From cce323254feb1af18d443cbcf6257c8c563ef66a Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Tue, 17 Jun 2025 08:06:54 -0700
Subject: [PATCH] lmc-ment-10028439
---
.../update/waas-manage-updates-wsus.md | 43 +++++++------------
windows/deployment/update/waas-overview.md | 4 +-
windows/whats-new/windows-11-requirements.md | 2 +-
3 files changed, 19 insertions(+), 30 deletions(-)
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index cda4e5e217..b8512ccce2 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -15,7 +15,7 @@ appliesto:
- ✅ Windows 11
- ✅ Windows 10
- ✅ WSUS
-ms.date: 04/22/2024
+ms.date: 06/17/2025
---
# Deploy Windows client updates using Windows Server Update Services (WSUS)
@@ -27,28 +27,24 @@ WSUS is a Windows Server role available in the Windows Server operating systems.
When you choose WSUS as your source for Windows updates, you use Group Policy to point Windows client devices to the WSUS server for their updates. From there, updates are periodically downloaded to the WSUS server and managed, approved, and deployed through the WSUS administration console or Group Policy, streamlining enterprise update management. If you're currently using WSUS to manage Windows updates in your environment, you can continue to do so in Windows 11.
-
+> [!NOTE]
+> WSUS is deprecated and is no longer adding new features. However, it continues to be supported for production deployments, and receives security and quality updates as per the product lifecycle. For more info, see [Features removed or no longer developed in Windows Server](/windows-server/get-started/removed-deprecated-features-windows-server).
## Requirements for Windows client servicing with WSUS
-To be able to use WSUS to manage and deploy Windows feature updates, you must use a supported WSUS version:
-- WSUS 10.0.14393 (role in Windows Server 2016)
-- WSUS 10.0.17763 (role in Windows Server 2019)
-- WSUS 6.2 and 6.3 (role in Windows Server 2012 and Windows Server 2012 R2)
-- KB 3095113 and KB 3159706 (or an equivalent update) must be installed on WSUS 6.2 and 6.3.
-
-> [!IMPORTANT]
-> Both [KB 3095113](https://support.microsoft.com/kb/3095113) and [KB 3159706](https://support.microsoft.com/kb/3159706) are included in the **Security Monthly Quality Rollup** starting in July 2017. This means you might not see KB 3095113 and KB 3159706 as installed updates since they might have been installed with a rollup. However, if you need either of these updates, we recommend installing a **Security Monthly Quality Rollup** released after **October 2017** since they contain an additional WSUS update to decrease memory utilization on WSUS's clientwebservice.
->If you have synced either of these updates prior to the security monthly quality rollup, you can experience problems. To recover from this, see [How to Delete Upgrades in WSUS](/archive/blogs/wsus/how-to-delete-upgrades-in-wsus).
+To be able to use WSUS to manage and deploy Windows feature updates, you must use a supported WSUS on a supported operating system version:
+- WSUS role in Windows Server 2016
+- WSUS role in Windows Server 2019
+- WSUS role in Windows Server 2022
+- WSUS role in Windows Server 2025
+For more information about deploying the WSUS role, see [Windows Server Update Services (WSUS) overview](/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus).
## WSUS scalability
To use WSUS to manage all Windows updates, some organizations may need access to WSUS from a perimeter network, or they might have some other complex scenario. WSUS is highly scalable and configurable for organizations of any size or site layout. For specific information about scaling WSUS, including upstream and downstream server configuration, branch offices, WSUS load balancing, and other complex scenarios, see [Deploy Windows Server Update Services](/windows-server/administration/windows-server-update-services/deploy/deploy-windows-server-update-services).
-
-
## Configure automatic updates and update service location
When using WSUS to manage updates on Windows client devices, start by configuring the **Configure Automatic Updates** and **Intranet Microsoft Update Service Location** Group Policy settings for your environment. Doing so forces the affected clients to contact the WSUS server so that it can manage them. The following process describes how to specify these settings and deploy them to all devices in the domain.
@@ -83,10 +79,8 @@ When using WSUS to manage updates on Windows client devices, start by configurin

>[!IMPORTANT]
- > Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations
-
- > [!NOTE]
- > There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates).
+ > - Use Regedit.exe to check that the following key is not enabled, because it can break Windows Store connectivity: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations
+ > - There are three other settings for automatic update download and installation dates and times. This is simply the option this example uses. For more examples of how to control automatic updates and other related policies, see [Configure Automatic Updates by Using Group Policy](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates).
