Merge branch 'main' into release-win11-2309

windows/deployment/update/check-release-health.md

@@ -1,14 +1,19 @@
 ---
 title: How to check Windows release health
 description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption.
-ms.date: 06/07/2023
+ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 ms.author: mstewart
 author: mestew
 manager: aaroncz
-ms.reviewer: mstewart
+ms.collection:
-ms.topic: how-to
+  - tier2
-ms.prod: windows-client
+ms.localizationpriority: medium
-ms.technology: itpro-updates
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 06/07/2023
 ---
 
 # How to check Windows release health

windows/deployment/update/create-deployment-plan.md

@@ -1,28 +1,28 @@
 ---
 title: Create a deployment plan
-description: Devise the number of deployment rings you need and how you want to populate them
+description: Devise the number of deployment rings you need and how you want to populate each of the deployment rings.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
+ms.collection:
-ms.technology: itpro-updates
+  - tier2
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 12/31/2017
 ---
 
 # Create a deployment plan
 
-**Applies to**
-
--   Windows 10
--   Windows 11
-
 A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
 
-When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We’ve found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
+When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We've found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
 
-At the highest level, each “ring” comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
+At the highest level, each ring comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
 
 A common ring structure uses three deployment groups:
 
@@ -31,7 +31,7 @@ A common ring structure uses three deployment groups:
 - Broad: Wide deployment
 
 > [!NOTE]
-> Organizations often use different names for their “rings," for example:
+> Organizations often use different names for their rings, for example:
 > - First > Fast > Broad
 > - Canaries > Early Adopters > Users
 > - Preview > Broad > Critical
@@ -45,8 +45,8 @@ There are no definite rules for exactly how many rings to have for your deployme
 
 There are basically two strategies for moving deployments from one ring to the next. One is service-based, the other project based.
 
-- "Red button" (service based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the “red button” to stop further distribution.
+- "Red button" (service based): Assumes that content is good until proven bad. Content flows until an issue is discovered, at which point the IT administrator presses the "red button" to stop further distribution.
-- Green button (project based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the “green button” to push the content to the next ring.
+- Green button (project based): Assumes that content is bad until proven good. Once all validation has passed, the IT administrator presses the "green button" to push the content to the next ring.
 
 When it comes to deployments, having manual steps in the process usually impedes update velocity. A "red button" strategy is better when that is your goal. 
 
@@ -84,7 +84,7 @@ Analytics can help with defining a good Limited ring of representative devices a
 
 ### Who goes in the Limited ring?
 
-The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented. It's important that the people selected for this ring are using their devices regularly to generate the data you'll need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don’t have the applications or device drivers that are truly a representative sample of your network.
+The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented. It's important that the people selected for this ring are using their devices regularly to generate the data you'll need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don't have the applications or device drivers that are truly a representative sample of your network.
 
 
 During your pilot and validate phases, you should focus on the following activities:
@@ -93,11 +93,11 @@ During your pilot and validate phases, you should focus on the following activit
 - Assess and act if issues are encountered.
 - Move forward unless blocked.
 
-When you deploy to the Limited ring, you’ll be able to gather data and react to incidents happening in the environment, quickly addressing any issues that might arise. Ensure you monitor for sufficient adoption within this ring. Your Limited ring represents your organization across the board. When you achieve sufficient adoption, you can have confidence that your broader deployment will run more smoothly.
+When you deploy to the Limited ring, you'll be able to gather data and react to incidents happening in the environment, quickly addressing any issues that might arise. Ensure you monitor for sufficient adoption within this ring. Your Limited ring represents your organization across the board. When you achieve sufficient adoption, you can have confidence that your broader deployment will run more smoothly.
 
 ## Broad deployment
 
-Once the devices in the Limited ring have had a sufficient stabilization period, it’s time for broad deployment across the network.
+Once the devices in the Limited ring have had a sufficient stabilization period, it's time for broad deployment across the network.
 
