Microsoft is providing IT administrators who use Update Compliance with information on why certain devices are being blocked from getting the latest Windows 10 feature update. This means IT admins can see not just which devices are unable to update, but more easily get details on why the blockers are in place.
Users have been asking Microsoft for more granular information on why certain devices are blocked via a "safeguard hold." Microsoft uses these holds to prevent devices with known issues from being able to get a feature update. Microsoft removes the holds once a fix is found and verified. The goal of this approach, officials have said, is to prevent users from hitting compatibility and other issues caused by a new Windows 10 feature update.
Up until this point, admins could use Update Compliance only to see which devices were being blocked. My sources hinted last month that Microsoft had plans to make information on the blockers clearer and more customized. Last week, officials announced a step in that direction.
In an October 22 blog post, Microsoft officials said they "have made improvements to Update Compliance to address this customer pain point." Here's how this works, according to Microsoft's blog post:
"Update Compliance reporting surfaces the safeguard hold IDs for known issues impacting a device in the 'DeploymentErrorCode' column. Every safeguard hold has a unique ID associated with it. Safeguard hold IDs for documented issues will be included in the Windows release health dashboard. To determine which safeguard hold is preventing your device's update, go to the "Known issues and notifications" page for the specific version to which you are attempting to update (e.g. Known issues and notifications for Windows 10 and Windows Server, version 20H2). Once you have navigated to the appropriate known issues and notifications page, search (Ctrl + F) for the safeguard ID blocking your device (e.g. '25178825'). This process enables you to easily look up information related to the safeguard hold impacting your devices if that safeguard hold's documentation is publicly available."
Update Compliance now allows admins to generate a report about publicly available information on particular safeguard holds. The blog post notes that Microsoft only publicly discloses information on safeguard holds preventing Windows updates when the holds are broadly applied and Microsoft can independently address issues driving the block. That means issues caused by third-party or hardware incompatibilities largely are outside the scope of what Microsoft can and will disclose here because of "confidentiality requirements" to which the company is bound, officials acknowledge.
This is a good step in terms of making Windows 10 feature updates more manageable, but it still doesn't let admins or users override the feature update blockers. That capability is on the roadmap though. As Windows Latest recently reported, a new Microsoft support document notes that Microsoft has a new Group Policy setting called "Disable Safeguards for Feature Updates," which will let admins bypass the upgrade blocks and instantly install feature updates using Windows Update without waiting for Microsoft approval.
This setting is configuarable for Windows 10 Pro and Enterprise users who can enable the "Disable Safeguards for Feature Updates" policy in Windows Update for Business or by making registry changes noted by Windows Latest. Microsoft has not yet announced this new group policy publicly, as far as I know. It probably goes without saying, but use this policy at your own risk.
Update: Looks like Microsoft has added a page for opting out of Safeguard Holds to its own public-facing documentation as of last week.