuredeadlineforqualityupdates)
+ - [ConfigureDeadlineGracePeriod](#configuredeadlinegraceperiod)
+ - [ConfigureDeadlineGracePeriodForFeatureUpdates](#configuredeadlinegraceperiodforfeatureupdates)
+ - [ConfigureDeadlineNoAutoReboot](#configuredeadlinenoautoreboot)
- [ConfigureFeatureUpdateUninstallPeriod](#configurefeatureupdateuninstallperiod)
+ - [NoUpdateNotificationsDuringActiveHours](#noupdatenotificationsduringactivehours)
+ - [ScheduledInstallDay](#scheduledinstallday)
+ - [ScheduledInstallEveryWeek](#scheduledinstalleveryweek)
+ - [ScheduledInstallFirstWeek](#scheduledinstallfirstweek)
+ - [ScheduledInstallFourthWeek](#scheduledinstallfourthweek)
+ - [ScheduledInstallSecondWeek](#scheduledinstallsecondweek)
+ - [ScheduledInstallThirdWeek](#scheduledinstallthirdweek)
+ - [ScheduledInstallTime](#scheduledinstalltime)
+ - [SetDisablePauseUXAccess](#setdisablepauseuxaccess)
+ - [SetDisableUXWUAccess](#setdisableuxwuaccess)
+ - [SetEDURestart](#setedurestart)
+ - [UpdateNotificationLevel](#updatenotificationlevel)
+- [Legacy Policies](#legacy-policies)
+ - [AutoRestartDeadlinePeriodInDays](#autorestartdeadlineperiodindays)
+ - [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](#autorestartdeadlineperiodindaysforfeatureupdates)
+ - [AutoRestartNotificationSchedule](#autorestartnotificationschedule)
+ - [AutoRestartRequiredNotificationDismissal](#autorestartrequirednotificationdismissal)
- [DeferUpdatePeriod](#deferupdateperiod)
- [DeferUpgradePeriod](#deferupgradeperiod)
- - [DisableWUfBSafeguards](#disablewufbsafeguards)
+ - [DisableDualScan](#disabledualscan)
+ - [EngagedRestartDeadline](#engagedrestartdeadline)
+ - [EngagedRestartDeadlineForFeatureUpdates](#engagedrestartdeadlineforfeatureupdates)
+ - [EngagedRestartSnoozeSchedule](#engagedrestartsnoozeschedule)
+ - [EngagedRestartSnoozeScheduleForFeatureUpdates](#engagedrestartsnoozescheduleforfeatureupdates)
+ - [EngagedRestartTransitionSchedule](#engagedrestarttransitionschedule)
+ - [EngagedRestartTransitionScheduleForFeatureUpdates](#engagedrestarttransitionscheduleforfeatureupdates)
- [IgnoreMOAppDownloadLimit](#ignoremoappdownloadlimit)
- [IgnoreMOUpdateDownloadLimit](#ignoremoupdatedownloadlimit)
- [PauseDeferrals](#pausedeferrals)
- [PhoneUpdateRestrictions](#phoneupdaterestrictions)
- [RequireDeferUpgrade](#requiredeferupgrade)
- [RequireUpdateApproval](#requireupdateapproval)
+ - [ScheduleImminentRestartWarning](#scheduleimminentrestartwarning)
+ - [ScheduleRestartWarning](#schedulerestartwarning)
+ - [SetAutoRestartNotificationDisable](#setautorestartnotificationdisable)
+
+## Windows Insider Preview
+
+
+### ConfigureDeadlineNoAutoRebootForFeatureUpdates
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForFeatureUpdates
+```
+
+
+
+
+When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired for feature updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForFeatureUpdates is configured.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates |
+| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
+| Element Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates |
+
+
+
+
+
+
+
+
+
+### ConfigureDeadlineNoAutoRebootForQualityUpdates
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForQualityUpdates
+```
+
+
+
+
+When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired for quality updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates is configured.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureDeadlineNoAutoRebootForQualityUpdates |
+| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
+| Element Name | ConfigureDeadlineNoAutoRebootForQualityUpdates |
+
+
+
+
+
+
+
## Manage updates offered from Windows Update
+
+### AllowNonMicrosoftSignedUpdate
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/AllowNonMicrosoftSignedUpdate
+```
+
+
+
+
+Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft. |
+| 1 (Default) | Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the 'Trusted Publishers' certificate store of the local computer. |
+
+
+
+
+
+
+
+
+
+### AutomaticMaintenanceWakeUp
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/AutomaticMaintenanceWakeUp
+```
+
+
+
+
+This policy setting allows you to configure Automatic Maintenance wake up policy.
