5.5 KiB
title, description, ms.prod, ms.mktglfcycl, author, ms.localizationpriority, ms.author, ms.collection, manager, ms.topic
| title | description | ms.prod | ms.mktglfcycl | author | ms.localizationpriority | ms.author | ms.collection | manager | ms.topic |
|---|---|---|---|---|---|---|---|---|---|
| Integrate Windows Update for Business | Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager. | w10 | manage | jaimeo | medium | jaimeo | m365initiative-coredeploy | laurawi | article |
Integrate Windows Update for Business with management solutions
Applies to
- Windows 10
- Windows 11
Looking for consumer information? See Windows Update: FAQ
You can integrate Windows Update for Business deployments with existing management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
Integrate Windows Update for Business with Windows Server Update Services
For Windows 10, version 1607 and later, devices can be configured to receive updates from both Windows Update (or Microsoft Update) and Windows Server Update Services (WSUS). In a joint WSUS and Windows Update for Business setup:
- Devices will receive their Windows content from Microsoft and defer these updates according to Windows Update for Business policy
- All other content synced from WSUS will be directly applied to the device; that is, updates to products other than Windows will not follow your Windows Update for Business deferral policies
Configuration example #1: Deferring Windows Update updates with other update content hosted on WSUS
Configuration:
- Device is configured to defer Windows quality updates using Windows Update for Business
- Device is also configured to be managed by WSUS
- Device is not configured to enable Microsoft Update (Update/AllowMUUpdateService = not enabled)
- Admin has opted to put updates to Office and other products on WSUS
- Admin has also put 3rd party drivers on WSUS
| Content | Metadata source | Payload source | Deferred? | |
|---|---|---|---|---|
| Updates to Windows | Windows Update | Windows Update | Yes |  |
| Updates to Office and other products | WSUS | WSUS | No | |
| Third-party drivers | WSUS | WSUS | No |
Configuration example #2: Excluding drivers from Windows quality updates using Windows Update for Business
Configuration:
- Device is configured to defer Windows quality updates and to exclude drivers from Windows Update quality updates (ExcludeWUDriversInQualityUpdate = enabled)
- Device is also configured to be managed by WSUS
- Admin has opted to put Windows Update drivers on WSUS
| Content | Metadata source | Payload source | Deferred? | |
|---|---|---|---|---|
| Updates to Windows (excluding drivers) | Windows Update | Windows Update | Yes |  |
| Updates to Office and other products | WSUS | WSUS | No | |
| Drivers | WSUS | WSUS | No |
Configuration example #3: Device configured to receive Microsoft updates
Configuration:
- Device is configured to defer quality updates using Windows Update for Business and to be managed by WSUS
- Device is configured to “receive updates for other Microsoft products” along with updates to Windows (Update/AllowMUUpdateService = enabled)
- Admin has also placed Microsoft Update, non-Microsoft, and locally published update content on the WSUS server
In this example, the deferral behavior for updates to Office and other non-Windows products is slightly different than if WSUS were not enabled.
- In a non-WSUS case, these updates would be deferred just as any update to Windows would be.
- However, with WSUS also configured, these updates are sourced from Microsoft but deferral policies are not applied.
| Content | Metadata source | Payload source | Deferred? | |
|---|---|---|---|---|
| Updates to Windows (excluding drivers) | Microsoft Update | Microsoft Update | Yes |  |
| Updates to Office and other products | Microsoft Update | Microsoft Update | No | |
| Drivers, third-party applications | WSUS | WSUS | No |
Note
Because the admin enabled Update/AllowMUUpdateService, placing the content on WSUS was not needed for the particular device, as the device will always receive Microsoft Update content from Microsoft when configured in this manner.
Integrate Windows Update for Business with Microsoft Endpoint Configuration Manager
For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (that is, setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of Unknown.
For more information, see Integration with Windows Update for Business in Windows 10.