Moving from ConfigMgr to WUfB and GPO cleanup

egoodman disabling "Configure Automatic Updates" will result in WUfB not working given it will literally disable automatic updates for that device.  With WUfB less is actually more.

Configure: 

• Some update offering policies to manage which updates are offered when
• Compliance deadline for feature updates and quality updates and grace period

Honestly, that is it. That is all you really need to configure to have a great end user experience and keep devices compliant. 

Do Not Configure: 

• Disable Configure Automatic Updates (honestly, I recommend not setting this policy at all given if you require the end user to take action via notify to download/install or schedule an install you are likely to slow down compliance of the device).
• Disable end user access to Windows Update features (if you configure this policy the end user will not be able to schedule their reboots, prompt download/install for updates you push down, etc. providing a bad experience and hurting compliance). 
• Display option for notifications to disabled (please only turn off notifications when a device is a kiosk device. If it is an end user device or multi-user device this is a terrible experience).
• There are a bunch of other policies I would recommend not configuring and will likely put together a blog on such shortly. 🙂 

Finally, when you are using Configuration Manager with "do not allow deferrals to cause scans against Windows Update" you will not get any updates from Windows Update AND the native update stack / UX will not be in use. That means that all of the Windows Udpate policies pertaining to experience (including configure automatic updates) will not apply. Therefore for 100% ConfigMgr environments this should not be a problem. 

Please let me know if you have any more questions. 🙂