+
+The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect.
+
+- If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required.
+
+- If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 (Default) | Enabled. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | WakeUpPolicy |
+| Friendly Name | Automatic Maintenance WakeUp Policy |
+| Location | Computer Configuration |
+| Path | Windows Components > Maintenance Scheduler |
+| Registry Key Name | Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance |
+| Registry Value Name | WakeUp |
+| ADMX File Name | msched.admx |
+
+
+
+
+
+
+
+
### BranchReadinessLevel
@@ -283,6 +520,65 @@ Defers Quality Updates for the specified number of days. Supported values are 0-
+
+### DisableWUfBSafeguards
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1490] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1110] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363.1110] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.546] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/DisableWUfBSafeguards
+```
+
+
+
+
+This policy setting specifies that a Windows Update for Business device should skip safeguards.
+
+
+
+
+Safeguard holds prevent a device with a known compatibility issue from being offered a new OS version. The offering will proceed once a fix is issued and is verified on a held device. The aim of safeguards is to protect the device and user from a failed or poor upgrade experience. The safeguard holds protection is provided by default to all the devices trying to update to a new Windows 10 Feature Update version via Windows Update.
+
+IT admins can, if necessary, opt devices out of safeguard protections using this policy setting or via the **Disable safeguards for Feature Updates** Group Policy.
+
+> [!NOTE]
+> Opting out of the safeguards can put devices at risk from known performance issues. We recommend opting out only in an IT environment for validation purposes. Further, you can leverage the Windows Insider Program for Business Release Preview Channel in order to validate the upcoming Windows 10 Feature Update version without the safeguards being applied.
+>
+> The disable safeguards policy will revert to "Not Configured" on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft's default protection from known issues for each new feature update.
+>
+> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade, as you're bypassing the protection given by Microsoft pertaining to known issues.
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared. |
+| 1 | Safeguards are not enabled and upgrades will be deployed without blocking on safeguards. |
+
+
+
+
+
+
+
+
### ExcludeWUDriversInQualityUpdate
@@ -2162,6 +2458,47 @@ When enabled, devices will not automatically restart outside of active hours unt
+
+### ConfigureFeatureUpdateUninstallPeriod
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/ConfigureFeatureUpdateUninstallPeriod
+```
+
+
+
+
+Enable enterprises/IT admin to configure feature update uninstall period
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[2-60]` |
+| Default Value | 10 |
+
+
+
+
+
+
+
+
### NoUpdateNotificationsDuringActiveHours
@@ -3218,6 +3555,150 @@ The method can be set to require user action to dismiss the notification.
+
+### DeferUpdatePeriod
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/DeferUpdatePeriod
+```
+
+
+
+
+
+
+
+
+> [!NOTE]
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](../device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
+
+Allows IT Admins to specify update delays for up to four weeks. Supported values are 0-4, which refers to the number of weeks to defer updates.
+
+- If the **Specify intranet Microsoft update service location** policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+- If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+OS upgrade:
+
+- Maximum deferral: Eight months
+- Deferral increment: One month
+- Update type/notes:
+ - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
+
+Update:
+
+- Maximum deferral: One month
+- Deferral increment: One week
+- Update type/notes: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic:
+
+ - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
+ - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
+ - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
+ - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
+ - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
+ - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
+ - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
+ - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
+
+Other/can't defer:
+
+- Maximum deferral: No deferral
+- Deferral increment: No deferral
+- Update type/notes:
+ Any update category not enumerated above falls into this category.
+ - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-4]` |
+| Default Value | 0 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DeferUpgrade |
+| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
+| Element Name | DeferUpdatePeriodId |
+
+
+
+
+
+
+
+
+
+### DeferUpgradePeriod
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/DeferUpgradePeriod
+```
+
+
+
+
+
+
+
+
+Allows IT Admins to specify additional upgrade delays for up to 8 months. Supported values are 0-8, which refers to the number of months to defer upgrades.
+
+- If the **Specify intranet Microsoft update service location** policy is enabled, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect.
+- If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect.
+
+> [!NOTE]
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](../device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[0-8]` |
+| Default Value | 0 |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DeferUpgrade |
+| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
+| Element Name | DeferUpgradePeriodId |
+
+
+
+
+
+
+
+
### DisableDualScan
@@ -3707,688 +4188,6 @@ Enabling any of the following policies will override the above policy:
-
-### ScheduleImminentRestartWarning
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/ScheduleImminentRestartWarning
-```
-
-
-
-
-Allows the IT Admin to specify the period for auto-restart imminent warning notifications. The default value is 15 (minutes).
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 15 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 15 (Default) | 15 Minutes. |
-| 30 | 30 Minutes. |
-| 60 | 60 Minutes. |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | RestartWarnRemind |
-| Friendly Name | Configure auto-restart warning notifications schedule for updates |
-| Element Name | Warning (mins) |
-| Location | Computer Configuration |
-| Path | Windows Components > Windows Update > Legacy Policies |
-| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
-| ADMX File Name | WindowsUpdate.admx |
-
-
-
-
-
-
-
-
-
-### ScheduleRestartWarning
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/ScheduleRestartWarning
-```
-
-
-
-
-Enable this policy to control when notifications are displayed to warn users about a scheduled restart for the update installation deadline. Users are not able to postpone the scheduled restart once the deadline has been reached and the restart is automatically executed.
-
-Specifies the amount of time prior to a scheduled restart to display the warning reminder to the user.
-
-You can specify the amount of time prior to a scheduled restart to notify the user that the auto restart is imminent to allow them time to save their work.
-
-- If you disable or do not configure this policy, the default notification behaviors will be used.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 4 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 2 | 2 Hours. |
-| 4 (Default) | 4 Hours. |
-| 8 | 8 Hours. |
-| 12 | 12 Hours. |
-| 24 | 24 Hours. |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | RestartWarnRemind |
-| Friendly Name | Configure auto-restart warning notifications schedule for updates |
-| Element Name | Reminder (hours) |
-| Location | Computer Configuration |
-| Path | Windows Components > Windows Update > Legacy Policies |
-| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
-| ADMX File Name | WindowsUpdate.admx |
-
-
-
-
-
-
-
-
-
-### SetAutoRestartNotificationDisable
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/SetAutoRestartNotificationDisable
-```
-
-
-
-
-Allows the IT Admin to disable auto-restart notifications for update installations.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 0 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 (Default) | Enabled. |
-| 1 | Disabled. |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | AutoRestartNotificationDisable |
-| Friendly Name | Turn off auto-restart notifications for update installations |
-| Location | Computer Configuration |
-| Path | Windows Components > Windows Update > Legacy Policies |
-| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
-| ADMX File Name | WindowsUpdate.admx |
-
-
-
-
-
-
-
-
-## Maintenance Scheduler
-
-
-### AutomaticMaintenanceWakeUp
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1903 [10.0.18362] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/AutomaticMaintenanceWakeUp
-```
-
-
-
-
-This policy setting allows you to configure Automatic Maintenance wake up policy.
-
-The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note, that if the OS power wake policy is explicitly disabled, then this setting has no effect.
-
-- If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for the daily scheduled time, if required.
