question

Hi, @AemilianusKehler-4003
Thank you for posting in Microsoft Q&A forum.

Is it not auto installing cause I have set the one setting "Configure automatic updating: 3 - Auto download and notify for install"?

Yes.

I'm afraid we can not achieve this requirement that only auto install part of the updates.
However, we can achieve this requirement easily by SCCM.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Is there not away to achieve it with just different GPO's set?

I don't not use SCCM

defender updates and CU updates s or any update requiring a reboot should be able to be set via GPOs...

Here's the definition from the "Allow Automatic Updates immediate installation" GPO setting

"Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.

If the status is set to Enabled, Automatic Updates will immediately install these updates once they are downloaded and ready to install.

If the status is set to Disabled, such updates will not be installed immediately."

Here's a Technet question with the exact same question/issue, with multiple people asking for a fix solution. Please advise.

I think you are miss understanding, CU's or updates that require a reboot need to be manually installed. Any and all updates that don't need a service/server reboot should be automatically installed including Windows Defender updates.

Yes the GPO in question has been set and pushed to clients, and member servers. Yet Defender updates still don't seem to auto install.

Here's another TechNet post with an odd answer I even set that GPO setting and pushed to the clients and member servers, and it still not auto installing!

Please go to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Defender > Client Interface > Suppress all notifications:(enable it to stop clients from receiving notifications).

It would be really beneficial for the systems administrators out there that have to rely on WSUS that there be concise setup documentation on how to make defender updates install automatically, while still retaining the ability to manually install heavier updates such as CU's.

If there is such documentation please excuse my ignorance as I have not been able to find it.

Hi, @AemilianusKehler-4003
Sorry for my misunderstanding, you want to install definition updates automatically.
And what I want to confirm with you is have your defender updates are automatically approved?

Yes that option is configured.

Any update on what to check next?

Hi,
Your screenshot is the Default Automatic Approval Rule, please confirm if your Auto Approve Defender Definitions rule contain the following rule properties:

• When an update is in Definition Updates.
  

• When an update is in Windows Defender.
  

• Approve the update for Required computer group.

Sorry about that, I figured that it was checked off was good enough, yes those are defined as well as a deadline.