Configure Windows Updates Profile (Windows)


Admin can schedule the Windows updates remotely for the enrolled devices using Windows Updates Profile.

To schedule Windows updates remotely on the enrolled device(s), follow these steps:

1.  Navigate to SureMDM Web Console > Profiles > Windows > Add > Windows Updates > Configure.

2.  Enter a Profile Name.

3. Configure the desired Windows Updates Settings and click Save.

Update Settings

  • Windows Update Source: Allows the IT admin to set which branch a device receives its updates from.
  • Allow Update Service: Indicate the available options for updating the device, including Microsoft Update, Windows Server Update Services (WSUS), or the Microsoft Store.
  • Manage Preview Builds: Used to manage Windows 10 Insider Preview builds (value type is integer).
  • Allow Non-Microsoft Signed Update: Enables IT administrators to control whether Automatic Updates will accept updates from entities other than Microsoft, provided these updates are discovered at the UpdateServiceUrl location.
  • Product Version: Specify the product and version for which updates should be scanned in subsequent updates.
  • Target Release Version: Specify the version for the product that needs to be scanned in subsequent updates.
  • Exclude Windows Update Drivers In Quality Updates: It allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft, particularly when these updates are located at the UpdateServiceUrl address.
  • Defer Feature Update Period In Days: Defers feature updates for the specified number of days.
  • Defer Quality Update Period In Days: Defers quality updates for the specified number of days.
  • Pause Feature Updates: Allows IT administrators to pause feature updates for up to 60 days.
  • Pause Quality Updates: Allows IT administrators to pause quality updates.
  • Pause Feature Updates Start Time: Specifies the date and time when the IT admin wants to start pausing the feature updates.
  • Automatic Maintenance Wake Up: Configuring automatic maintenance should generate a wake request to the OS for the daily scheduled maintenance.
  • Update Scan Frequency In Hours: This specifies the scan frequency from every 1-22 hours.
  • Update Service Url: Allows the device to check for updates from a WSUS server instead of Microsoft Update.
  • Alternate Update Service Url: Allows the device to check for updates from a WSUS server instead of Microsoft Update.
  • Fill Empty Content Urls: Allows Windows Update Agent to determine the download URL when it is missing from the metadata.
  • Update Source For Driver Updates: Set up this policy to determine whether to receive Windows Driver Updates from the Windows Update endpoint, managed by Windows Update for Business policies, or from your configured Windows Server Update Service (WSUS) server.
  • Update Source For Feature Updates: Set up this policy to define the preference for receiving Windows Feature Updates, either from the Windows Update endpoint managed by Windows Update for Business policies or via your configured Windows Server Update Service (WSUS) server.
  • Update Source For Other Updates: Set up this policy to indicate the preference for receiving Other Updates, either from the Windows Update endpoint managed by Windows Update for Business policies or through your configured Windows Server Update Service (WSUS) server.
  • Update Source For Quality Updates: Set up this policy to determine the preference for receiving Windows Quality Updates, whether from the Windows Update endpoint managed by Windows Update for Business policies or through your configured Windows Server Update Service (WSUS) server.
  • Disable WUfB Safeguards: Specify that a Windows Update for Business device should skip safeguards.


User Experience Settings:

  • Auto Update Behavior: Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
  • Active Hours Start Time (0 - 23 Hours): Allows the IT admin to manage a range of hours where update reboots are not scheduled.
  • Active Hours End Time (0 - 23 Hours): Allows the IT admin to manage a range of active hours where update reboots are not scheduled.
  • Schedule Install Time: Enables IT admins to schedule the time of the update installation.
  • Schedule Install Day: Enables the IT admin to schedule the day of the update installation.
  • Schedule Install Every Week: Enables the IT admin to schedule the update installation every week. The value type is an integer.
  • Schedule Install on the First Week of the Month: Enables the IT admin to schedule the update installation on the first week of the month.
  • Schedule Install on the Second Week of the Month: Enables the IT admin to schedule the update installation on the second week of the month.
  • Schedule Install on the Third Week of the Month: Enables the IT admin to schedule the update installation on the third week of the month.
  • Schedule Install on the Fourth Week of the Month: Enables the IT admin to schedule the update installation on the fourth week of the month.
  • Restart Checks: Skips all restart checks to ensure that the reboot will happen at Scheduled Install Time.
  • Disable Pause Update Access: This policy allows the IT admin to disable the 'Pause Updates' feature.
  • Remove Access To Scan Windows Updates: Allows the IT admin to remove access to scan Windows Update.
  • Update Notification Level: Allows users to define what Windows Update notifications they receive.
  • Configure Deadline for Feature Updates: Allows the user to specify the number of days a device will wait until performing an aggressive installation of a required feature update.
  • Deadline Grace Period for Feature Updates: Minimum number of days from update installation until restarts occur automatically for feature updates.
  • Configure Deadline for Quality Updates: Allows the users to define the waiting period, in days, before a device executes an assertive installation of a necessary quality update.
  • Deadline Grace Period for Quality Updates: It enables users to specify the minimum number of days a device should wait before executing an aggressive installation of a required update after the deadline has passed.
  • Configure Deadline No Auto Reboot: When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired, even if an update is ready for restart.
  • Configure Feature Update Uninstall Period: Enable IT admin to configure feature update uninstall period.
  • Allow MU updates: Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
  • Approval to Restart: Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
  • Restart Warning With Dismissible Reminder: Allows the IT Admin to specify the period for auto-restart warning reminder notifications. Supported values are 2, 4, 8, 12, or 24 (hours).
  • Restart Warning With Permanent Reminder: Allows the IT Admin to specify the period for auto-restarting imminent warning notifications. Supported values are 15, 30, or 60 (minutes).
  • Restart Warning With Permanent Reminder: Allows the IT Admin to specify the period for auto-restarting imminent warning notifications. Supported values are 15, 30, or 60 (minutes).
  • Active Hours Maximum Range: Allows the IT admin to specify the maximum active hours range that an user can set.
  • Allow Auto Windows Updates To Be Downloaded Over Metered Network: Option to download updates automatically over metered connections.
  • Schedule Auto Restart Notification: Allows the IT Admin to specify the period for auto-restart reminder notifications. Supported values are 15, 30, 60, 120, and 240 (minutes).
  • Allow Temporary Enterprise Feature Control: If enabled, then all features available in the latest monthly quality update installed will be on.
  • Ignore MO App Download Limit: Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates.
  • Ignore MO Update Download Limit: Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates.

