where can i get the windows update policy from and how do I apply that to the EPO?
what patch is required to do this?
If you have 'application control' installed, rules for 'installing windows updates' are a part of default policy, you need to select the 'windowsupdates' under the default policy and apply to the host.
If you have 'change control' or 'integrity monitor' installed, please install the windows updates in update mode. For this you need to send the 'begin-update' task to the host before installing the windows updates and send the 'end-update' task to hist after updates are installed and machine is rebooted.