Having to install patches as soon as your friend got the unit sounds entirely reasonable to me. I'd much rather devices are fully patched as soon as possible as the device has probably been sitting in the channel for 6 months or so.

And not wanting patches to be applied at the coffee shop - I'd suggest going to Settings -> Updates & Security -> Windows Update and click the "Change active hours" link.

You can specify what time of day you want to exclude any patching. I have mine set between 7am and 10pm, so any patching gets done when my laptop isn't in use.

