Configuring fallback for updates

Applies To: Forefront Client Security

If you use WSUS to distribute Client Security updates to client computers, you can use a policy setting to configure client computers to use Microsoft Update when the WSUS server is unavailable.

Note

Client Security updates are not available through Windows Update.

Provided that client computers have Internet access, this feature helps ensure that client computers can get updates to malware definitions. This can be especially helpful for portable computers that are removed from your network and used at other sites, such as customer sites, hotels, and airports. Allowing such computers to fall back to Microsoft Update helps protect them from malware identified in definition updates that are released after the computers are removed from your network.

Before Client Security can instruct client computers to fall back to Microsoft Update, you must agree to use Microsoft Update. You can do this the first time that you configure and save a Client Security policy that enables fallback to Microsoft Update.

Important

Client Security records your decision. When you create additional policies or enable fallback again to Microsoft Update on existing policies, you are never again prompted to confirm this decision.

Whether Microsoft Update fallback is enabled by default depends on if you have previously enabled Microsoft Update fallback in a policy, confirmed that decision, and then saved the policy. If you have never done so, Microsoft Update fallback is disabled; otherwise, it is enabled.

When a client computer receives a policy enabling fallback to Microsoft Update, Client Security configures the computer to use Microsoft Update rather than Windows Update. If you later change the policy to disable fallback to Microsoft Update, computers receiving the policy don't use Microsoft Update when WSUS is unavailable; however, they remain configured to use Microsoft Update rather than Windows Update.

To enable update fallback to Microsoft Update

  1. In the Client Security console, create or edit a policy. For details about how to create or edit a policy, see Creating, editing, copying, and deleting policies.

  2. In the New Policy or Edit Policy dialog box, click the Advanced tab.

  3. Under Malware definition updates, select the Check for updates on Microsoft Update when WSUS is unavailable check box.

    Important

    If Client Security prompts you to agree to use Microsoft Update, you must do so or you cannot enable fallback to Microsoft Update. For more information, see the discussion before this procedure.

  4. After you finish creating or editing the policy, click OK.

  5. To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.

To disable update fallback from WSUS to Microsoft Update

  1. In the Client Security console, create or edit a policy. For details about how to create or edit a policy, see Creating, editing, copying, and deleting policies.

  2. In the New Policy or Edit Policy dialog box, click the Advanced tab.

  3. Under Malware definition updates, clear the Check for updates on Microsoft Update when WSUS is unavailable check box.

  4. After you finish creating or editing the policy, click OK.

  5. To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.

  6. If you want to configure client computers to use Windows Update instead of Microsoft Update, do the following on each client computer:

    1. Go to Microsoft Update (https://update.microsoft.com/) and click Change settings.

    2. Under To stop using Microsoft Update, select Disable Microsoft Update software and let me use Windows Update only and click Apply changes now.

      The computer is configured to use Windows Update, from which Client Security updates are not available. Unless the computer receives a Client Security policy enabling fallback to Microsoft Update or a user goes to the Microsoft Update Web site and accepts Microsoft Update, the computer remains configured to use Windows Update.