---
  hosts: all
  tasks:
    - name: Install all updates and reboot as many times as needed
      ansible.windows.win_updates:
        category_names: '*'
        reboot: true

#- name: Install all security, critical, and rollup updates without a scheduled task
#  ansible.windows.win_updates:
#    category_names:
#      - SecurityUpdates
#      - CriticalUpdates
#      - UpdateRollups

#- name: Search-only, return list of found updates (if any), log to C:\ansible_wu.txt
#  ansible.windows.win_updates:
#    category_names: SecurityUpdates
#    state: searched
#    log_path: C:\ansible_wu.txt

#- name: Install all security updates with automatic reboots
#  ansible.windows.win_updates:
#    category_names:
#    - SecurityUpdates
#    reboot: true

#- name: Install only particular updates based on the KB numbers
#  ansible.windows.win_updates:
#    category_names:
#    - SecurityUpdates
#    accept_list:
#    - KB4056892
#    - KB4073117

#- name: Exclude updates based on the update title
#  ansible.windows.win_updates:
#    category_names:
#    - SecurityUpdates
#    - CriticalUpdates
#    reject_list:
#    - Windows Malicious Software Removal Tool for Windows
#    - \d{4}-\d{2} Cumulative Update for Windows Server 2016

# Optionally, you can increase the reboot_timeout to survive long updates during reboot
- name: Ensure we wait long enough for the updates to be applied during reboot
  ansible.windows.win_updates:
    reboot: true
    reboot_timeout: 3600

# Search and download Windows updates
#- name: Search and download Windows updates without installing them
#  ansible.windows.win_updates:
#    state: downloaded