News

Microsoft Gives Guidance on Windows 10 Servicing and Deployment

• By Kurt Mackie
• September 28, 2015

Microsoft recently published two documents aimed at giving organizations some guidance regarding Windows 10 servicing models and deployment scenarios.

Released on Thursday, the documents represent a more definitive policies-and-procedures type of guidance from Microsoft on Windows 10 servicing. To date, organizations have had to filter through various Microsoft Ignite and Microsoft Virtual Academy presentations to get a feeling for Microsoft's new "Windows as a service" release approach. Now they can plow through the published documentation, as cataloged at this TechNet Library page.

Microsoft makes a few important distinctions in its documentation. It uses the word "upgrade" to describe its OS features changes. The word "update" is applied to its security releases, which continue to follow its traditional "patch Tuesday" monthly release cycle.

The Windows 10 servicing model delivers monthly feature upgrades that are "cumulative," meaning that they contain all of the upgrade bits since the last release. That means that organizations can expect Windows 10 upgrades to be somewhat big files (at around 3GB for 64-bit OSes). Microsoft offers its "express installation files" option as one way to deal with the potential network bandwidth hit implied by pushing down these cumulative Windows 10 releases. Windows 10 also has an "Update Delivery Optimization" peer-to-peer patch approach that reportedly resulted in sluggish network bandwidth for some organizations using Windows Update.

Microsoft's Windows as a service approach delivers OS feature upgrades at a faster pace, although security patch updates still continue to arrive on a monthly basis. The timing of feature upgrade deliveries will depend on the service branch that an organization adopts.

Microsoft officials have said that they are instituting this more agile upgrade process with Windows 10 to address the innovation and security expectations of its customers. While most organizations likely prefer stable IT environments over getting new OS features, they'll have to accept one of the three service-branch cadences, with all of its IT implications, if they move to Windows 10.

The Three Service Branches
The three service branches include "current branch" (monthly releases), "current branch for business" (releases every four months) and "long-term servicing branch" (yearly upgrade releases). With each current branch release, Microsoft will provide a new ISO image.

For Microsoft's more nuanced description of these three service branches, see the "Introduction to Windows 10 Servicing" TechNet article.

Microsoft expects most organizations will adopt the current branch for business approach. In contrast, the long-term servicing branch option is conceived mostly for kiosks, point-of-sale devices and "Internet of Things" types of systems that might not tolerate frequent OS feature changes.

Windows 10 adopters of the long-term servicing branch won't be getting regular feature upgrades. Consequently, Microsoft ripped out various bundled apps from the LTSB Windows 10 Enterprise edition product. For instance, organizations won't get the Microsoft Edge browser, the Outlook mail app, OneNote, Cortana, the Windows Store client and a few other apps in that edition of Windows 10.

Only long-term servicing branch adopters have full traditional Windows IT controls over delaying OS feature upgrades. Organizations following the current branch and current branch for business schedules must stay upgraded at Microsoft's designated pace or they will face not getting future security patch support, putting their systems at risk.

Organizations following a particular service branch can switch their users over to a different branch, if wanted. Switches to the current branch and current branch for business models happen by changing an OS setting. However, a switch to the long-term servicing branch is more involved. It requires wiping the OS and loading the LTSB Windows 10 Enterprise edition (see the end of the "Windows 10 Servicing Options" TechNet article for a more nuanced description in table form).

Management Tools
With Windows 10, Microsoft ratcheted up the importance of its Windows Update service. Windows Update is predominantly used by consumers today to keep their PCs up to date. It's not used as much by businesses and organizations because it delivers the bits to machines directly, without a pause for testing first. However, the use of Windows Update is an option under all three of the service-branch models for Windows 10.

Windows Update works a little differently, depending on the Windows 10 service branch adopted. Windows Update will deliver monthly feature upgrades for current branch and current branch for business Windows 10 adopters. However, long-term servicing branch Windows 10 adopters using Windows Update will just get monthly security updates and won't get the feature upgrades.

Organizations can use traditional software solutions to manage the delivery of Windows 10 upgrades to a degree under the current branch and current branch for business servicing models. System Center Configuration Manager is supported down to System Center 2007 for Windows 10 management, although the 2007 version doesn't have the ability to deploy Windows 10.

Windows Server Update Services (WSUS) can be used to hold back Windows 10 feature upgrades for testing purposes. However, doing that requires having Windows Server 2012 in place. Using WSUS for managing Windows 10 upgrades "will require updates to WSUS, which are only available for Windows Server 2012 and Windows Server 2012 R2, not previous versions," Microsoft's TechNet article explains.

A third Windows 10 management option is to use Windows Update for Business (WUB). At this point, though, WUB seems to be an incomplete entity. It supposedly will allow organizations to set up end users into testing rings as a way to address Microsoft faster Windows-as-a-service release pace. However, it seems that WUB is more of a collection of services right now, rather than a discreet solution.

Here's how Microsoft's "Introduction to Windows 10 Servicing" document describes WUB:

Although Windows 10 will enable IT administrators to defer installation of new feature upgrades using Windows Update, enterprises may also want additional control over how and when Windows Update installs releases. With this need in mind, Microsoft announced Windows Update for Business in May of 2015. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing releases.

And that's about all Microsoft has to say about WUB for now, although it promised to update that document with future details. However, WUB is being conceived as another way to manage upgrades to Windows 10 mobile devices, according to Microsoft's "Windows 10 Servicing Options" TechNet article:

For PCs enrolled in a mobile device management (MDM) service, Windows 10 provides new update approval mechanisms that could be leveraged to delay the installation of a new feature upgrade or any other update. Windows Update for Business will eventually provide these and other capabilities to manage upgrades and updates; more details on these capabilities will be provided when they are available later in 2015.

It's not clear when that WUB capability will be available. It's also not clear how organizations will know they're using WUB since it isn't currently available as a separate application. Still, at least Microsoft is saying a little bit more about WUB, which is conceived as a main management tool for Windows 10.

WUB was recently described as the "cloud equivalent to WSUS and [System Center] Configuration Manager" by Michael Niehaus, a Microsoft senior product marketing manager for Windows. Microsoft plans to make WUB work with WSUS as well as System Center Configuration Manager, Niehaus also said.