2 min

Administrators will now be able to see why certain updates are being blocked.

IT administrators using Update Compliance now have access to information on which safeguard holds are preventing individual devices in their organization from updating to a new version of Windows 10.

In a blog post last week, Mega Sharma explained the new feature being rolled out currently. Sharma is Microsoft’s Program Manager on the Cloud Servicing and Intelligence team. She has a special focus on Safeguard Holds impacting enterprise devices.

How Safeguard Holds work

Microsoft uses quality and compatibility data to identify issues that might cause a Windows 10 feature update to fail or roll back. When they find such an issue, they apply holds to the updating service. This is to prevent affected devices from installing the update.

Microsoft also uses holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact.

Previously, IT administrators using Update Compliance could see which devices were unable to update due to safeguard holds, but did not have any information on which individual hold was preventing the device from updating. We have made improvements to Update Compliance to address this customer pain point.

Update Compliance now supports two queries designed to help you retrieve data related to safeguard holds. The first query, “Devices with a safeguard hold”, shows the device data for all devices impacted by safeguard holds.

The second query is called “Target build distribution of devices with a safeguard hold”. This shows data specific to how many devices are prevented from updating. It also shows which build version they belong to.

Opting out of Safeguard Holds

Microsoft has also released a bulletin about how to opt out of Safeguard Hold. According to the notice, IT admins can opt devices out of safeguard protections by using the disable safeguards policy. In a Mobile Device Management (MDM) tool, they can use the Update/DisableWUfBSafeguards CSP.

Microsoft recommends opting out only in an IT environment and for validation purposes. Admins can also validate an upcoming Windows 10 feature update version without applying the safeguards. Specifically, they can use the Release Preview channel of the Windows Insider Program for Business.

Disabling safeguards does not guarantee your device will be able to successfully update, the company warns.

Related: Microsoft has lost its grip on the Windows 10 update process