CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.9.102.1.2 (L1) Ensure 'Select when PreviewBuilds and Feature Updates are received' is set to 'Enabled: Semi -Annual Channel, 180 or more days' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This policy setting determines the level of Preview Build or Feature Updates to receive, and when.

The Windows readiness level for each new Windows 10 Feature Update is classified in one of 5 categories, depending on your organizations level of comfort with receiving them:

 Preview Build - Fast: Devices set to this level will be the first to receive new builds of Windows with features not yet available to the general public. Select Fast to participate in identifying and reporting issues to Microsoft, and provide suggestions on new functionality.  Preview Build - Slow: Devices set to this level receive new builds of Windows before they are available to the general public, but at a slower cadence than those set to Fast, and with changes and fixes identified in earlier builds.  Release Preview: Receive builds of Windows just before Microsoft releases them to the general public.  Semi-Annual Channel (Targeted): Receive feature updates when they are released to the general public.  Semi-Annual Channel: Feature updates will arrive when they are declared Semi- Annual Channel. This usually occurs about 4 months after Semi-Annual Channel (Targeted), indicating that Microsoft, Independent Software Vendors (ISVs), partners and customer believe that the release is ready for broad deployment.

The recommended state for this setting is: Enabled: Semi-Annual Channel, 180 or more days .

Note: If the "Allow Telemetry" policy is set to 0, this policy will have no effect.

Note #2: Starting with Windows 10 R1607, Microsoft introduced a new Windows Update (WU) client behavior called Dual Scan , with an eye to cloud-based update management. In some cases, this Dual Scan feature can interfere withWindows Updates from Windows Server Update Services (WSUS) and/or manual WU updates. If you are using WSUS in your environment, you may need to set the above setting to Not Configured or configure the setting Do not allow update deferral policies to cause scans againstWindows Update (added

1177 | P a g e