• Win10 “Allow Telemetry” required for Update control on Win10 Enterprise, Education

    Very interesting note from ch100:

    This would be funny, but… it is not

    In Windows 10, there are 2 Group Policies which are supposed to be used for the so called CBB = Current Branch for Business, to allow deferring updates and upgrades in Windows 10 until such a time that is commonly accepted that they are safe to install for businesses – about 1 month for updates and more for upgrades. They can be used by anyone with version Pro or higher.

    They are under
    Computer Configuration\Administrative Templates\Windows Components\Windows Update\Defer Windows Updates
    The policies are:

    • Select when Feature Updates are received
    • Select when Quality Updates are received

    When reading the description for each policy, under both, this note comes up:

    “Note: If the “Allow Telemetry” policy is set to 0, this policy will have no effect.”

    For those who are not aware, Allow Telemetry set to 0 is the so called Security setting which limits the telemetry to minimum, available only for the Enterprise version with its variations, including LTSB and Education and for Server 2016.

    Those policies are actually useful only to stand-alone computers or computers updating directly from Windows Update which is normally not the case for most Enterprise or Education installations. The networked computers have other ways to defer installations, either using WSUS or SCCM which uses WSUS as installed component.

    However for those computers requiring those policies, which actually delay Automatic Windows Update for a number of days, what the description says is that if the user does not agree to be monitored via telemetry, they cannot use those very useful policies.

    Microsoft would probably explain that they have no way to know how to defer the updates for computers which are not monitored by them, which is possible with the current code, but this means that their implementation is flawed.

    What does anyone else think about this implementation?