 ### Who goes in the Broad deployment ring?
 

windows/deployment/update/deployment-service-drivers.md

@@ -1,19 +1,24 @@
 ---
-title: Deploy drivers and firmware updates with Windows Update for Business deployment service.
+title: Deploy drivers and firmware updates
-description: Use Windows Update for Business deployment service to deploy driver and firmware updates. 
+titlesuffix: Windows Update for Business deployment service
+description: Use Windows Update for Business deployment service to deploy driver and firmware updates to devices.
 ms.prod: windows-client
+ms.technology: itpro-updates
+ms.topic: conceptual
 author: mestew
-ms.localizationpriority: medium
 ms.author: mstewart
 manager: aaroncz
-ms.topic: article
+ms.collection:
-ms.technology: itpro-updates
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 06/22/2023
 ---
 
 # Deploy drivers and firmware updates with Windows Update for Business deployment service
 <!--7260403, 7512398-->
-***(Applies to: Windows 11 & Windows 10)***
 
 The Windows Update for Business deployment service is used to approve and schedule software updates. The deployment service exposes its capabilities through the [Microsoft Graph API](/graph/use-the-api). You can call the API directly, through a [Graph SDK](/graph/sdks/sdks-overview), or integrate them with a management tool such as [Microsoft Intune](/mem/intune). 
 

windows/deployment/update/deployment-service-expedited-updates.md

@@ -1,20 +1,24 @@
 ---
-title: Deploy expedited updates with Windows Update for Business deployment service
+title: Deploy expedited updates
-description: Use Windows Update for Business deployment service to deploy expedited updates.
+titlesuffix: Windows Update for Business deployment service
+description: Learn how to use Windows Update for Business deployment service to deploy expedited updates to devices in your organization. 
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
 ms.technology: itpro-updates
+ms.topic: conceptual
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 02/14/2023
 ---
 
 # Deploy expedited updates with Windows Update for Business deployment service
-
 <!--7512398-->
-***(Applies to: Windows 11 & Windows 10)***
 
 In this article, you will:
 > [!div class="checklist"]

windows/deployment/update/deployment-service-feature-updates.md

@@ -1,20 +1,24 @@
 ---
-title: Deploy feature updates with Windows Update for Business deployment service.
+title: Deploy feature updates 
-description: Use Windows Update for Business deployment service to deploy feature updates. 
+titlesuffix: Windows Update for Business deployment service
+description: Use Windows Update for Business deployment service to deploy feature updates to devices in your organization. 
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
 ms.technology: itpro-updates
+ms.topic: conceptual
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 02/14/2023
 ---
 
 # Deploy feature updates with Windows Update for Business deployment service
 <!--7512398-->
-***(Applies to: Windows 11 & Windows 10)***
-
 The Windows Update for Business deployment service is used to approve and schedule software updates. The deployment service exposes its capabilities through the [Microsoft Graph API](/graph/use-the-api). You can call the API directly, through a [Graph SDK](/graph/sdks/sdks-overview), or integrate them with a management tool such as [Microsoft Intune](/mem/intune). 
 
 This article uses [Graph Explorer](/graph/graph-explorer/graph-explorer-overview) to walk through the entire process of deploying a feature update to clients. In this article, you will:

windows/deployment/update/deployment-service-overview.md

@@ -1,20 +1,24 @@
 ---
-title: Windows Update for Business deployment service
+title: Overview of the deployment service
-description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates
+titlesuffix: Windows Update for Business deployment service
+description: Overview of deployment service to control approval, scheduling, and safeguarding of Windows updates with the deployment service.
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: overview
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.topic: conceptual
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 02/14/2023
 ---
 
 # Windows Update for Business deployment service
 
-***(Applies to: Windows 11 & Windows 10)***
-
 The Windows Update for Business deployment service is a cloud service within the Windows Update for Business product family. It's designed to work with your existing [Windows Update for Business](waas-manage-updates-wufb.md) policies and [Windows Update for Business reports](wufb-reports-overview.md). The deployment service provides control over the approval, scheduling, and safeguarding of updates delivered from Windows Update to managed devices. The service is privacy focused and backed by leading industry compliance certifications.
 
