We are excited to announce the Update Baseline is now a part of the Security Compliance Toolkit! The Update Baseline is a new security baseline to ensure devices on your network get the latest Windows security updates on time while also providing a great end user experience through the update process.
The Update Baseline covers Windows Update policies as well as some additional Power and Delivery Optimization policies to improve the update process and ensure devices stay secure.
Why do I need the Update Baseline?
We recommend using the Update Baseline to improve your patch compliance and keep devices on your network up to date and secure. The Update Baseline is Microsoft’s set of recommended policy configurations for Windows Updates to ensure devices on your network receive the monthly security update in a timely manner. Devices that are configured for the Update Baseline reach on average a compliance rate between 80-90% within 28 days.
What is included in the Update Baseline?
For Windows Update policies, the Update Baseline ensures:
- Setting deadlines. Deadlines are the most powerful tool in the IT administrator’s arsenal for ensuring devices get updated on time.
- Downloading and installing updates in the background without disturbing end users. This also removes bottlenecks from the update process.
- A great end user experience. Users don’t have to approve updates, but they get notified when an update requires a restart.
- Accommodating low activity devices (which tend to be some of the hardest to update) to ensure the best-possible user experience while respecting compliance goals.
Learn more about common policy configuration mistakes for managing Windows updates and what you can do to avoid them to improve update adoption and provide a great user experience.
How do I apply the Update Baseline?
If you manage your devices via Group Policy, you can apply the Update Baseline using the familiar Security Compliance Toolkit framework. With a single PowerShell command, the Update Baseline Group Policy Object (GPO) can be loaded into Group Policy Management Center (GPMC).
The MSFT Windows Update GPO that implements the Update Baseline is added to GPMC with a single command.
You will then be able to view the Update Baseline GPO (MSFT Windows Update) in GPMC.
That’s it! It’s that simple.
Other cool tidbits? The Update Baseline will continue to be updated and improved as needed, and a Microsoft Endpoint Manager solution to apply the Update Baseline is coming soon! Let us know your thoughts and leave a comment below.