Windows 10 & Win-As-A-Service: Fundamental Changes You Must Know

Until recently, major feature enhancements to the Windows OS would be released with every new version of Windows, and occasionally through feature packs or service packs. From Windows 7 to Windows 8, we saw some significant changes to the feature set of the operating system. Of course, new Windows versions were then released about every 3 to 5 years.

With the Windows 10 release, and moving forward, Microsoft has committed to an entirely different release cycle.

Microsoft is now shipping one major upgrade to Windows 10 bi-annually, one in the spring and one in the fall each year. The spring release will be supported for 18 months from the release date whereas the fall release will be supported for 30 months (for Windows 10 Enterprise, Windows 10 Education and Windows 10 IoT Enterprise). This means you must be consistently upgrading to stay not only current but also stay on a supported version of Windows.

Windows-as-a-Service (WaaS)

Known as Windows-as-a-Service (WaaS), this is an ongoing, repetitive process. To streamline this process, organizations must have a plan to deal with the constant requirement to upgrade, from the most confident, adept user, to the most risky and sensitive ones.

Without a plan to manage these major upgrades, organizations may find their desktops no longer receiving security and quality updates and scrambling to upgrade.

Windows 10 – The Basics

Along with this new servicing model, here are some upgraded terms we will need to understand;

Windows Updates

Updates are now separated into two categories:

1. Windows Feature Updates

Released twice per year, a feature update is a new Windows 10 release. These are significant updates to the OS, and include the latest features, experiences, and capabilities. Your users may notice interface changes and functional differences from their previous OS build. Feature Updates contain an entire copy of the OS, so they are used either to upgrade an existing Windows 10 device, to upgrade existing devices running Windows 7 or Windows 8.1 devices, or as an OS for a device with no operating system is installed.

Note: Using Windows Updates for Business (WUfB), feature update installations can be deferred to a maximum of 365 days.

2. Windows Quality Updates

These updates are released monthly, delivering both security feature updates, non-security feature updates and bug fixes. The good news is these are cumulative. It’s important to note, that installing the latest Windows Quality Update is sufficient to get all the available fixes for a specific Windows 10 feature update.

Using WUfB, quality update installation can be deferred up to 30 days.

Note that antimalware and antispyware definition updates are considered non-deferrable updates, and will install immediately regardless of any deferral settings, which might be configured on a client.

Windows Servicing Channels

The windows servicing branch initially offered one of four choices, which may be familiar to you:

• Windows Insider
• Current Branch (CB)
• Current Branch for Business (CBB)
• Long-Term Servicing Branch (LTSB)

Unfortunately, don’t get too comfortable with that terminology – there was confusion around these terms, and in the spring of 2017 it was announced that this was changing to align with Office 365 and SCCM process. Now there are THREE branches, referred to as channels;

• Windows Insider Preview
• Semi-Annual Channel (Targeted) and Semi-Annual Channel
• Long-Term Servicing Channel

Servicing Channels allow us to separate our users into deployment groups for feature updates.

Every Windows 10 device is initially configured for Semi-Annual Channel (Targeted), except for LTSB edition, which is a separate channel. Note, that the Windows Home cannot be reconfigured for any branch other than Semi-Annual (Targeted).

Windows Pro and Enterprise both can be configured to “Defer Upgrade”. Note that the “Defer Upgrade” or “Pause Feature Updates” option is meant to control when feature updates are applied from Windows Update for Business (WUfB). This setting defines the intent administrators have for when a system will receive a feature update in the future. The exact state of the system right now is entirely separate from what the value of this setting is.

Deployment Ring

A ring is a group of PCs that are all on the same branch and have the same update settings. Deployment Rings are a method of separating machines into a deployment timeline. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments.

Deployment Rings Example

The preceding table is an example of how the combination of servicing channel and deployment group allows us to define servicing rings.Common Misconceptions About Windows 10 ServicingIn planning your future service model, there are a few important misconceptions about Windows “servicing channels” you must know:

• Semi-Annual Channel (Targeted) and Semi-Annual Channel are not separate OS builds.  They are exactly the same version of Windows. When the Semi-Annual Channel code is released, it is simply the Semi-Annual Channel (Targeted) build PLUS cumulative updates to-date.
• The GPO setting to “Pause feature updates” simply indicates the administrators’ intent that a system waits for the Semi-Annual Channel release before upgrading to the current build of Windows. Systems which have not been configured to defer updates will install the build immediately when released to the Semi-Annual Channel (Targeted)
• Whether a build is installed on the Semi-Annual (Targeted) or Semi-Annual Channel, the end-of-life date for that version is the same. Both hit end-of-life 18 months from the release date.

