Merge pull request #105948 from MGoedtel/task1680583c

updated the cfg windows update article

Author: shawnmariejones

articles/automation/automation-configure-windows-update.md

@@ -3,41 +3,41 @@ title: Configure Windows Update settings to work with Azure Update Management
 description: This article describes the Windows Update settings that you configure to work with Azure Update Management.
 services: automation
 ms.subservice: update-management
-ms.date: 10/02/2019
+ms.date: 03/02/2020
 ms.topic: conceptual
 ---
 # Configure Windows Update settings for Update Management
 
-Azure Update Management relies on Windows Update to download and install Windows updates. As a result, Update Management respects many of the settings used by Windows Update. If you use settings to enable non-Windows updates, Update Management will also manage those updates. If you want to enable downloading of updates before an update deployment occurs, update deployment can be faster, more efficient, and less likely to exceed the maintenance window.
+Azure Update Management relies on [Windows Update client](https://docs.microsoft.com//windows/deployment/update/windows-update-overview) to download and install Windows updates. There are specific settings that are used by the Windows Update client when connecting to Windows Server Update Services (WSUS) or Windows Update. Many of these settings can be managed with:
+
+- Local Group Policy Editor
+- Group Policy
+- PowerShell
+- Directly editing the Registry
+
+Update Management respects many of the settings specified to control the Windows Update client. If you use settings to enable non-Windows updates, Update Management will also manage those updates. If you want to enable downloading of updates before an update deployment occurs, update deployment can be faster, more efficient, and less likely to exceed the maintenance window.
 
 ## Pre-download updates
 
-To configure automatic downloading of updates in Group Policy, set the [Configure Automatic Updates setting](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates##configure-automatic-updates) to **3**. This setting enables downloads of the required updates in the background, but it doesn't install them. In this way, Update Management remains in control of schedules, but updates can be downloaded outside the Update Management maintenance window. This behavior prevents "Maintenance window exceeded" errors in Update Management.
+To configure automatic downloading of updates but don't automatically install them, you can use Group Policy to set the [Configure Automatic Updates setting](/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates##configure-automatic-updates) to **3**. This setting enables downloads of the required updates in the background, and notifies you that the updates are ready to install. In this way, Update Management remains in control of schedules, but updates can be downloaded outside the Update Management maintenance window. This behavior prevents **Maintenance window exceeded** errors in Update Management.
 
-You can also turn on this setting by running the following PowerShell command on a system that you want to configure for auto-downloading of updates:
+You can enable this setting setting using PowerShell, by running the following command:
 
 ```powershell
 $WUSettings = (New-Object -com "Microsoft.Update.AutoUpdate").Settings
 $WUSettings.NotificationLevel = 3
 $WUSettings.Save()
 ```
 
-## Disable automatic installation
-
-By default on Azure virtual machines (VMs), automatic installation of updates is enabled. This might cause updates to be installed before you schedule them for installation by Update Management. You can disable this behavior by setting the `NoAutoUpdate` registry key to `1`. The following PowerShell snippet shows how to do this:
-
-```powershell
-$AutoUpdatePath = "HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
-Set-ItemProperty -Path $AutoUpdatePath -Name NoAutoUpdate -Value 1
-```
-
 ## Configure reboot settings
 
-The registry keys listed in [Configuring Automatic Updates by editing the registry](/windows/deployment/update/waas-wu-settings#configuring-automatic-updates-by-editing-the-registry) and [Registry keys used to manage restart](/windows/deployment/update/waas-restart#registry-keys-used-to-manage-restart) can cause your machines to reboot, even if you specify **Never Reboot** in the **Update Deployment** settings. You should configure these registry keys to best suit your environment.
+The registry keys listed in [Configuring Automatic Updates by editing the registry](/windows/deployment/update/waas-wu-settings#configuring-automatic-updates-by-editing-the-registry) and [Registry keys used to manage restart](/windows/deployment/update/waas-restart#registry-keys-used-to-manage-restart) can cause your machines to reboot, even if you specify **Never Reboot** in the **Update Deployment** settings. Configure these registry keys to best suit your environment.
 
