Event banner
Event details
Microsofttreestryder , you just have! I agree, updating that manually every month is not fun and so we do have on our list to look into how to better automate that compliance policy setting. Would you prefer if it were to automatically update the version... or rather would you like it better if we changed the input so that you can say "Quality Updates released within the last [you specify] days are compliant"?
Currently, every "Patch Tuesday", I set the values to latest version numbers once the Windows release page has been updated (see policy screenshot below). This policy has a 7 day grace period.
If I had to convert this to days, I might have to set it to "31".
My main concern is ensuring Windows Update is working on the PC and will update as soon as it can. This is the best way I found to ensure it is.
- David_GuyerThat sounds good, I think we'd offer a reasonably wide range of days, maybe as many as allowing QU's up to 90 days (maybe 92 🙂 ) to be considered current.
David_Guyer , I just found a built-in compliance policy for Defender updates that is exactly what I was looking for for Windows Quality updates:
"System Security / Require Microsoft Defender security intelligence to be up-to-date."
Not sure what "up-to-date" means, but I am sure it is something reasonable. Those folks daring enough to delay updates longer than "up-to-date" could fall back to maintaining their own version ranges. <shrug> Just a thought.
- David_GuyerYou've put your finger on it... the idea I have above is to assume that you require the devices to be up to date, and the "how old in days" setting would be so that you can define what "up to date" means in your orgnization.
