Skip to Content

MC1194065: Windows out of the box quality update policy settings available in Autopilot

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1194065: Windows out of the box quality update policy settings available in Autopilot

Summary

  • The AllowOOBEUpdates CSP policy will be available and disabled by default, allowing Windows quality updates during the out-of-box experience on eligible devices.
  • Devices must be Microsoft Entra joined or hybrid joined and running Windows 11, version 22H2 or later to use this feature.
  • Administrators will maintain control over quality update behavior during provisioning, aligning with security and compliance requirements.
  • Preparation includes ensuring devices are updated with the appropriate Windows non-security updates prior to enforcement.
  • Relevant documentation and announcements have been updated to clarify device targeting and prerequisites.

Admin Impact: Medium
User Impact: Low
Release Start: 01 Jan 2026
Release End: 01 Jan 2026
Services: Intune
Category: Stay informed
Tags: Admin Action

History

12/10/2025 Item Added to Message Center

Microsoft Message

Starting with the January 2026 security update, the AllowOOBEUpdates CSP policy will be available and disabled by default. It shows up as a new setting on the Windows Autopilot Enrollment Status Page (ESP). This policy allows you to install the latest Windows quality updates during the out-of-box experience (OOBE) on eligible devices. Devices must be Microsoft Entra joined or Microsoft Entra hybrid joined and running Windows 11, version 22H2 or later. The original announcement and documentation are updated to reflect this change and to clarify device targeting.

When will this happen

January 2026: The AllowOOBEUpdates CSP policy will be available and disabled by default.
August 2025: The original announcement introduced this new capability.

How this will affect your organization

With Windows Autopilot and Microsoft Intune (or alternative management solutions), you can maintain seamless control over quality update behavior during provisioning, while ensuring alignment with organizational security and compliance requirements.

What you need to do to prepare

Review the prerequisite criteria in additional information. Make sure that your devices are imaged with the November 2025 Windows non-security update or later or are automatically updated with the November 2025 OOBE zero-day patch (ZDP) update. Learn more about these updates and the capability under additional information.

Additional information

  • Get ready for Windows quality updates out of the box
  • AllowOOBEUpdates System Policy CSP
  • KB5071430: Out of Box Experience update for Windows 11, version 24H2 and 25H2, and Windows Server 2025: November 21, 2025
  • KB5071892: Out of Box Experience update for Windows 11, version 22H2 and 23H2: November 20, 2025
  • Windows Autopilot Enrollment Status Page