Microsoft Road-Testing Smaller Update Sizes for Windows 10

Windows Insiders are currently putting Microsoft's newly reformatted Windows 10 update packages through their paces.

Microsoft has been at work slimming down Windows 10's updates using its "Unified Update Platform" (UUP) technology. It supports "differential download packages" where only the changed bits of files get downloaded. The UUP technology, which can decrease download sizes by about "35 percent," was added to Windows 10 as early as November for some Windows Insider Program testers.

For now, only Windows Insiders have access to these streamlined update packages. This will likely remain the case until sometime after the Windows 10 Creators Update is released this spring. As Microsoft explained in an announcement last week, it'll take the release of another Windows 10 update after the Creators Update for the broader population of Windows 10 users, or so-called "retail" users, to get smaller updates.

Patch Bloat
Windows 10 gets major "feature" updates about twice per year, as well as monthly "quality" updates that contain security and nonsecurity patches. The quality updates are cumulative, meaning that they contain all past updates. As a consequence of this cumulative patch model, the size of update packages has been growing each month.

Organizations have some resources to manage the update bloat, although some tools might not all be there when the Windows 10 Creators Update arrives. The most recent discussion on the progress of managing updates came in a talk by Michael Niehaus, a senior product marketing manager at Microsoft, during a February Microsoft Ignite Australia session.

Niehaus explained that the differential upgrade technology that reduces the download file size only applies to electronic software distribution (ESD) or streaming files via Windows Update or WSUS, according to his "What's New with Windows 10 Deployment?" talk. Using ESD technology, feature updates still arrive at around 3.5GB per PC, while monthly quality updates arrive at around 1GB per PC when using a patch management tool (see the figure below).

[Click on image for larger view.] Upgrade size. (Source: February Microsoft Ignite Australia session.)

According to another slide in the presentation, ESD files perform an in-place upgrade that "takes 30-90 minutes, depending on hardware."

Express Updates
Niehaus noted that Microsoft has prioritized its focus on first reducing the size of its monthly quality updates over its feature updates. He noted that organizations will be able to use Microsoft's Express Updates technology to reduce the size of a quality update to about 100MB per month, as shown in the following slide:

[Click on image for larger view.] Quality update size using Express Updates technology. (Source: February Microsoft Ignite Australia session.)

However, Niehaus admitted during the talk that Microsoft is still "working out the kinks" to enable Express Updates on Windows Server Update Services (WSUS) and System Center Configuration Manager (SCCM), as well as third-party software tools. He said that Microsoft has produced new APIs, first released in January, to enable the third-party tools support for Express Updates. Microsoft is working with vendors such as Adaptiva and 1E on SCCM plug-in integration using the APIs. In one of his slides, it was stated that Express Updates support was "to be added to System Center Configuration Manager 1610." Microsoft released SCCM 1610 in November, so presumably the Express Updates capability will come with some update to that 1610 release.

Peer-to-Peer Caching
While the differential upgrade technology reduces the download package size, Microsoft still recommends that organizations use a peer-to-peer upgrade mechanism, in which an upgraded device provides bits to other machines, to reduce the network bandwidth burden during updates. Microsoft's older technology for that purpose is BranchCache, a wide area network bandwidth optimization technology that works with WSUS or SCCM (see the following chart).

[Click on image for larger view.] Microsoft's update management tools. (Source: February Microsoft Ignite Australia session.)

Another peer-to-peer technology is Delivery Optimization, which had its debut with Windows 10 version 1607, the so-called "anniversary update." Delivery Optimization can be used with WSUS for bandwidth control during the delivery of feature updates and cumulative updates to Windows 10 PCs. Delivery Optimization pulls bits from Microsoft's datacenters as well as from PCs on a network, and it can also get the bits from PCs located outside an organization's network. Delivery Optimization is turned on by default for Windows 10 Enterprise and Education edition users, but a Bypass setting can be used, which might be done if an organization is using BranchCache instead of Delivery Optimization. The BranchCache service uses Microsoft's older Background Intelligent Transfer Service (BITS) technology.

Other Management Tools
Niehaus offered some other news for IT pros in his talk. He said that Windows Update for Business, a Windows 10 management service based on Windows Update, now has the ability to defer updates based on "months." It's possible to defer feature updates from one to eight months, while monthly quality updates can be deferred from one to four weeks. With Windows 10 version 1607, it's a little more flexible for managing current branch and current branch for business as organizations can now defer based on "days." Feature updates can be deferred between 1 and 180 days, while quality updates can be deferred between 1 and 35 days (see slide). Windows Update for Business also will be getting a compliance capability, namely the ability to show that all PCs have been updated.

[Click on image for larger view.] Upgrade process and deferrals. (Source: February Microsoft Ignite Australia session.)

Organizations will be getting a "preflight check" command-line capability to help with installing and upgrading Windows 10. This preflight capability doesn't complete the full upgrade process. Instead, it will run the first half of the upgrade process for testing purposes.

Instead of using the preflight check tool, organizations can use a Windows Analytics tool (formerly known as "Windows Upgrade Analytics") that's part of the Operations Management Suite. This "Upgrade Readiness" tool was previewed last year, but Microsoft announced this month that it has now reached the "general availability" stage, meaning it's deemed ready for use in production environments (although possibly, the tool is still regionally limited at this point).

Upgrade Readiness was described during Niehaus' talk as a "free" tool, even though it's part of the paid subscription-based Operations Management Suite. Organizations can use Upgrade Readiness to move to Windows 10 and "stay current with new Windows 10 Feature Updates." It provides inventory information, along with a workflow for moving from Windows 10 pilots to deployment, among other tools.

There's also an "Update Compliance" solution that's part of Windows Analytics. The Update Compliance tool can be used to see which PCs have been patched.

Niehaus also mentioned that Microsoft has produced a new tool that will help organizations convert their BIOS-based PCs to UEFI (Unified Extensible Firmware Interface). It's done via an executable file called "MBR2GPT.EXE" for the Windows 10 Creators Update (see the below slide).

[Click on image for larger view.] BIOS to UEFI conversion tool. (Source: February Microsoft Ignite Australia session.)

This Master Boot Record to Globally Unique Identifiers Partition Table tool (MBR2GPT) can be used with SCCM during operating system deployments, as described in this blog post by Microsoft MVP Mike Terrill. Organizations having Windows 7-based PCs with firmware that's capable of UEFI upgrades might be the ones to use the new tool.

Microsoft recently updated its Windows Assessment and Deployment Kit for Windows 10 version 1607, which contains one flaw -- it breaks the 802.1X protocol, Niehaus said. Tools from the Microsoft Desktop Optimization pack, namely App-V and UE-V, are now part of the Windows Assessment and Deployment Kit, he added. Microsoft also released the Microsoft Deployment Toolkit for Windows 10 version 1607 in November.

Niehaus made a pitch for "modern deployment," which is part of Microsoft's current development efforts. Modern deployment is the ability to use the cloud to automate the provisioning of devices. It's typically associated with the Microsoft Intune mobile management service. Niehaus said that the Microsoft Deployment Toolkit will continue to get maintained but it won't get as much new functionality in the near future because Microsoft is concentrating its efforts more on modern deployment methods.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.