Delivery Optimization Settings

Delivery Optimaization:

  • Download Mode: Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps, and App updates.
  • Restrict Peer Selection: Select a method to restrict peer selection.
  • Group ID Source: Specify an arbitrary group ID that the device belongs to.

Bandwidth:

  • Bandwidth Optimization Type: Select the parameters to enable bandwidth optimization.
  • Maximum Background Download Bandwidth (in KB/s): This specifies the maximum background download bandwidth in KiloBytes/second.
  • Maximum Foreground Download Bandwidth (in KB/s): Specifies the maximum foreground download bandwidth in KiloBytes/second.
  • Maximum Background Download Bandwidth (in %): Specifies the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.
  • Maximum Foreground Download Bandwidth (in %): Maximum Foreground Download Bandwidth (in %).
  • Set Business Hours to Limit Background Download Bandwidth: Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
  • Business Hours Start Time: Allows to select business start time.
  • Business Hours End Time: Allows to select the business end time.
  • Download Bandwidth During Business Hours (in %): The allocated percentage of download bandwidth available during official business hours.
  • Download Bandwidth Outside Business Hours (in %): The allocated percentage of download bandwidth available outside official business hours."
  • Monthly Upload Data Cap (GB): Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.
  • Minimum QoS for Background Downloads (KB/Second): Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads.
  • Delay background HTTP Download (in seconds): Allows admins to delay the use of an HTTP source in a background download that's allowed to use P2P.
  • Delay foreground HTTP Download (in seconds): Allows admins to delay the use of an HTTP source in a foreground (interactive) download that's allowed to use P2P.
  • Monthly Upload Data Cap (GB): Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.
  • Minimum QoS for Background Downloads (KB/Second): Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads.
  • Delay background HTTP Download (in seconds): Allows admin to delay the use of an HTTP source in a background download that's allowed to use P2P.
  • Delay foreground HTTP Download (in seconds): Allows admins to delay the use of an HTTP source in a foreground (interactive) download that's allowed to use P2P.

Catching:

  • Minimum RAM For Device To Use Peer Caching (GB): Specifies the minimum RAM size in GB required to use Peer Caching.
  • Minimum Disk Size For Device To Use Peer Caching (GB): Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching.
  • Minimum Content File Size That Can Use Peer Caching (MB): Specifies the minimum content file size in MB enabled to use Peer Caching.
  • Minimum Battery Required For Peer Uploads (%): Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power.
  • Drive Location Used For Peer Cache: Specifies the drive that Delivery Optimization should use for its cache.
  • Maximum Cache Size Type: Select Maximum Cache Size Type from the options.
  • Maximum Time Each File Is Held In The Delivery Optimization Cache (Seconds): Specifies the maximum size in GB of delivery optimization cache.
  • Maximum Cache Size That Delivery Optimization Can Utilize (GB): Specifies the maximum size in GB of delivery optimization cache.
  • Maximum Cache Size That Delivery Optimization Can Utilize (%): Specifies the maximum cache size that Delivery Optimization can utilize as a percentage of disk size (1-100).
  • VPN Peer Caching: Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network.


Local Server Catching:

  • Cache Server Hostname: Configure one or more Microsoft Connected Cache servers. To add multiple values, separate each FQDN or IP address by commas.
  • Delay foreground cache server fallback (seconds): Specifiess the time in seconds to delay the fallback from the Cache Server to the HTTP source for foreground content download.
  • Delay background cache server fallback (Seconds): Specifies the time in seconds to delay the fallback from the Cache Server to the HTTP source for a background content download.

      The newly created profile will be listed in the Profiles section.

4.  Go back to Home tab and select the Windows device(s) or group(s).

5.  Click Apply to launch the Apply Job/Profile To Device prompt.

6.  In the Apply Job/Profile To Device prompt, select the created profile and click Apply.