If you aren’t already familiar, Microsoft now publishes two types of updates for its Windows operating systems: Patch Tuesday updates, and the optional non-security updates.
The Patch Tuesday updates are non-optional, security updates that are released every second Tuesday of each month. They are installed automatically without the user’s consent. However, the non-security and optional updates are released every 4th Tuesday of each month, do not include any updates for security vulnerabilities, and are optional. This means that they will only be installed if the user manually installs them.
Now, Microsoft has introduced a new Group Policy named “Enable optional updates” that lets you automatically install the optional Windows updates as well. By configuring this policy, you will no longer need to manually check and install the optional updates. Not only that, but you can also choose whether you want to install only the optional updates, or also the Controlled Feature Rollouts (CFRs).
CFRs are gradual feature rollouts that Microsoft silently publishes from time to time to deliver the latest features and improvements at the earliest.
This Group Policy is currently only available for Windows 11 22H2 and was recently introduced with the optional update KB5029351 for August 2023. Therefore, this update is a prerequisite for configuring automatic installation of optional updates and CFRs.
On this page
Prerequisites for automatically installing optional Windows updates
The first thing you ought to know is that the “Enable optional updates” policy is only available for Windows 11 22H2. Therefore, you must ensure that you are on the right Windows version. Moreover, this policy is available on devices with KB5029351 installed, which upgrades the build number to 22621.2215.
To check whether your PC meets these standards, type in “winver” in the Run Command box and press Enter. In the popup window, you will see the version and build number of the OS.
Install optional Windows updates automatically
You can configure the Group Policy “Enable optional updates” on standalone computers as well as devices that are managed by administrators within a domain. This will allow sysadmins to select optional updates from their Windows Server Update Services (WSUS) and automatically install them on the end devices.
Note that the “Enable optional updates” Group Policy allows you to choose from one of the 3 following options:
- Automatically receive optional updates (including CFRs): This option lets you install optional updates automatically as well as the Controlled Feature Rollouts.
- Automatically receive optional updates: This only installs optional features automatically.
- Users can select what optional updates to receive: This allows users to choose which optional updates to install and which to ignore (much like the default optional update settings on non-managed devices).
Now use the following steps to configure the “Enable optional updates” Group Policy to automatically install optional Windows updates:
On the computer, open the Group Policy Management console by typing in the following in the Run Command box:
On Domain Controller:
On Windows 11 PC:
From the Group Policy editor/ management console, navigate to the following path from the left pane:
Computer Configuration >> Administrative templates >> Windows Components >> Windows Update
From here, expand either of the following depending on whether your device is managed by WSUS or Windows Update.:
- Manage updates offered from Windows Server Update Service
- Manage updates offered from Windows Update
Double-click the policy “Enable optional updates” in the right pane.
Select the Enabled radio button.
Choose one of the following options from the drop-down menu in the Options section:
- Automatically receive optional updates (including CFRs)
- Automatically receive optional updates
- Users can select what optional updates to receive
Click Apply and Ok.
Press the Windows Key + R to open the Run Command box.
Type in “cmd” and then press the CTRL + Shift + Enter key combination to run Command Prompt with elevated privileges.
Run the following command in Command Prompt for the Group Policy changes to take effect:
If you chose either of the first two options in Step 6, then all optional Windows updates will now automatically install without prompting you for input.
Note that if you choose the 3rd option, the end users still may need to perform additional steps if they want to install optional updates. Note that this will not install the optional updates automatically.
The users can perform either one of the following two steps:
Go to the following path and install the update manually:
Settings app >> Windows Update >> Advanced options >> Optional updates
Enable the “Get the latest updates as soon as they are available” option at the following path:
Settings app >> Windows Update
The “Enable optional updates” Group Policy enables enterprise users and standalone device users to install the optional Type D updates as if they are mandatory updates. These optional updates often include new features and improvements you can test before next month’s Patch Tuesday updates. However, they can also include new issues.
Since these are preview releases, there could potentially be stability issues that even Microsoft is not fully aware of. Preview releases can sometimes introduce more issues than it fixes them. That is why we advise that you only employ automatic installation of preview updates on non-critical devices.