 Windows Update for Business product family has three elements:

windows/deployment/update/deployment-service-prerequisites.md

@@ -1,20 +1,24 @@
 ---
-title: Prerequisites for the Windows Update for Business deployment service
+title: Prerequisites for the deployment service
-description: Prerequisites for using the Windows Update for Business deployment service. 
+titlesuffix: Windows Update for Business deployment service
+description: Prerequisites for using the Windows Update for Business deployment service for updating devices in your organization. 
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
 ms.technology: itpro-updates
+ms.topic: conceptual
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 ms.date: 02/14/2023
 ---
 
 # Windows Update for Business deployment service prerequisites
 <!--7512398-->
-***(Applies to: Windows 11 & Windows 10)***
-
 Before you begin the process of deploying updates with Windows Update for Business deployment service, ensure you meet the prerequisites.
 
 ## Azure and Azure Active Directory

windows/deployment/update/deployment-service-troubleshoot.md

@@ -1,22 +1,24 @@
 ---
-title: Troubleshoot the Windows Update for Business deployment service
+title: Troubleshoot the deployment service
-description: Solutions to common problems with the service
+titlesuffix: Windows Update for Business deployment service
+description: Solutions to commonly encountered problems when using the Windows Update for Business deployment service.
 ms.prod: windows-client
-author: mestew
-ms.localizationpriority: medium
-ms.author: mstewart
-manager: aaroncz
-ms.topic: article
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.topic: troubleshooting
+ms.author: mstewart
+author: mestew
+manager: aaroncz
+ms.collection:
+  - tier1
+ms.localizationpriority: medium
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+ms.date: 02/14/2023
 ---
 
-
-
 # Troubleshoot the Windows Update for Business deployment service
 
-***(Applies to: Windows 11 & Windows 10)***
-
 This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json).
 
 ## The device isn't receiving an update that I deployed

windows/deployment/update/waas-configure-wufb.md

@@ -6,22 +6,21 @@ ms.prod: windows-client
 author: mestew
 ms.localizationpriority: medium
 ms.author: mstewart
-ms.topic: article
+ms.topic: conceptual
 ms.technology: itpro-updates
-ms.date: 05/19/2023
+ms.collection:
+  - tier1
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
+ms.date: 08/22/2023
 ---
 
 # Configure Windows Update for Business
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-- Windows Server 2022
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
 > [!NOTE]
@@ -210,6 +209,43 @@ Starting with Windows 10, version 1607, you can selectively opt out of receiving
 | GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Do not include drivers with Windows Updates** | \Policies\Microsoft\Windows\WindowsUpdate\ExcludeWUDriversInQualityUpdate  |
 | MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**ExcludeWUDriversInQualityUpdate** | \Microsoft\PolicyManager\default\Update\ExcludeWUDriversInQualityUpdate |
 
+## Enable optional updates
+<!--7991583-->
+In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Enable optional updates** policy.
+
+To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. 
+
+:::image type="content" source="media/7991583-update-seeker-enabled.png" alt-text="Screenshot of the Get the latest updates as soon as they're available option in the Windows updates page of Settings." lightbox="media/7991583-update-seeker-enabled.png":::
+
+The following options are available for the policy:
+
+- **Automatically receive optional updates (including CFRs)**:
+   - The latest optional nonsecurity updates and CFRs are automatically installed on the device. The quality update deferral period is applied to the installation of these updates.
+   - The **Get the latest updates as soon as they're available** option is selected and users can't change the setting.
+   - Devices will receive CFRs in early phases of the rollout.
+
+- **Automatically receive optional updates**:
+   - The latest optional nonsecurity updates are automatically installed on the device but CFRs aren't. The quality update deferral period is applied to the installation of these updates.
+   - The **Get the latest updates as soon as they're available** option isn't selected and users can't change the setting.
+
+- **Users can select which optional updates to receive**:
+   - Users can select which optional updates to install from **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Optional updates**.
+     - Optional updates are offered to the device, but user interaction is required to install them unless the **Get the latest updates as soon as they're available** option is also enabled.  
+     - CFRs are offered to the device, but not necessarily in the early phases of the rollout.
+   - Users can enable the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. If the user enables the **Get the latest updates as soon as they're available**, then:
+     - The device will receive CFRs in early phases of the rollout.
+     - Optional updates are automatically installed on the device.
+
+- **Not configured** (default):
+  - Optional updates aren't installed on the device and the **Get the latest updates as soon as they're available** option is disabled.
+
+**Policies to enable optional updates**
+
+| Policy | Sets registry key under HKLM\Software |
+| --- | --- |
+| GPO for Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > **Enable optional updates**| \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
+| MDM for Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later: </br>./Device/Vendor/MSFT/Policy/Config/Update/</br>**[AllowOptionalContent](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalcontent)** | \Policies\Microsoft\Windows\WindowsUpdate\AllowOptionalContent |
+
 ## Enable features that are behind temporary enterprise feature control
 <!--6544872-->
 
