Forum Discussion

Kevin Schmid's avatar
Kevin Schmid
Copper Contributor
Mar 28, 2022
Solved

WUfB - Update Baseline / Best Practise

We use WUfb about more than one year. Now we want to work with "Deadline"   But there are a lot (?) of unknow  unsure...   We found this "https://www.microsoft.com/en-us/download/details.aspx?id...
Windows Update for Business
wufb
  • David_Guyer's avatar
    David_Guyer
    Apr 21, 2022

    Kevin Schmid 

     

    A new article has recently been published that answers just that question, The Windows Update policies you should set and why - Microsoft Tech Community

     

    In short, for what you've described, the default settings + configuring the deadline settings should give you what you are looking for.  Default settings utilize Active hours, and even allow end users to specify their own active hours, or let Intelligent Active Hours find or recommend great settings for each user.  And our default notifications provide a daily reminder until the deadline+grace period are reached and then provide a couple more reminders before restarting.

     

    HTH

    -David

     

Kevin Schmid's avatar
Kevin Schmid
Copper Contributor
May 09, 2022

hey David_Guyer 

 

Thank you for your explation!

 

Can you tell me what is with the other two questions?
- Grace periods; in this artice is the discription from "on vacation" - does this mean the device is offline (for the hole vacationtime?)

 

- we set the setting "Don't auto-restart until end of grace period" - but the device restart out the active hours ? so what do this setting?

David_Guyer's avatar
David_Guyer
Icon for Microsoft rankMicrosoft
May 09, 2022

Kevin Schmid 

 

On Vacation is an example of why Grace Period is useful on top of the deadline.  

 

Here's how it works... 

  • Deadline starts measuring from when the update was available, so if you have a 7 day deferral, and a 7 day deadline, then the deadline is 14 days after the update is released.
  • Grace period starts measuring from when the device reaches ready to restart.  So, if you have a 3 day grace period, and the device reaches ready to restart  a week after it's available, then the Grace Period ends 10 days after it's available.
  • The restart is enforced at the latter date of these two settings.   So, in this case, the restart would be enforced 14 days after it's available.

However, consider a case where someone is on vacation the 2 weeks after the update is availalbe, so they turn on their machine on day 14.   The deadline has passed, so the device works to get updated as fast as possible, but since the user is working on their first day after vacation, forcing them to restart in the middle of the day is a bit harsh, so the grace period kicks in and gives them 3 days to restart , automatically outside of active hours or when they schedule it, before enforcing the restart.

 

They work together to ensure a good, balanced end user experience that keeps them happy, while also keeping admins happy since devices are kept secure on a reasonable timeline.

 

HTH

Resources