What is a CrowdStrike sensor update policy?

A sensor update policy in CrowdStrike Falcon controls the update process for sensors on your hosts. Policies let you lock hosts to specific sensor versions, automate updates with Auto-Latest/N-1/N-2 settings, protect sensors from unauthorized uninstallation, and schedule update exclusion windows. Each host is assigned to a sensor policy based on its host group, with separate policies for Windows, Mac, and Linux platforms.

How many sensor update policies can I create in CrowdStrike?

You can create up to 100 custom sensor update policies in CrowdStrike Falcon. Each platform (Windows, Mac, Linux) has its own set of policies. Additionally, there's a default policy for each platform that applies to hosts not assigned to any custom policy. The default policy cannot be deleted but can be configured with your preferred sensor version and settings.

What is the difference between Auto-Latest, N-1, and N-2 sensor versions?

Auto-Latest automatically updates hosts to the newest sensor version when released. Auto N-1 updates to the second-newest version (one version behind latest). Auto N-2 updates to the third-newest version (two versions behind latest). Use Auto-Latest for test environments, N-1 for pilot groups, and N-2 for production to ensure stability while staying current. CrowdStrike recommends maintaining sensors at N-2 or newer.

Do I need to restart hosts after a CrowdStrike sensor update?

No, CrowdStrike sensor updates are performed in-place and do not require a host restart. The sensor updates automatically while the host remains operational. However, you should not shut down or reboot a host while a sensor is being installed, as this can cause the host to crash on boot or prevent proper uninstallation.

What roles can manage sensor update policies?

The Falcon Administrator and Endpoint Manager roles can create and manage sensor update policies in the CrowdStrike Falcon Console. These roles can also reveal maintenance tokens for protected hosts, enable bulk maintenance mode, and assign policies to host groups.

How do I assign a sensor update policy to hosts?

Sensor update policies are assigned through host groups. Navigate to the policy in Host Setup and Management > Sensor Update Policies, click the policy, go to the Assigned Host Groups tab, and click Assign Host Groups. Select the groups you want to assign. Hosts can only be assigned to one sensor update policy at a time based on policy precedence rules.

How to Configure CrowdStrike Falcon Sensor Update Policies

Sensor update policies in CrowdStrike Falcon control the update process for sensors across your entire host fleet. Use these policies to manage sensor versions, automate updates, protect against unauthorized uninstallation, and schedule maintenance windows.

Understanding Sensor Update Policies

Sensor update policies let you:

Lock host groups to specific sensor versions
Automate updates with Auto-Latest, N-1, or N-2 settings
Protect sensors from unauthorized uninstallation
Schedule exclusion windows to prevent updates during maintenance
Test new versions on pilot groups before production deployment

Each platform (Windows, Mac, Linux) has separate sensor update policies. Hosts are assigned to policies through host groups.

Requirements

Subscriptions: Falcon Prevent or Falcon Insight XDR
Roles: Falcon Administrator or Endpoint Manager

Creating a Sensor Update Policy

Go to Host Setup and Management > Deploy > Sensor Update Policies
Create the Policy
Click Create Policy
Enter a Policy name
Select the Platform (Windows, Mac, or Linux)
Add an optional Description
Click Create Policy
Configure Sensor Settings
On the Sensor Settings tab, select a sensor version option
Configure Uninstall and maintenance protection
Click Save

Sensor Version Options

Option	Description	Best For
Auto - Early Adopter	Updates to early adopter builds 4 days before general availability	Early testing environments
Auto - Latest	Updates to the newest version on scheduled release	Test/QA environments
Auto - N-1	Updates to second-newest version	Pilot groups
Auto - N-2	Updates to third-newest version	Production environments
Specific Version	Locked to a specific version number	Controlled rollouts
Sensor version updates off	No cloud-pushed updates	Manual management, maintenance

Recommendation: Update sensors monthly and maintain hosts at N-2 or newer for optimal protection. If your organization values stability over new features, consider using Long-Term Support (LTS) sensors—available through CrowdStrike's Customer Center.

Assigning Policies to Host Groups

- Open the sensor update policy you want to modify - Click the **Assigned Host Groups** tab - Click **Assign Host Groups** - Select the groups to assign - Click **Assign Groups**

Note: Host groups can only be assigned to one sensor update policy. If a group is already assigned elsewhere, you must remove it from the current policy first.

Protecting Sensors from Uninstallation

The Uninstall and maintenance protection setting prevents unauthorized sensor removal:

When enabled: Requires a maintenance token to uninstall, upgrade, or modify the sensor
When disabled: End users with local admin permissions can uninstall the sensor

Best Practice: Keep protection enabled for all policies except one dedicated maintenance policy. Move hosts to the maintenance policy temporarily when changes are needed.

For detailed instructions, see our guide on enabling uninstall protection for CrowdStrike Falcon.

Deleting a Sensor Update Policy

Before deleting a policy, you must disable it first:

- Open the policy you want to delete - Click **Disable Policy**, then confirm - Click **Delete Policy**, then confirm

When a policy is deleted, hosts from that policy are reassigned to another policy based on policy precedence rules.

Recommended Policy Structure

We recommend creating a tiered testing and deployment structure:

Policy/Group	Sensor Version	Purpose
Test-QA Group	Auto - Latest	Test newest versions on non-production hosts
Tech Pilot Group	Specific or N-1	Limited non-critical production testing
Business Pilot Group	Specific or N-1	Broader production testing across departments
Production (Default)	Specific or N-2	Stable version for all production hosts
Maintenance Policy	Updates off	Temporary policy for uninstallation/upgrades

Best Practices

Update monthly: Keep sensors at N-2 or newer for optimal protection
Don't interrupt installations: Never shut down or reboot hosts during sensor installation
Use protection: Keep Uninstall and maintenance protection enabled on all policies except your maintenance policy
Test before deploying: Always test new sensor versions on pilot groups before production rollout
One maintenance policy: Create a single policy with protection disabled for all maintenance tasks

How to Configure CrowdStrike Falcon Sensor Update Policies

Understanding Sensor Update Policies

Requirements

Creating a Sensor Update Policy

Sensor Version Options

Assigning Policies to Host Groups

Protecting Sensors from Uninstallation

Deleting a Sensor Update Policy

Recommended Policy Structure

Best Practices

Frequently Asked Questions

Need Expert CrowdStrike Management?

CrowdStrike User Roles: Create Custom Roles & Manage Permissions

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

How to Configure CrowdStrike Falcon Sensor Update Policies

Understanding Sensor Update Policies

Requirements

Creating a Sensor Update Policy

Sensor Version Options

Assigning Policies to Host Groups

Protecting Sensors from Uninstallation

Deleting a Sensor Update Policy

Recommended Policy Structure

Best Practices

Related Articles

Frequently Asked Questions

Need Expert CrowdStrike Management?

Related Articles

CrowdStrike User Roles: Create Custom Roles & Manage Permissions

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Deploy CrowdStrike Falcon via GPO | Active Directory Guide