Microsoft releases Windows 10 feature updates in a staggered manner, which means that the rollout targets a small set of users initially, which then expands gradually to more users. However, some devices are blocked from receiving new versions due to ‘safeguard holds’. These are update blocks that are applied to devices that could be affected by known issues – based on the Redmond firm’s telemetry –, that may end up causing blue screens (BSODs) or other performance issues.
However, a recently added Group Policy aimed at IT admins and professional users can now allow them to bypass these update blocks and pull a feature update from Windows Update. The policy, called “Disable Safeguards for Feature Updates” can be found under Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business in the Group Policy Editor. Admins that use an MDM (Mobile Device Management) tool can use the Update/DisableWUfBSafeguards CSP.
The company explains in a recently updated support document that the ability to disable these safeguard blocks is a temporary measure for IT admins who “stay informed with Update Compliance and the Windows Release Health dashboard” and those that are aware of the risks. The reason the firm calls the policy a “temporary” one is because it is reset after an update and must be manually enabled again.
The policy was added with the October Patch Tuesday updates and works on Windows 10 version 1809 (October 2019 Update) with devices running Windows Update for Business. Though, the policy description itself mentions Windows 10 version 1903 or newer as the OS requirement.
The ability to disable safeguards and force an update could be aimed at helping admins perform validation and testing in a business environment. Admins can also use the Update Compliance monitoring tool to ascertain the risks involved with the known issues and decide if a future update is safe enough for deployment.