In brief: Once again, Microsoft is pushing its automatic updates agenda. The company's latest policy update shows how quickly it can shift control away from users, raising questions about flexibility and user choice. While users can still opt out, nothing is stopping it from making updates mandatory, as it did with app store software.

Starting in September, Microsoft will automatically install updates during the Windows 11 setup process. The company says the change ensures new PCs launch with the latest security patches and bug fixes for a smoother initial sign-in. It also reflects Microsoft's push to tighten control over how and when users receive updates.

The policy will apply to eligible Microsoft Entra-joined or hybrid-joined devices running Windows 11 Enterprise, Pro, Education, or SE, version 22H2 and later. Microsoft says the change will strengthen device security and cut down on post-deployment update overhead. Devices managed through Microsoft Intune with a Windows Autopilot Enrollment Status Page (ESP) profile qualify for the policy. The setting also applies to systems that received the August 2025 out-of-the-box experience zero-day patch or the June 2025 non-security update.

Microsoft has enabled the auto-update feature by default, though IT admins can disable it. To turn it off, they must configure the update settings in the Intune admin center under Devices > Enrollment > Enrollment Status Page. From there, they can edit an existing ESP profile or create a new one.

Users can now disable the "Install Windows quality updates" toggle within an ESP profile if they want to opt out of auto-updates. Existing ESP profiles have the feature turned off by default, so no changes are needed. However, new profiles enable the feature automatically, requiring manual adjustment to disable.

The new out-of-box experience comes as a "quality update," enhancing system stability and performance by fixing bugs and other issues. While primarily aimed at devices managed through Intune, Microsoft says some third-party MDM solutions with integrated ESP may also support the feature.

Earlier this month, Microsoft made all App Store updates mandatory, sparking protests from many Windows users. The company defended the move, citing security risks from outdated software. Early reactions suggest the latest announcement may face similar pushback.