This article provides a sample state to update windows salt minions in bulk from the salt master, so it is not necessary to log onto each minion host and do it by hand.

Salt-master: all versions

Salt-minion: all versions

Aria Automation Config: all versions 

Below is an example state that can upgrade a salt minion to the latest version:

#Upgrade salt-minion with new repo
#Restart the Salt minion
# Sample command:
#    salt minion-id state.sls upgrade.windows_minion pillar='{"package": "salt-minion-py3"}' test=1
# Sample to run against all windows servers using the 'os:Windows' grain:
#    salt -G 'os:Windows'  state.sls upgrade.windows_minion pillar='{"package": "salt-minion-py3"}' test=1
#NOTE: leaving test=1 at the end of the following commands will not run the state, only test it. Remove test=1 to apply the state.
{% set minion = salt['grains.get']('id') %}
{% set platform = salt['grains.get']('kernel') %}
{% if platform == 'Windows' %}
{% set package = salt['pillar.get']('package') %} #If using winrepo, this is the name of the package

upgrade_{{ package }}:
  pkg.latest:
    - name: {{ package }}

restart_minion:
  service.running:
    - name: salt-minion
    - require:
    - upgrade_{{ package }}
    - watch:
    - upgrade_{{ package }}

{% else %}
test_state:
  test.configurable_test_state:
    - name: {{ minion }}
    - changes: False
    - result: True
    - comment: {{ platform }} is not Windows
{% endif %}

A similar state can be used it you wanted to target a specific version instead of the latest version, for instance version 3006.9.
In this example, you would specify the desired version to be installed:

# Upgrade salt-minion to a specific version
# Restart the Salt minion
#
#Command to run against all windows servers:
#Run against one server by supplying the minion id:
#    salt windows_minion_id state.sls upgrade.windows_minion pillar='{"package": "salt-minion-py3"}' test=1
#
#Run against all windows servers using the 'os:Windows' grain:
#    salt -G 'os:Windows'  state.sls upgrade.windows_minion pillar='{"package": "salt-minion-py3"}' test=1
#NOTE: leaving test=1 at the end of the following commands will not run the state, only test it. Remove test=1 to apply the state.
{% set minion = salt['grains.get']('id') %}
{% set platform = salt['grains.get']('kernel') %}

{% if platform == 'Windows' %}
{% set package = salt['pillar.get']('package') %}  # If using winrepo, this is the name of the package
{% set version = '3006.9' %}  # Define the specific version you want to install

upgrade_{{ package }}:
  pkg.installed:
    - name: {{ package }}
    - version: {{ version }}

restart_minion:
  service.running:
    - name: salt-minion
    - enable: True
    - require:
      - pkg: upgrade_{{ package }}
    - watch:
      - pkg: upgrade_{{ package }}

# Wait for 60 seconds to ensure the service restart is complete
wait_after_restart:
  cmd.wait:
    - name: sleep 30  # Sleep for 30 seconds
    - watch:
      - service: restart_minion

check_upgrade_complete:
  cmd.run:
    - name: salt-call --versions

{% else %}
test_state:
  test.configurable_test_state:
    - name: {{ minion }}
    - changes: False
    - result: True
    - comment: {{ platform }} is not Windows
{% endif %}

This article assumes that winrepo has been configured. 

If using this state as a job in the UI, {"package": "salt-minion-py3"} will need to be added in the "Pillar override" section so that it can find the package. 

NOTE: The job may not return or may return as failed due to the required minion service restart.

You can verify the version directly on the server that was upgraded, or you can run the following from the master to verify the version of the salt-minion:

salt minion-id cmd.run 'salt-call --versions'