@@ -221,8 +257,8 @@ The features that are behind temporary enterprise feature control will be enable
 
 | Policy | Sets registry key under HKLM\Software |
 | --- | --- |
-| GPO for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > **Enable features introduced via servicing that are off by default**| \Policies\Microsoft\Windows\WindowsUpdate\AllowTemporaryEnterpriseFeatureControl  |
+| GPO for Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience > **Enable features introduced via servicing that are off by default**| \Policies\Microsoft\Windows\WindowsUpdate\AllowTemporaryEnterpriseFeatureControl  |
-| MDM for Windows 11, version 22H2 with [kb5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)** | \Microsoft\PolicyManager\default\Update\AllowTemporaryEnterpriseFeatureControl |
+| MDM for Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later: </br>./Device/Vendor/MSFT/Policy/Config/Update/</br>**[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)** | \Microsoft\PolicyManager\default\Update\AllowTemporaryEnterpriseFeatureControl |
 
 
 ## Summary: MDM and Group Policy settings for Windows 10, version 1703 and later
@@ -233,6 +269,7 @@ The following are quick-reference tables of the supported policy values for Wind
 
 | GPO Key |	Key type | Value |
 | --- | --- | --- |
+| AllowOptionalContent</br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Automatically receive optional updates (including CFRs)</br> 2: Automatically receive optional updates </br> 3: Users can select which optional updates to receive </br> Other value or absent: Don't receive optional updates|
 | AllowTemporaryEnterpriseFeatureControl </br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled.</br> Other value or absent: Features that are shipped turned off by default will remain off |
 | BranchReadinessLevel	| REG_DWORD | 2: Systems take feature updates for the Windows Insider build - Fast </br> 4: Systems take feature updates for the Windows Insider build - Slow </br> 8: Systems take feature updates for the Release Windows Insider build </br></br> Other value or absent: Receive all applicable updates |
 | DeferFeatureUpdates | REG_DWORD | 1: Defer feature updates</br>Other value or absent: Don't defer feature updates |
@@ -248,6 +285,7 @@ The following are quick-reference tables of the supported policy values for Wind
 
 | MDM Key | Key type | Value |
 | --- | --- | --- |
+| AllowOptionalContent </br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Automatically receive optional updates (including CFRs)</br> 2: Automatically receive optional updates </br> 3: Users can select which optional updates to receive </br> Other value or absent: Don't receive optional updates|
 | AllowTemporaryEnterpriseFeatureControl </br> </br>*Added in Windows 11, version 22H2*| REG_DWORD | 1: Allowed. All features in the latest monthly cumulative update are enabled.</br> Other value or absent: Features that are shipped turned off by default will remain off |
 | BranchReadinessLevel | REG_DWORD |2: Systems take feature updates for the Windows Insider build - Fast </br> 4: Systems take feature updates for the Windows Insider build - Slow </br> 8: Systems take feature updates for the Release Windows Insider build  </br>32: Systems take feature updates from General Availability Channel </br>Note: Other value or absent: Receive all applicable updates |
 | DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: Defer feature updates by given days |
@@ -272,3 +310,4 @@ When a device running a newer version sees an update available on Windows Update
 | PauseFeatureUpdates | PauseFeatureUpdatesStartTime |
 | PauseQualityUpdates | PauseQualityUpdatesStartTime |
 
