Detections
Analytics
18.9.103.1.2 Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: Semi-Annual Channel, 180 or more days' - DeferFeatureUpdatesPeriodInDays
Information
This policy setting determines the level of Preview Build or Feature Updates to receive, and when.The Windows readiness level for each new Windows Feature Update is classified in one of 4 categories, depending on your organizations level of comfort with receiving them:
Preview Build - Fast: Devices set to this level will be the first to receive new builds of Windows with features not yet available to the general public. Select Fast to participate in identifying and reporting issues to Microsoft, and provide suggestions on new functionality.
Preview Build - Slow: Devices set to this level receive new builds of Windows before they are available to the general public, but at a slower cadence than those set to Fast, and with changes and fixes identified in earlier builds.
Release Preview: Receive builds of Windows just before Microsoft releases them to the general public.
Semi-Annual Channel: Receive feature updates when they are released to the general public.
The recommended state for this setting is: Enabled: Semi-Annual Channel, 180 or more days.
Note: If the 'Allow Telemetry' policy is set to 0, this policy will have no effect.
Note #2: Starting with Windows 10 R1607, Microsoft introduced a new Windows Update (WU) client behavior called Dual Scan, with an eye to cloud-based update management. In some cases, this Dual Scan feature can interfere with Windows Updates from Windows Server Update Services (WSUS) and/or manual WU updates. If you are using WSUS in your environment, you may need to set the above setting to Not Configured or configure the setting Do not allow update deferral policies to cause scans against Windows Update (added in the Windows 10 Release 1709 Administrative Templates) in order to prevent the Dual Scan feature from interfering. More information on Dual Scan is available at these links:
Demystifying 'Dual Scan' - WSUS Product Team Blog
Improving Dual Scan on 1607 - WSUS Product Team Blog
Note #3: Prior to Windows 10 R1703, values above 180 days are not recognized by the OS. Starting with Windows 10 R1703, the maximum number of days you can defer is 365 days.
Rationale:
In a production environment, it is preferred to only use software and features that are publicly available, after they have gone through rigorous testing in beta.
Impact:
Feature Updates will be delayed until they are publicly released to general public by Microsoft.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled: Semi-Annual Channel, 180 or more days:Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update\Windows Update for Business\Select when Preview Builds and Feature Updates are received
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WindowsUpdate.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer).
Note #2: In older Microsoft Windows Administrative Templates, this setting was initially named Select when Feature Updates are received, but it was renamed to Select when Preview Builds and Feature Updates are received starting with the Windows 10 Release 1709 Administrative Templates.
Default Value:
Disabled. (Feature Update cadence will not be enforced by Group Policy.)
See Also
Item Details
References: CSCv7|2.4
Plugin: Windows
Control ID: 5024ac0b0ad7a5a294d9a642121c687c108266c00682042827acc0cbf3490bda