Event details

Get the latest updates on Windows updates! We're diving in to what’s coming in the next few months, and how to get ready! This session is part of the Microsoft Technical Takeoff: Windo...
Heather_Poulsen
Updated Dec 27, 2024
Technical Takeoff
Anonymous's avatar
Anonymous
Oct 25, 2022
I have just read on Windows Insider they change the deferral starts counting from the time the update appears first on the device instead of release date of a CU. This causes more headache as people being OOF will patch much later than others and so compliance within a month is harder to reach. Why the change?
David_Guyer's avatar
David_Guyer
Icon for Microsoft rankMicrosoft
Oct 25, 2022
Hi Karl, The key reason for the change was because as we grow out support for Windows Update for Business deployment service, admins can start updates using Windows Update for Business on any day... so the device doesn't know when the update was first made available. This is especially true for Feature updates, but for quality updates consistency is also good for predictability. It does cause some longer timeframes for OOF devices, but for healthy devices will make sense. HTH, -DG
  • Paul_Woodward's avatar
    Paul_Woodward
    Iron Contributor
    Oct 25, 2022
    Our HR department have staff on parental leave (what we used to call maternity leave) to take their work laptops with them, they claim it is a legal requirement. Whatever, the point it these machines get used infrequently for a year or more, and the users generally do not use our Cloud services so are not doing MFA. The upshot is we get terrible update compliance. The change above is unlikely to be helpful for us. Understand, our update compliance is measured from the release date of the patch, not when we make it available or when the laptop saw it. If the device can't tell when the patch was issued, maybe fix that instead???
  • Anonymous's avatar
    Anonymous
    Oct 25, 2022
    Aye, thanks David for sharing your point of view and experience. So, the recommended update deadline will take care for these devices again?
    • David_Guyer's avatar
      David_Guyer
      Icon for Microsoft rankMicrosoft
      Oct 26, 2022
      It should definitely help. To account for the change in the start date when deadline is being measured, consider a short deadline of about 3-4 days. The deadline starts to increase update process priority as it gets closer, so the first couple of days are still in the "as non intrusive as possible" mode for your users. Most update healthy devices will complete the install and even restart outside active hours in that timeframe. Then, use the Grace Period to really define how long you want end users to have controls over when to restart along with restarting after active hours... to have a low-impact restart. Once both the Grace and Deadline expire, the device restart will be enforced to ensure your patch adoption and security needs are met. HTH!