10. Right-click the **Specify intranet Microsoft update service location** setting, and then select **Edit**.
@@ -94,21 +88,16 @@ When using WSUS to manage updates on Windows client devices, start by configurin
12. Under **Options**, in the **Set the intranet update service for detecting updates** and **Set the intranet statistics server** options, type `http://Your_WSUS_Server_FQDN:PortNumber`, and then select **OK**.
+ 
+
>[!NOTE]
- >The URL `http://CONTOSO-WSUS1.contoso.com:8530` in the following image is just an example. In your environment, be sure to use the server name and port number for your WSUS instance.
-
- 
-
- >[!NOTE]
- >The default HTTP port for WSUS is 8530, and the default HTTP over Secure Sockets Layer (HTTPS) port is 8531. (The other options are 80 and 443; no other ports are supported.)
+ > - The URL `http://Your_WSUS_Server_FQDN:PortNumber` in the following image is just an example. In your environment, be sure to use the server name and port number for your WSUS instance.
+ > - The default HTTP port for WSUS is 8530, and the default HTTP over Secure Sockets Layer (HTTPS) port is 8531. (The other options are 80 and 443; no other ports are supported.)
As Windows clients refresh their computer policies (the default Group Policy refresh setting is 90 minutes and when a computer restarts), computers start to appear in WSUS. Now that clients are communicating with the WSUS server, create the computer groups that align with your deployment rings.
## Create computer groups in the WSUS Administration Console
->[!NOTE]
->The following procedures use the groups from Table 1 in [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) as examples.
-
You can use computer groups to target a subset of devices that have specific quality and feature updates. These groups represent your deployment rings, as controlled by WSUS. You can populate the groups either manually by using the WSUS Administration Console or automatically through Group Policy. Regardless of the method you choose, you must first create the groups in the WSUS Administration Console.
**To create computer groups in the WSUS Administration Console**
@@ -174,7 +163,7 @@ You can now see these computers in the **Ring 3 Broad IT** computer group.
## Use Group Policy to populate deployment rings
-The WSUS Administration Console provides a friendly interface from which you can manage Windows 10 quality and feature updates. When you need to add many computers to their correct WSUS deployment ring, however, it can be time-consuming to do so manually in the WSUS Administration Console. For these cases, consider using Group Policy to target the correct computers, automatically adding them to the correct WSUS deployment ring based on an Active Directory security group. This process is called *client-side targeting*. Before enabling client-side targeting in Group Policy, you must configure WSUS to accept Group Policy computer assignment.
+The WSUS Administration Console provides a friendly interface from which you can manage Windows quality and feature updates. When you need to add many computers to their correct WSUS deployment ring, however, it can be time-consuming to do so manually in the WSUS Administration Console. For these cases, consider using Group Policy to target the correct computers, automatically adding them to the correct WSUS deployment ring based on an Active Directory security group. This process is called *client-side targeting*. Before enabling client-side targeting in Group Policy, you must configure WSUS to accept Group Policy computer assignment.
**To configure WSUS to allow client-side targeting from Group Policy**
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 9771f4d928..d795984865 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -14,7 +14,7 @@ ms.collection:
appliesto:
- ✅ Windows 11
- ✅ Windows 10
-ms.date: 03/13/2024
+ms.date: 06/17/2025
---
# Overview of Windows as a service
@@ -98,7 +98,7 @@ Microsoft never publishes feature updates through Windows Update on devices that
> [!NOTE]
> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](/lifecycle/faq/windows).
-The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSC editions. This edition of Windows doesn't include some applications, such as Microsoft Edge, Microsoft Store, Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps aren't supported in the Enterprise LTSC editions, even if you install by using sideloading.
+The Long-term Servicing Channel is available only in the Windows Enterprise LTSC editions. This edition of Windows doesn't include some applications, such as Microsoft Edge, Microsoft Store, Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps aren't supported in the Enterprise LTSC editions, even if you install by using sideloading.
### Windows Insider
diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md
index e7aa5a46ad..0f6ec836e2 100644
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@@ -11,7 +11,7 @@ ms.collection:
- highpri
- tier1
ms.subservice: itpro-fundamentals
-ms.date: 06/16/2025
+ms.date: 06/17/2025
appliesto:
- ✅ Windows 11