/ win10

Quick Nugget - Windows 10 Servicing Officially!

Just a quick nugget that Microsoft finally outed the official Windows 10 Servicing plan. It is as previously described in my blogs and does come with a few updated nuggets around timing, specifically, how long can those cumulative updates be deferred before they need to be deployed.

It's important to note that there are two types of Windows patching now:

Although Microsoft releases flight builds to Windows Insiders, Microsoft will publish two types of Windows 10 releases broadly to the public on an ongoing basis:

Feature upgrades that install the latest new features, experiences, and capabilities on devices that are already running Windows 10. Because feature upgrades contain an entire copy of Windows, they are also what customers use to install Windows 10 on existing devices running Windows 7 or Windows 8.1, and on new devices where no operating system is installed.

Servicing updates that focus on the installation of security fixes and other important updates. These are also cumulative (and are the ones you've been seeing since July 29th when "RTM" happened).

What this says about feature updates:

  1. About four months after an update is published by MSFT, it will arrive in CBB.
  2. Organizations that have deferred the feature updates will start to get the update after four months (which you do via WSUS or SCCM or other tools):

"At the end of each approximately four month period, Microsoft executes a set of processes that require no action from enterprise IT administrators. First, Microsoft creates new installation media for the feature upgrade by combining the original installation media with all the servicing updates published by Microsoft since the original media’s release. This reduces the time it can take to install a feature upgrade on a device. Second, Microsoft republishes the new media to Windows Update with targeting instructions that state (in effect) “install this media on devices that are configured for deferred installation of new feature upgrades.” At this point, devices configured to defer installation will begin receiving and installing the feature upgrade automatically."

A 'feature' update is essentially a new version of Windows that gets deployed. These are the updates that cause your computers to "upgrade Windows:"

Now, let's talk about servicing updates:

A servicing update (think cumulative updates, security updates) happens whenever Microsoft says it is needed and can/will happen outside of Patch Tuesday. They still go through the same flighting process previously described, but they go faster and apply ONLY TO THE BRANCH AND UPDATE REV OF WINDOWS THAT YOU ARE CURRENTLY RUNNING. Put another way - if you defer your feature updates longer than "approximately 8 months," you may NOT get servicing updates until you get caught up. You can defer these for about 12 months also but you should not.

Again, my advice is this:

  1. You should have a lab starting for Windows 10 testing. Keep it when done!
  2. Use that lab to test servicing updates monthly (target them as a pilot with WSUS/WUFB/SCCM) and then roll them out as fast as you can.
  3. Wash/rince/repeat
  4. When new feature update comes down (I'd keep your lab on Insiders Fast Ring for the largest lead time), push that to your lab, retest your apps and then roll to everyone.

Also, keep in mind - MSFT has done a great job of making sure that it is nice to your network - just make sure you didn't disable Branch Cache and BITS! :)

Microsoft designed Windows 10 servicing lifetime policies so that CBBs will receive servicing updates for approximately twice as many months as CBs. This enables two CBBs to receive servicing support at the same time, which provides businesses with more flexibility when deploying new feature upgrades. That said, it is important to note that Microsoft will not produce servicing updates for a feature upgrade after its corresponding CBB reaches the end of its servicing lifetime. This means that feature upgrade deployments cannot be extended indefinitely and IT administrators should ensure that they deploy newer feature upgrades onto devices before CBBs end.

So how do you deal with this:

When using configuration management systems such as Configuration Manager to manage deployments, IT administrators can obtain installation media from Microsoft and deploy new feature upgrades immediately by using standard change control processes. IT administrators who use configuration management systems should also make sure to obtain and deploy all servicing updates published by Microsoft as soon as possible.

Remember, feature updates are cumulative and just roll out like any other patch but are brand new versions of Windows.

One last warning from MSFT here:

Microsoft designed Windows 10 servicing lifetime policies so that CBBs will receive servicing updates for approximately twice as many months as CBs. This enables two CBBs to receive servicing support at the same time, which provides businesses with more flexibility when deploying new feature upgrades. That said, it is important to note that Microsoft will not produce servicing updates for a feature upgrade after its corresponding CBB reaches the end of its servicing lifetime. This means that feature upgrade deployments cannot be extended indefinitely and IT administrators should ensure that they deploy newer feature upgrades onto devices before CBBs end.

(My emphasis added)

To read the full version, complete with really complex pictures, click here