MicrosoftNickB , Expedite is meant to be used selectively by admins, when they have a good reason to fast track a security update, to address a zero-day vulnerability. Reading above, one of the best practices Surabhi_Calla mentions has to do with the grace period policy that controls the aggressiveness of the reboot experience that impacts end users.
Having said that, what you are asking for is something we're already thinking about: how to help you proactively (hands free) achieve and remain compliant with security updates. Our deployment service (aka.ms/wufbds) plans to expand to approval and scheduling of security updates next year, so we'll have the ability to chain deployments with surgical automated expedite actions on those devices that don't reach the desired revision, should the admin choose to. Could we reach out to you for more feedback as we define the requirements for this scenario?
