Reports are coming in that Windows 10 systems running an earlier feature version of the operating system are upgraded to Windows 10 version 1709 forcefully in some circumstances.

The issue seems to be related to KB4023814, "Some versions of Windows 10 display a notification to install the latest version", which Microsoft updated on March 5, 2018 the last time.

It informs customers that notifications may be displayed on devices that run older versions of Windows 10 that state that the devices need to be updated to "have the latest security updates installed".

If you're currently running Windows 10 Version 1507, Version 1511, Version 1607 or Version 1703, you can expect to receive a notification that states that your device has to have the latest security updates installed. Windows Update will then try to update your device.

Microsoft reveals furthermore that only the latest version of Windows 10 offers protection from the latest threats.

Windows 10 version 1607 and version 1703 are not yet at "end of service." However, they must be updated to the latest versions of Windows 10 to ensure protection from the latest security threats.

It is unclear what Microsoft means by that. Won't it provide (some) security updates for Windows 10 version 1607 or 1703 despite the fact that these versions are still supported? Or is it merely a reminder that Windows 10 version 1709 includes additional protective features that previous versions don't include?


The former would invalidate Microsoft supporting any version of Windows 10 for 18 months while the latter would pose the question why Microsoft enforces upgrades to the new version of Windows 10.

Windows 10 version 1607 reaches end of support in April 2018, Windows 10 version 1703 in October 2018.

Enforced upgrades

The reports indicate that Microsoft ignores user update settings and even installs the update on devices on which Windows Update is turned off.

If Windows Update is turned off, Microsoft uses the Update Assistant to deliver the update.

Woody suggests that the forced upgrades have something to do with the Diagnostic Data level setting of the system. Microsoft collects Telemetry on all consumer versions of Windows 10.

Tip: The next version of Windows 10, version 1803, includes options to view the Telemetry data.

If it is set to 0 (Security), an Enterprise-only value, update policies have no effect. This is confirmed on the Microsoft Docs website for Windows Update for Business clients.

For Windows Update for Business policies to be honored, the Diagnostic Data level of the device must be set to 1 (Basic) or higher. If it is set to 0 (Security), Windows Update for Business policies will have no effect.

Windows 10 users should check the Telemetry level in the Windows Registry if they are unsure what it is set to:

  1. Tap on the Windows-key, type regedit.exe, and hit the Enter-key. This opens the Windows Registry Editor.
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\DataCollection
  3. Check the AllowTelemetry value. If Data is set to 0, the Diagnostic Data level is set to Security.

You may roll back to a previous version using Settings > Update & Security > Recovery, or restore a backup image if you have one. Note that the Recovery option is only available if you have not run Disk Cleanup yet to remove old Windows installation files from the device.