In the testing phase of a patch roll out. I have one policy per bulletin.
ex MS10-40 will be applied to a "CORP Patch Test Group" filter.
After we validate the updates do not affect the productivity of the test group, We edit policy and apply it to "All Windows Computers with Software Update Agent Installed" filter.
There is a downfall of creating a single policy which includes all the bulletins for a month. If a a single bulletin/update is revised, the entire policy will disabled. Thus instead of having one disabled bulletin, you now have a whole months bulletins.