I'm setting up a brand new domain and I have installed the Windows Server Update Services.
I would like to have your opinion about the automatic approval policy.
I'm thinking on automatic approval for:
Definition Updates (We are using Windows Defender, and it has a daily update)
Now, I see another group named "Critical Updates" that might be worth auto approving, but I'm not sure about that one.
The goal here is to have the user computers up and running at all times, and while some harm might come to the computers related to not having an specific update, I'm also worried by the cases where a Microsoft Update has had adverse side effects on Windows computers that could also be problematic, in fact even more problematic.
So, I would like to know what is your advice, should I add "Critical Updates" to the automatic approval list?