When there is an update available for ATA you will get a blue arrow notification in the portal. Hovering with the mouse pointer over the icon will show what’s new in the available update:
The update notification tells you to go to Windows Update on the machine running the ATA Center. But when you check for updates, there are none available:
What is going on here?
It is because ATA updates are technically not classified as Recommended updates. There are a lot of extra hoops and requirements to get this classification (since everyone will get them). Using Optional is more flexible.
On Windows Server 2016 there is no obvious way to look for Optional updates, like there is on Windows Server 2012 R2 and earlier:
But you can use a tool that normally is used to configure Core installations called sconfig.
On the ATA Center, running on Windows Server 2016, run sconfig:
Select option 6 (Download and Install Updates):
You will be asked if you want to search for All or Recommended updates only:
Note that if you chose Recommended here, you will get the same result as in the normal settings interface:
If you instead chose All updates, you will find the ATA update (and any other Optional Updates):
I do not want to install Silverlight, so I chose to Select a single update and chose the number of the ATA update:
After a while, the installation wizard of the ATA update will start:
After you finish the installation you will see the installation result:
When you now go to the ATA Portal you will see that the update notification is gone:
The ATA gateways might be automatically updated now, depending on how you have configured updates in ATA:
You will have health alerts as long as the gateways are not updated:
I hope this blog post helped someone.
Microsoft Security Solutions 
You Are Great. Thanks