+ 

windows/deployment/update/waas-wufb-group-policy.md

@@ -1,27 +1,27 @@
 ---
 title: Configure Windows Update for Business via Group Policy
-description: Walk through of how to configure Windows Update for Business settings using Group Policy.
+description: Walk through of how to configure Windows Update for Business settings using Group Policy to update devices.
 ms.prod: windows-client
+ms.technology: itpro-updates
+manager: aaroncz
+ms.topic: conceptual
 author: mestew
 ms.localizationpriority: medium
 ms.author: mstewart
 ms.collection:
   - highpri
   - tier2
-manager: aaroncz
+appliesto:
-ms.topic: how-to
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-ms.technology: itpro-updates
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 02/28/2023
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
+ms.date: 08/22/2023
 ---
 
 # Walkthrough: Use Group Policy to configure Windows Update for Business
 
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
 
 ## Overview 
@@ -200,6 +200,37 @@ When you disable this setting, users will see **Some settings are managed by you
 
 If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to use all Windows Update features**.
 
+#### I want to enable optional updates
+<!--7991583-->
+(*Starting in Windows 11, version 22H2 or later*)
+
+In addition to the monthly cumulative update, optional updates are available to provide new features and nonsecurity changes. Most optional updates are released on the fourth Tuesday of the month, known as optional nonsecurity preview releases. Optional updates can also include features that are gradually rolled out, known as controlled feature rollouts (CFRs). Installation of optional updates isn't enabled by default for devices that receive updates using Windows Update for Business. However, you can enable optional updates for devices by using the **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage updates offered from Windows Update > Enable optional updates** policy.
+
+To keep the timing of updates consistent, the **Enable optional updates** policy respects the [deferral period for quality updates](waas-configure-wufb.md#configure-when-devices-receive-quality-updates). This policy allows you to choose if devices should receive CFRs in addition to the optional nonsecurity preview releases, or if the end-user can make the decision to install optional updates. This policy can change the behavior of the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. 
+
+The following options are available for the policy:
+
+- **Automatically receive optional updates (including CFRs)**:
+   - The latest optional nonsecurity updates and CFRs are automatically installed on the device. The quality update deferral period is applied to the installation of these updates.
+   - The **Get the latest updates as soon as they're available** option is selected and users can't change the setting.
+   - Devices will receive CFRs in early phases of the rollout.
+
+- **Automatically receive optional updates**:
+   - The latest optional nonsecurity updates are automatically installed on the device but CFRs aren't. The quality update deferral period is applied to the installation of these updates.
+   - The **Get the latest updates as soon as they're available** option isn't selected and users can't change the setting.
+
+- **Users can select which optional updates to receive**:
+   - Users can select which optional updates to install from **Settings** > **Update & security** > **Windows Update** > **Advanced options** > **Optional updates**.
+     - Optional updates are offered to the device, but user interaction is required to install them unless the **Get the latest updates as soon as they're available** option is also enabled.  
+     - CFRs are offered to the device, but not necessarily in the early phases of the rollout.
+   - Users can enable the **Get the latest updates as soon as they're available** option in **Settings** > **Update & security** > ***Windows Update** > **Advanced options**. If the user enables the **Get the latest updates as soon as they're available**, then:
+     - The device will receive CFRs in early phases of the rollout.
+     - Optional updates are automatically installed on the device.
+
+- **Not configured** (default):
+  - Optional updates aren't installed on the device and the **Get the latest updates as soon as they're available** option is disabled.
+
+
 #### I want to enable features introduced via servicing that are off by default
 <!--6544872-->
 (*Starting in Windows 11, version 22H2 or later*)