Microsoft Windows Update

Microsoft Windows Update is a Microsoft service for the Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. There are two types of Windows updates:

  • Feature Updates (deliver new features, equivalent of new versions of Windows)
  • Quality Updates (monthly bug fixes and security patches)

See Windows 11 release information article for a detailed list of Windows releases.

Feature Updates

Microsoft delivers feature updates for Windows 11 once a year, in a second half of each year. Most recent feature updates are:

  • Windows 11: version 24H2 (build 10.0.26100.x) End of Servicing: 10-12-2027
  • Windows 11: version 23H2 (build 10.0.22631.x) End of Servicing: 11-09-2026
  • Windows 11: version 22H2 (build 10.0.22621.x) End of Servicing: 10-14-2025

To see which version of Windows 11 is installed on your computer:

  1. Click the Start button.
  2. Type in winver and press Enter

To see which version of Microsoft Office is installed on your computer, please see Related Articles section on the right.

Quality Updates

Quality updates are released more frequently since they are intended to address known performance and security issues. On the second Tuesday of each month, Microsoft releases one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. We then test it internally before releasing it to all managed computers.

Occasionally, Microsoft can also release out-of-band emergency updates.

College-owned Devices

The majority of College-owned computers with Windows 11 are joined to Entra ID (formerly Azure Active Directory or AAD) are managed by the Office of Information Technology using the Microsoft Intune device management platform. For Intune managed devices, both quality updates and future updates that were previously managed by the on-premise Windows Software Update Servers (WSUS) as it was the case with AD domain joined machines are being phased out. These updates are delivered directly from Microsoft.

Windows Update Rings

With Windows 10, Microsoft introduced a concept of Update Rings which is a set of configuration policies you that are assigned to groups of devices. These policies control Windows Update settings on individual devices, such as how soon should the update be installed after it is released by Microsoft, or how much control should the user have over how the update is applied. The timing of Windows updates is being determined by which Windows Update Ring the computer belongs to.

 

Update Ring / 
Security Group
Description

0 - Preview Testing

zO365 - Devices - Windows Update Ring 0 - Preview Testing

A few selected machines used by the Office of Information Technology staff and departmental IT Technicians and other IT staff to evaluate early builds prior to their arrival to the semi-annual channel.

User of the machine has to enroll it in Microsoft Windows Insider program to receive updates prior to the official release date.

1 - Departmental Testing

zO365 - Devices - Windows Update Ring 1 - Departmental Testing

Designated devices across all departments and teams used to evaluate the major release prior to broad deployment.

Both feature updates and quality updates will be automatically installed as soon as they are released, unless paused by the Office of Information Technology.

Following installation, computer will be rebooted automatically during maintenance hours between 12 AM - 3 AM.

2 - Org-wide Roll-out

zO365 - Devices - Windows Corporate Devices

Ring 2 - Org-wide Roll-out

Broadly deployed to most of the organization and monitored for feedback. Distribution of updates to this group can be paused if there are critical issues. By default, all corporate devices are included in this ring, unless they are added to one of the other three groups.

Feature updates will be automatically installed four weeks after their release date, unless paused by the Office of Information Technology.

Quality updates  will be automatically installed two weeks after their release date, unless paused by the Office of Information Technology..

Following installation, computer will reboot automatically during maintenance hours between 12 AM - 3 AM.

3 - Deferred Roll-out

zO365 - Devices - Windows Update Ring 3 - Deferred Roll-out

Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization.

Feature updates will be automatically installed six months after their release date, unless paused by the Office of Information Technology.

Quality updates will be automatically installed one month after their release date (maximum allowed by Microsoft).

Following installation, computer will reboot automatically during maintenance hours between 12 AM - 3 AM.

   

If a problem is discovered while deploying a feature or quality update, the Office of Information Technology can pause the update to prevent other devices from installing it until the issue is mitigated.

Vast majority of devices belong to the Org-wide Roll-out ring and should not be moved to Deferred Roll-out unless there is a specific valid reason for it.

Benefits of Staying Current

Keeping computers in our organization current with updates and new features helps protect against threats, improves performance, and ensures we’re using the best available features.

Protect against threats

If your computer doesn’t stay current with the latest updates, it could be more vulnerable to threats like:

  • Ransomware: Where an attacker encrypts our organization’s folders and files, and attempts to extort our organization for access to the files and folders.
  • Exploits: An attacker takes advantage of vulnerabilities in any of our applications and devices, infects and gains access to our organization’s wider environment.
  • Supply chain attacks: An attacker gets access to our organization’s source codes, software build processes, and uses our applications to attack our customers and their devices. Security risks and threats could negatively affect our organization, and in some cases, severely impact our organization financially and reputationally. Keeping our organization current with the latest updates from Microsoft helps secure our organization against risks and threats.

Improve performance

If we don’t stay current, our environment’s various endpoints won’t be able to receive updates that can help improve the quality and performance of the underlying operating system. As a result, our overall environment’s performance could be affected adversely. This in turn can have an effect on the productivity of our organization’s internal users and could ultimately impact our organization’s customers. Staying current helps keep our organization’s systems responsive, and decrease or eliminate downtime. This way, we maintain and improve our organization’s productivity. We’re also helping ensure that customers have more positive experiences with our organization’s services.

Take advantage of the latest improvements and features

Windows gets better and smarter over time. Every feature update release comes with enhancements and capabilities. A single update could include a wide range of improvements and features. For example, it could include:

  • Increased performance and reliability of the operating system and its applications – for example, a recent feature update optimized how instructions are processed by the CPU
  • Improvements to assistive technologies in Windows to help with accessibility
  • Improvements to battery life and power efficiency for PCs with certain processors

Make sure to stay current so you don’t miss out on important features and improvements.