-
-- If you disable or do not configure this policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 1 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 | Disabled. |
-| 1 (Default) | Enabled. |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | WakeUpPolicy |
-| Friendly Name | Automatic Maintenance WakeUp Policy |
-| Location | Computer Configuration |
-| Path | Windows Components > Maintenance Scheduler |
-| Registry Key Name | Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance |
-| Registry Value Name | WakeUp |
-| ADMX File Name | msched.admx |
-
-
-
-
-
-
-
-
-## Other policies
-
-
-### AllowNonMicrosoftSignedUpdate
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/AllowNonMicrosoftSignedUpdate
-```
-
-
-
-
-Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution. This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 1 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 | Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft. |
-| 1 (Default) | Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the 'Trusted Publishers' certificate store of the local computer. |
-
-
-
-
-
-
-
-
-
-### ConfigureDeadlineNoAutoRebootForFeatureUpdates
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForFeatureUpdates
-```
-
-
-
-
-When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired for feature updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForFeatureUpdates is configured.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 0 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 (Default) | Disabled. |
-| 1 | Enabled. |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates |
-| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
-| Element Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates |
-
-
-
-
-
-
-
-
-
-### ConfigureDeadlineNoAutoRebootForQualityUpdates
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForQualityUpdates
-```
-
-
-
-
-When enabled, devices will not automatically restart outside of active hours until the deadline and grace period have expired for quality updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates is configured.
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 0 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 (Default) | Disabled. |
-| 1 | Enabled. |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | ConfigureDeadlineNoAutoRebootForQualityUpdates |
-| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
-| Element Name | ConfigureDeadlineNoAutoRebootForQualityUpdates |
-
-
-
-
-
-
-
-
-
-### ConfigureFeatureUpdateUninstallPeriod
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/ConfigureFeatureUpdateUninstallPeriod
-```
-
-
-
-
-Enable enterprises/IT admin to configure feature update uninstall period
-
-
-
-
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[2-60]` |
-| Default Value | 10 |
-
-
-
-
-
-
-
-
-
-### DeferUpdatePeriod
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/DeferUpdatePeriod
-```
-
-
-
-
-
-
-
-
-> [!NOTE]
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](../device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
-
-Allows IT Admins to specify update delays for up to four weeks. Supported values are 0-4, which refers to the number of weeks to defer updates.
-
-- If the **Specify intranet Microsoft update service location** policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-- If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-OS upgrade:
-
-- Maximum deferral: Eight months
-- Deferral increment: One month
-- Update type/notes:
- - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
-
-Update:
-
-- Maximum deferral: One month
-- Deferral increment: One week
-- Update type/notes: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic:
-
- - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
- - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
- - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
- - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
- - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
- - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
- - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
- - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
-
-Other/can't defer:
-
-- Maximum deferral: No deferral
-- Deferral increment: No deferral
-- Update type/notes:
- Any update category not enumerated above falls into this category.
- - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0-4]` |
-| Default Value | 0 |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | DeferUpgrade |
-| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
-| Element Name | DeferUpdatePeriodId |
-
-
-
-
-
-
-
-
-
-### DeferUpgradePeriod
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/DeferUpgradePeriod
-```
-
-
-
-
-
-
-
-
-Allows IT Admins to specify additional upgrade delays for up to 8 months. Supported values are 0-8, which refers to the number of months to defer upgrades.
-
-- If the **Specify intranet Microsoft update service location** policy is enabled, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect.
-- If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the Defer upgrades by, Defer updates by and Pause Updates and Upgrades settings have no effect.
-
-> [!NOTE]
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](../device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | Range: `[0-8]` |
-| Default Value | 0 |
-
-
-
-**Group policy mapping**:
-
-| Name | Value |
-|:--|:--|
-| Name | DeferUpgrade |
-| Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
-| Element Name | DeferUpgradePeriodId |
-
-
-
-
-
-
-
-
-
-### DisableWUfBSafeguards
-
-
-| Scope | Editions | Applicable OS |
-|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763.1490] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1110] and later
:heavy_check_mark: Windows 10, version 1909 [10.0.18363.1110] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.546] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later |
-
-
-
-```Device
-./Device/Vendor/MSFT/Policy/Config/Update/DisableWUfBSafeguards
-```
-
-
-
-
-This policy setting specifies that a Windows Update for Business device should skip safeguards.