Win-as-a-Service Preparedness Plan WorkshopThere is an urgent need to address the fundamental changes in Windows Updates in your organization! Schedule your Win-as-a-Service (WaaS) Preparedness Plan Workshop to keep updated before long-term issues arise – call 1 888 952 8800 or email sales@steeves.net.
Windows 10 Version HistoryThe following table lists the Windows 10 current versions since the RTM version to December 2017. Unfortunately, the update cycle is moving forward whether you plan for it or not, the only way to avoid it is to implement the Long-Term Servicing Branch which, while it eliminates the need for regular version updates, it also locks you into a very feature-limited Windows 10 OS.Please review the table below to note the current and expired/unsupported Windows Versions, as well as future expiry for Windows 10 Versions coming soon. As a Windows Administrator, this table should alarm you into action, as most likely a number of your machines are already out-of-date and unsupported.Windows 10 Versions

Windows Servicing ToolsTo manage the installation of these Feature Updates, several options are available. Depending on your resources, expertise and staff, these options provide varying levels of administrative overhead and support for servicing.

Windows UpdateIf you do not have a supporting Active Directory Group Policy structure, native Windows Update provides basic control over feature updates. The administrator must manually configure the device to be in the Semi-Annual Channel. You target devices to defer updates by selecting the Defer upgrades checkbox in Start\Settings\Update & Security\Advanced Options on a Windows 10 client.

Windows Update for Business (WUfB)If you have a supporting Group Policy structure with no internal WSUS server, Windows Update for Business (WUfB) allows administrators to control update deferment and provides centralized management. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the Semi-Annual Channel.  WUfB options are available through either Active Directory Group Policy or Microsoft Intune.
Windows Server Update Services (WSUS)If you have Windows Server Update Services (WSUS), you can have extensive control over Windows 10 updates. WSUS provides the option to defer updates, require administrative approvals for updates and choose to deploy them to targeted computers or groups of computers whenever approved.System Center Configuration ManagerIf you have System Center Configuration Manager Current Branch, it provides the greatest control over servicing Windows as a service. For enterprises using SCCM, IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.Two options exist in SCCM for Windows 10 servicing

• Windows 10 Servicing (Update) – this provides limited control over deployment of updates, delivering feature updates on an automated updating schedule defined in your servicing plan.
• Task Sequence – this option uses a task sequence to deliver the upgrade package and provides significant control of the scheduling, pre and post upgrade process.

Windows Application CompatibilityA critical component of any Windows version upgrade is application and driver compatibility testing. While most Windows 7 applications and drivers will be compatible, testing should be performed prior to upgrading. The same is true for web-based applications and access to websites.For business-critical applications, organizations should perform testing to validate compatibility with new builds. For any remaining applications, generally validation as part of a pilot deployment process is sufficient.Upgrade Readiness, a component of the Microsoft Operations Management Suite, allows enterprises to plan and manage the upgrade process when adopting new Windows releases. With new Windows versions being released twice a year, evaluating ongoing application and driver compatibility is critical to adopting new Windows versions as they are released. Windows Upgrade Readiness not only supports upgrade management from Windows 7, Windows 8.1 to Windows 10, but also Windows 10 upgrades in the Windows as a service model. See https://docs.microsoft.com/en-us/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness for more information.Windows Servicing – What You Need to KnowThere are many changes to the Windows 10 Servicing infrastructure discussed here, but here are some of the key points for your consideration:

• To continue to receive Windows 10 quality updates (security patches and bug fixes) your organization must remain on a currently supported build of Windows 10. This means every desktop will need to be upgraded at least once every 18 months. Your organization must have a plan to meet this demanding upgrade schedule.
• While Microsoft makes significant efforts to ensure application and driver compatibility, some applications or devices may cause challenges during upgrades. An ongoing inventory of existing devices is important, as well as a compatibility review and remediation plan.
• Your servicing plan and options differ depending on which servicing tool your organization uses.

Windows 10 & Win-as-a-Service (WaaS) Preparedness
As the 1st Microsoft Cloud Partner in Canada and Leading Infrastructure Partner in Western Canada, we help organizations assess, plan and execute servicing your Windows infrastructure for the long-term, including our Win-as-a-Service (WaaS) Preparedness Plan Workshop. To book your FREE Consultation to discover if the Win-as-a-Service (WaaS) Preparedness Plan Workshop is a good fit for your organization — email sales@steeves.net or call 1 888 952 8800 today before you fall further behind!

Steeves and Associates

Steeves and Associates are the first Microsoft Cloud Partner in Canada and the premier Partner of choice for medium-to-large size organizations. As the Hybrid Data Center, Cloud Productivity and Identity Specialists we are a leader, early adopter and implementer of Microsoft technologies with a reputation for innovation, quality, and in-depth expertise.

Known as the “Trusted Go-to-Partner” by both clients and vendors, Steeves and Associates deliver a senior team of enterprise consultants who average 25 years of experience integrating, implementing and migrating Microsoft solutions into a myriad of complex enterprise environments. Considered to be amongst the best in the industry, you are in working with the right resources to get your questions answered when you need it most with Steeves and Associates.

Considered to be among the best in the industry, Steeves and Associates deliver senior Microsoft technologists with experience integrating, implementing and migrating Microsoft solutions into a myriad of complex enterprise environments.