Windows Update for Business

When Windows 10 launched, there was talk of a new update mechanism known as Windows Update for Business (WUB). What sounded like a new platform ended up being a set of policy settings to configure Windows 10. Let’s explore some of these settings and how you can use them in your enterprise.

Windows Update for Business is… just a bunch of new policy settings.

Some of the initial press around Windows Update for Business could lead you to think that a new update platform or product was in the works. The reality is that Windows Update for Business is simply additional policy settings that you can configure with Group Policy Objects or any other comparable tool.

The other point, when you look closely, is that these settings are just an extension of those in previous versions of Windows found under the Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update.

Before diving into the new settings, look at one of the most important settings that has existed for previous versions of Windows.

Configure Automatic Updates via Policy Only

With Windows 10, you can no longer configure update settings in the Control Panel. These settings are available in the policy only – unless you are on Windows 10 Professional with the Anniversary Update branch (1607).

The new settings specific to Windows 10 include:

  • Turn off auto-restart for updates during active hours
  • Do not include drivers with Windows Updates
  • Defer Upgrades and Updates (only with 1507 and 1511 branches)
  • Select when Feature Updates are received (new with the Anniversary Update)
  • Select when Quality Updates are received (new with the Anniversary Update)

Turn off auto-restart for updates during active hours

This setting prevents Windows from restarting for up to 12 hours. Good for the grumpy business user who hates restarting during work.

Do not include drivers with Windows Updates

Fairly self-explanatory, this setting prevents Windows Update from applying driver updates with monthly patches, also known as cumulative updates, also known at quality updates.

Defer Upgrades and Updates (Windows 10 1507 and 1511)

In the first two branches of Windows 10, this setting lets you defer branch upgrades for up to 8 months. With the Anniversary Upgrade, this feature disappeared and was replaced by the following two below.

Select when Feature Updates are received

Feature Updates are Microsoft speak for branch upgrades (one wonders why they didn’t just call this setting Branch Upgrades). With this setting, the computer can be configured to use Current Branch or Current Branch for Business with a deferral up to 180 days.

Select when Quality Updates are received

Quality Updates refer to the monthly (sometimes more) cumulative updates, also known as patches, that are typically released on Patch Tuesday, the second Tuesday of the month. Again, it’s surprising why they used a name that isn’t well understood. With this configuration, updates can be deferred for up to 35 days.

Sorry Windows 10 Professional

One of the changes in the Anniversary Update is the loss of the policy settings for Windows 10 Professional. Such settings that can no longer be managed by Windows 10 Professional include:

  • Turning off Microsoft consumer experiences
  • Do not show Windows Tips
  • Not showing the Lock Screen
  • Disabling apps from Windows Store

See the article and the Microsoft TechNet article for details.


Far from a replacement for patch management, Windows Update for Business offers new settings that complement a comprehensive patch management strategy. You should leverage these settings to keep enterprise deployments of Windows 10 consistent as the default is always “update”. As a best practice, use these settings to configure systems on Current Branch or Current Branch for Business to prevent the end user from doing whatever they want.

Key takeaways

Here are the key points to share with your boss and peers:

  • Windows Update for Business (WUB) is simply a few additional update settings
  • Settings are very basic and do not replace a robust patch management solution
  • Some settings have gone away for Windows 10 Professional with the Anniversary Update

With this discussion on Windows Update for Business complete, I will next explore the relationship between cumulative updates (patches) and branches.

  • Rick Smith

    Great article, thanks for posting it. One issue we are finding is that if you defer an update (as of TH2) the MS patch itself will refuse to install. Running a patch with these policies turned on returns an error that the patch is not valid for the OS. After several days what I was able to identify was that:

    “In the TH2 implementation of deferral, deferral
    policies are always applied to updates in the appropriate classifications (e.g.
    Feature Update, Security Update etc.), regardless of the nature of the service
    (e.g. Windows Update, Microsoft Update, WSUS, an MSU file, a file,
    a Microsoft InTune server or the Windows Store).”

    So in our case, LDMS correctly identifies the patch as being required for Windows 10 based on the published MS detection logic, however within the patch itself, its failing to apply with these policy updates in place.

    I am continuing to investigate with MS on this issue and what the appropriate settings should be to give the greatest flexibility in testing and deploying our patches at will.