-
-
-
-
-Safeguard holds prevent a device with a known compatibility issue from being offered a new OS version. The offering will proceed once a fix is issued and is verified on a held device. The aim of safeguards is to protect the device and user from a failed or poor upgrade experience. The safeguard holds protection is provided by default to all the devices trying to update to a new Windows 10 Feature Update version via Windows Update.
-
-IT admins can, if necessary, opt devices out of safeguard protections using this policy setting or via the **Disable safeguards for Feature Updates** Group Policy.
-
-> [!NOTE]
-> Opting out of the safeguards can put devices at risk from known performance issues. We recommend opting out only in an IT environment for validation purposes. Further, you can leverage the Windows Insider Program for Business Release Preview Channel in order to validate the upcoming Windows 10 Feature Update version without the safeguards being applied.
->
-> The disable safeguards policy will revert to "Not Configured" on a device after moving to a new Windows 10 version, even if previously enabled. This ensures the admin is consciously disabling Microsoft's default protection from known issues for each new feature update.
->
-> Disabling safeguards doesn't guarantee your device will be able to successfully update. The update may still fail on the device and will likely result in a bad experience post upgrade, as you're bypassing the protection given by Microsoft pertaining to known issues.
-
-
-
-**Description framework properties**:
-
-| Property name | Property value |
-|:--|:--|
-| Format | int |
-| Access Type | Add, Delete, Get, Replace |
-| Default Value | 0 |
-
-
-
-**Allowed values**:
-
-| Value | Description |
-|:--|:--|
-| 0 (Default) | Safeguards are enabled and devices may be blocked for upgrades until the safeguard is cleared. |
-| 1 | Safeguards are not enabled and upgrades will be deployed without blocking on safeguards. |
-
-
-
-
-
-
-
-
### IgnoreMOAppDownloadLimit
@@ -4720,6 +4519,204 @@ This policy is deprecated. Use Update/RequireUpdateApproval instead.
+
+### ScheduleImminentRestartWarning
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/ScheduleImminentRestartWarning
+```
+
+
+
+
+Allows the IT Admin to specify the period for auto-restart imminent warning notifications. The default value is 15 (minutes).
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 15 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 15 (Default) | 15 Minutes. |
+| 30 | 30 Minutes. |
+| 60 | 60 Minutes. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RestartWarnRemind |
+| Friendly Name | Configure auto-restart warning notifications schedule for updates |
+| Element Name | Warning (mins) |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Update > Legacy Policies |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
+| ADMX File Name | WindowsUpdate.admx |
+
+
+
+
+
+
+
+
+
+### ScheduleRestartWarning
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/ScheduleRestartWarning
+```
+
+
+
+
+Enable this policy to control when notifications are displayed to warn users about a scheduled restart for the update installation deadline. Users are not able to postpone the scheduled restart once the deadline has been reached and the restart is automatically executed.
+
+Specifies the amount of time prior to a scheduled restart to display the warning reminder to the user.
+
+You can specify the amount of time prior to a scheduled restart to notify the user that the auto restart is imminent to allow them time to save their work.
+
+- If you disable or do not configure this policy, the default notification behaviors will be used.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 4 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 2 | 2 Hours. |
+| 4 (Default) | 4 Hours. |
+| 8 | 8 Hours. |
+| 12 | 12 Hours. |
+| 24 | 24 Hours. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | RestartWarnRemind |
+| Friendly Name | Configure auto-restart warning notifications schedule for updates |
+| Element Name | Reminder (hours) |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Update > Legacy Policies |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
+| ADMX File Name | WindowsUpdate.admx |
+
+
+
+
+
+
+
+
+
+### SetAutoRestartNotificationDisable
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Update/SetAutoRestartNotificationDisable
+```
+
+
+
+
+Allows the IT Admin to disable auto-restart notifications for update installations.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Enabled. |
+| 1 | Disabled. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AutoRestartNotificationDisable |
+| Friendly Name | Turn off auto-restart notifications for update installations |
+| Location | Computer Configuration |
+| Path | Windows Components > Windows Update > Legacy Policies |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
+| ADMX File Name | WindowsUpdate.admx |
+
+
+
+
+
+
+
+