Microsoft has quietly relaxed a rule that prevented privacy-first organizations from managing the Windows Update for Business (WUfB) service using group policies.
With Windows 10 1903, aka “Windows 10 May 2019 Update,” which debuted in late May, organizations no longer are required to set the “diagnostic data level” for their devices to “Basic” or higher.
That diagnostic data level is a multi-step categorization of what Microsoft pulls from Windows devices and sends to its own servers. Also dubbed “telemetry,” the data harvesting is used by Microsoft for a range of tasks, notably deciding when a specific PC receives a feature upgrade.
Customers can set the diagnostic data level to one of four settings: Security, Basic, Enhanced and Full, each collecting and transmitting more information than the one before.
(For more information on data diagnostic levels, and configuring them in an organization, refer to this support document.)
Prior to Windows 10 1909, devices managed by WUfB – the spin-off of the consumer-grade Windows Update – had to be set at Basic or above, meaning Basic, Enhanced or Full. Those that were not could not be managed using WUfB-related policies. That rule barred organizations relying on WUfB from applying the Security level.
In an announcement that accompanied the launch of Windows 10 1903, Microsoft said that the rule is now invalid. “Beginning with Windows 10, version 1903 … privacy-sensitive organizations can utilize Windows Update for Business policies, regardless of the diagnostic data level chosen, for any devices running Windows 10, version 1607 or later,” said Joe Wilcox, a Microsoft Windows-as-a-service (WaaS) evangelist, in a post to a company blog.
However, not everyone at Microsoft got Wilcox’s memo.
“For Windows Update for Business policies to be honored, the diagnostic data level of the device must be set to 1 (Basic) or higher,” states a support document dated Aug. 6, 2019. “If it is set to 0 (Security), Windows Update for Business policies will have no effect.”
According to other documentation, only Windows 10 Enterprise, Windows 10 Education and Windows Server can be set below the “Basic” diagnostic level.