News

Microsoft Primes Orgs for Windows 10 Creators Update Release

• By Kurt Mackie
• April 10, 2017

In preparation for Tuesday's global rollout of the Windows 10 Creators Update (version 1703), Microsoft has released a set of new or updated resources for IT pros.

The Creators Update will be a cumulative update, containing all of the bits since the last big feature update, which is known as the Windows 10 "anniversary update." A "feature update" is Microsoft's terminology for a major Windows 10 release, which arrives maybe twice per year. Windows 10 also gets smaller monthly "quality updates."

Feature updates, like the Creators Update, can be hefty ones. Microsoft explained in February that its differential upgrade technology used with electronic software distribution (ESD) streaming files via Windows Update or Windows Server Update Services (WSUS) can be expected to deliver Windows 10 feature updates at around 3.5GB per PC, and it can take about 30 minutes to 90 minutes for the in-place upgrade to complete.

Last week, Microsoft indicated that its Express Updates technology, which further reduces the download size of Windows 10 updates, now works with System Center Configuration Manager (SCCM). The support starts with SCCM version 1702. The Express Updates technology also works with "Windows Update, Windows Update for Business and WSUS," according to Microsoft's "What's New in Windows 10 Version 1703" TechNet document for IT pros.

New Tools
According to that TechNet document, Microsoft rolled out a bunch of new or updated tools for IT pros. The tools are for new Windows 10 Creators Update deployments, as well as in-place upgrades. Here's a short list, as distilled from this "Windows for IT Pros" blog summary.

Windows Assessment and Deployment Kit Version 1703: Microsoft's Windows ADKs, which contain assessment and performance tools, now are specific to Windows 10 versions. The kit, described here and available via Microsoft's Hardware Dev Center, also includes tools such as DISM, Sysprep and WinPE, plus Windows Configuration Designer.

Windows Configuration Designer: This new tool, formerly known as the "Windows Imaging and Configuration Designer," is a Windows Store application that has wizards for provisioning operating system packages for desktops and devices. It also lets IT pros "remove pre-installed software." The tool also can be used to enroll devices in bulk to use Azure Active Directory.

Master Boot Record to Globally Unique Identifiers Partition Table tool (MBR2GPT): This new tool lets IT pros convert BIOS PC disks to the newer UEFI (Unified Extensible Firmware Interface) format, without deleting data on the disk. UEFI is needed for some Windows 10 security features, such as Secure Boot, Device Guard and Credential Guard, according to the TechNet article.

Mobile Device Management Analysis Tool (MMAT): Microsoft added nearly 300 new security policies for Windows 10 mobile device management use. The MMAT is designed to ease the process of transitioning from using Group Policy. It cross references Group Policy settings with the supported mobile device management policies in Windows 10 via XML or HTML reports.

Highlights
Microsoft had a few tidbits in its newly published Windows 10 documentation.

For instance, Windows Hello for Business, a biometric authentication scheme, now has support for organizations that can't use outside authentication services, such as Azure Active Directory. The new Dynamic Lock feature of Windows Hello is rolling out with the Creators Update. The Dynamic Lock feature will lock a device if one's smartphone travels outside a certain range.

Microsoft also saw fit to rename its in-built Windows Defender anti-malware tool in the Windows 10 Creators Update. It's now called "Windows Defender Antivirus" and it includes the ability to "block new malware in seconds" with a new Block at First Sight feature. IT pros also can use Group Policy or SCCM to specify cloud protection levels for Windows Defender Antivirus. Windows Defender Antivirus shows up in a new Security Center screen in the Windows 10 Creators Update.

The Windows Subsystem for Linux, which brings the ability to use the Linux Bash command-line shell on Windows 10, is part of the Creators Update. Microsoft's own Windows command-line interface now defaults to PowerShell, although it can toggle back to the traditional interface.

Some annoyances were removed in the Creators Update. Microsoft added the ability for IT pros to customize the Start and Taskbar layouts in the Windows 10 Pro version of Creators Update using either Group Policy or mobile device management. Previously, only Windows 10 Enterprise or Education edition users could perform that task.

Also, the Creators Update also won't reinstall in-box applications (such as Candy Crush) that users may have deleted when the next feature update arrives. However, Microsoft added a disappointing caveat to that high note, stating that "apps de-provisioned by IT administrators will still be reinstalled." So that annoyance continues.

Getting It and Deferring It
The Windows 10 Creators Update will arrive as early as April 11 for desktops and possibly as early as April 25 for mobile devices. These initial releases will be known as the "current branch," which Microsoft conceives as a test release for organizations. The "current branch for business" version is the one conceived for production-environment deployments. It'll typically arrive about four months later.

The Windows 10 Creators Update is already released at Microsoft's MSDN download page. A free 90-day trial version is available at Microsoft's TechNet Evaluation Center.

WSUS and SCCM users can get the Windows 10 Creators Update as early as April 11. IT pros that don't want to wait can use Microsoft's Update Assistant or the Media Creation Tool to get it sooner.

Enterprise customers who get Windows 10 through Microsoft's Volume Licensing Service Center will have to wait, though. It'll be available there on May 1.

Deferring the Windows 10 Creators Update depends on the management tool used, as well as the Windows 10 service model followed. One precaution is associated with Microsoft's Windows Update for Business management capability, which works with Group Policy settings. For instance, some WSUS or SCCM users could get tripped up if they inadvertently use Windows Update for Business registry values to defer updates. Using those values causes a dual-scan behavior. It ends up delivering the latest security and feature updates to clients instead of deferring them.

Microsoft's TechNet article for IT pros article stated that "Windows Update for Business managed devices are now able to defer feature update installation by up to 365 days (it used to be 180 days)." However, at press time, Microsoft's TechNet article on the topic still showed the 180-day number. There's also a 35-day "pause limit on quality updates."

Resources
Microsoft has established a new Windows Insider Program for Business for getting Windows 10 Insider previews. It'll tap an organization's Azure Active Directory credentials for enrolled devices, but Microsoft is promising participants that this program will "increase the visibility of feedback submitted by users in your organization."

Microsoft also established a new Windows 10 blog at this Microsoft Tech Community page. Microsoft plans to make Windows 10 announcements of interest to IT pros at that site.

IT pros looking for document guidance can find lots of material in the "Windows 10 IT Pro Content Map." They can download an Excel file there that has lots of links to articles and resources.