Microsoft mandates automatic installation of updates at startup for Windows 11. While the company from Redmond offers no choice in the matter, this is a positive change that allows users to immediately benefit from enhancements to the operating system. This new feature will be effective starting with the security patch in September 2025.
Windows 11 continues to receive new features with each update. The operating system will soon offer automatic updates upon startup for Enterprise PCs starting with version 22H2. Essentially, businesses will be able to automatically install updates before the first logon. This means users will encounter a system that is already patched and stable. Windows 11 Pro, Education, and SE will also benefit from this feature. While everyone has access to it, activation can be complex.
How to install updates at startup in Windows 11?
First, the ESP profile must be assigned to the device through Windows Autopilot or Autopilot Device Preparation. Additionally, the image must contain at least the non-security update from June 2025 or the machine must be equipped with the OOBE Zero Day Patch from August 2025, which introduces this new setting. This technical terminology indicates that while this feature is welcome, it is unfortunately not aimed at beginners.
The activation takes place in Intune. Navigate to Devices > Enrollment > Enrollment Status Page (ESP), and open the relevant profile. You will then need to select “Yes” to allow Windows quality updates. Microsoft specifies that existing ESP profiles are set to “No” by default. However, new profiles will automatically be set to “Yes”.
Windows 11 then checks Windows Update on the final OOBE screen and automatically installs updates before the login screen. Note that to ensure that update pause delays are respected, you must associate the Windows Update Rings profile with the same group as the ESP. This step ensures that settings are synchronized before the final check.
In summary, this new feature is designed for administrators to prevent a PC from being vulnerable during the initial startup. It enhances security, which is a positive development for both businesses and individuals looking to explore this capability.
Source: Microsoft