 ## Enable updates for other Microsoft products
 
-By default, Windows Update provides updates only for Windows. If you enable the **Give me updates for other Microsoft products when I update Windows** setting, you also receive updates for other products, including security patches for Microsoft SQL Server and other Microsoft software. This option can't be configured by Group Policy. Run the following PowerShell command on the systems that you want to enable other Microsoft updates on. Update Management will comply with this setting.
+By default, Windows Update client is configured to provide updates only for Windows. If you enable the **Give me updates for other Microsoft products when I update Windows** setting, you also receive updates for other products, including security patches for Microsoft SQL Server and other Microsoft software. This option can be configured if you have downloaded and copied the latest [Administrative template files](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) available for Windows 2016 and higher.
+
+If you are running Windows Server 2012 R2, this setting cannot be configured by Group Policy. Run the following PowerShell command on those machines. Update Management complies with this setting.
 
 ```powershell
 $ServiceManager = (New-Object -com "Microsoft.Update.ServiceManager")
@@ -48,11 +48,13 @@ $ServiceManager.AddService2($ServiceId,7,"")
 
 ## WSUS configuration settings
 
-Update Management complies with Windows Server Update Services (WSUS) settings. The WSUS settings you can configure for working with Update Management are listed below.
+Update Management supports WSUS settings. The WSUS settings you can configure for working with Update Management are listed below.
 
 ### Intranet Microsoft update service location
 
-You can specify sources for scanning and downloading updates under [Specify intranet Microsoft Update service location](/windows/deployment/update/waas-wu-settings#specify-intranet-microsoft-update-service-location).
+You can specify sources for scanning and downloading updates under [Specify intranet Microsoft Update service location](/windows/deployment/update/waas-wu-settings#specify-intranet-microsoft-update-service-location). By default, Windows Update client is configured to download updates from Windows Update. When you specify a WSUS server as a source for your machines, if the updates aren't approved in WSUS, update deployment fails. 
+
+To restrict machines to just that internal update service, configure [Do not connect to any Windows Update Internet locations](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates#do-not-connect-to-any-windows-update-internet-locations). 
 
 ## Next steps
 

articles/automation/troubleshoot/update-management.md

@@ -4,7 +4,7 @@ description: Learn how to troubleshoot and resolve issues with the Update Manage
 services: automation
 author: mgoedtel
 ms.author: magoedte
-ms.date: 05/31/2019
+ms.date: 03/02/2020
 ms.topic: conceptual
 ms.service: automation
 manager: carmonm
@@ -19,6 +19,36 @@ If you encounter issues while you're trying to onboard the solution on a virtual
 
 The following section highlights specific error messages and possible resolutions for each. For other onboarding issues see [Troubleshoot solution onboarding](onboarding.md).
 
+## Scenario: Superseded update indicated as missing in Update Management
+
+### Issue
+
+Old updates are appearing in Update Management in the Azure Account as missing even though they have been superseded. A superseded update is one that doesn't have to be installed because a later update that corrects the same vulnerability is available. Update Management ignores the superseded update and makes it not applicable in favor of the superseding update. For information about a related issue, see [Update is superseded](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#the-update-is-not-applicable-to-your-computer).
+
+### Cause
+
+Superseded updates are not being correctly indicated as declined so that they can be considered not applicable.
+
+### Resolution
+
+When a superseded update becomes 100 percent not applicable, you should change the approval state of that update to **Declined**. To do this for all your updates:
+
+1. In the Automation Account, select **Update Management** to view machine status. See [View update assessments](../manage-update-multi.md#view-an-update-assessment).
+
+2. Check the superseded update to make sure that it is 100 percent not applicable. 
+
+3. Mark the update as declined unless you have a question about the update. 
+
+4. Select Computers and, in the Compliance column, force a rescan for compliance. See [Manage updates for multiple machines](../manage-update-multi.md).
+
+5. Repeat the steps above for other superseded updates.
+
+6. Run the cleanup wizard to delete files from the declined updates. 
+
+7. For WSUS, manually clean all superseded updates to refresh the infrastructure.
+
+8. Repeat this procedure regularly to correct the display issue and minimize the amount of disk space used for update management.
+
 ## <a name="nologs"></a>Scenario: Machines don't show up in the portal under Update Management
 
 ### Issue