Windows 10 & Win-As-A-Service: Fundamental Changes You Must Know
Until recently, major feature enhancements to the Windows OS would be released with every new version of Windows, and occasionally through feature packs or service packs. From Windows 7 to Windows 8, we saw some significant change to the feature set of the operating system. Of course, new Windows versions were then released about every 3 to 5 years.
With the Windows 10 release, and moving forward, Microsoft has committed to an entirely different release cycle.
Microsoft is now shipping one major upgrade to Windows 10 bi-annually, one in the Spring and one in the Fall each year. Each of these OS versions will be supported only for 18 months from release date. This means you must be consistently upgrading to stay not only current, but also stay on a supported version of Windows.
Known as Windows-as-a-Service (WaaS), this is an ongoing, repetitive process. To streamline this process, organizations must have a plan to deal with the constant requirement to upgrade, from the most confident, adept user, to the most risky and sensitive ones.
Without a plan to manage these major upgrades, organizations may find their desktops no longer receiving security and quality updates and scrambling to upgrade.
Windows 10 – The Basics
Along with this new servicing model, here are some upgraded terms we will need to understand;
Updates are now separated into two categories:
1. Windows Feature Updates
Released twice per year, a feature update is a new Windows 10 release. These are significant updates to the OS, and include the latest features, experiences, and capabilities. Your users may notice interface changes and functional differences from their previous OS build. Feature Updates contain an entire copy of the OS, so they are used either to upgrade an existing Windows 10 device, to upgrade existing devices running Windows 7 or Windows 8.1 devices, or as an OS for a device with no operating system is installed.
Note: Using Windows Updates for Business (WUfB), feature update installations can be deferred to a maximum of 365 days.
2. Windows Quality Updates
These updates are released monthly, delivering both security feature updates, non-security feature updates and bug fixes. The good news is these are cumulative. It’s important to note, that installing the latest Windows Quality Update is sufficient to get all the available fixes for a specific Windows 10 feature update.
Using WUfB, quality update installation can be deferred up to 30 days.
Note that antimalware and antispyware definition updates are considered non-deferrable updates, and will install immediately regardless of any deferral settings, which might be configured on a client.
Windows Servicing Channels
The windows servicing branch initially offered one of four choices, which may be familiar to you:
- Windows Insider
- Current Branch (CB)
- Current Branch for Business (CBB)
- Long-Term Servicing Branch (LTSB)
Unfortunately, don’t get too comfortable with that terminology – there was confusion around these terms, and in the spring of 2017 it was announced that this was changing to align with Office 365 and SCCM process. Now there are THREE branches, referred to as channels;
- Windows Insider Preview
- Semi-Annual Channel (Targeted) and Semi-Annual Channel
- Long-Term Servicing Channel
Servicing Channels allow us to separate our users into deployment groups for feature updates.
Every Windows 10 device is initially configured for Semi-Annual Channel (Targeted), except for LTSB edition, which is a separate channel. Note, that the Windows Home cannot be reconfigured for any branch other than Semi-Annual (Targeted).
Windows Pro and Enterprise both can be configured to “Defer Upgrade”. Note that the “Defer Upgrade” or “Pause Feature Updates” option is meant to control when feature updates are applied from Windows Update for Business (WUfB). This setting defines the intent administrators have for when a system will receive a feature update in the future. The exact state of the system right now is entirely separate from what the value of this setting is.
A ring is a group of PCs that are all on the same branch and have the same update settings. Deployment Rings are a method of separating machines into a deployment timeline. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments.
Deployment Rings Example
|DEPLOYMENT RING||SERVICING CHANNEL||DEFERRAL for FEATURE UPGRADES||DEFERRAL for QUALITY UPDATES||EXAMPLE|
|Preview||Windows Insider Program||None||None||Limited number of users evaluating preview builds.|
|Targeted||Semi-Annual Channel||None||None||Limited devices across a variety of departments. Internal monitoring and feedback prior to broad release.|
|Broad||Semi-annual channel||120 days||7-14 days||Broad internal deployment within the organization.|
|Critical||Semi-annual channel||180 days||30 days||Critical devices requiring extensive testing.|
The preceding table is an example of how the combination of servicing channel and deployment group allows us to define servicing rings.
Common Misconceptions About Windows 10 Servicing
In planning your future service model, there are a few important misconceptions about Windows “servicing channels” you must know:
- Semi-Annual Channel (Targeted) and Semi-Annual Channel are not separate OS builds. They are exactly the same version of Windows. When the Semi-Annual Channel code is released, it is simply the Semi-Annual Channel (Targeted) build PLUS cumulative updates to-date.
- The GPO setting to “Pause feature updates” simply indicates the administrators’ intent that a system waits for the Semi-Annual Channel release before upgrading to the current build of Windows. Systems which have not been configured to defer updates will install the build immediately when released to the Semi-Annual Channel (Targeted)
- Whether a build is installed on the Semi-Annual (Targeted) or Semi-Annual Channel, the end-of-life date for that version is the same. Both hit end-of-life 18 months from the release date.
Win-as-a-Service Preparedness Plan Workshop
There is an urgent need to address the fundamental changes in Windows Updates in your organization! Schedule your Win-as-a-Service (WaaS) Preparedness Plan Workshop to keep updated before long-term issues arise – call 1 888 952 8800 or email firstname.lastname@example.org.
Windows 10 Version History
The following table lists the Windows 10 current versions since the RTM version to December 2017. Unfortunately, the update cycle is moving forward whether you plan for it or not, the only way to avoid it is to implement the Long-Term Servicing Branch which, while it eliminates the need for regular version updates, it also locks you into a very feature-limited Windows 10 OS.
Please review the table below to note the current and expired/unsupported Windows Versions, as well as future expiry for Windows 10 Versions coming soon. As a Windows Administrator, this table should alarm you into action, as most likely a number of your machines are already out-of-date and unsupported.
Windows 10 Versions
|SERVICING OPTION||VERSION||AVAILABILITY DATE||STATUS|
|CB & CBB||1607||April 10, 2018|
|Current Branch (CB)||1703||04/11/2017||October 9, 2018|
|Current Branch for Business (CBB)||1703||07/11/2017||October 9, 2018|
|Semi-Annual Channel (Targeted)||1709||10/11/2017||April 9, 2019|
|Semi-Annual Channel||1709||01/18/2018||April 9, 2019|
|Semi-Annual Channel (Targeted)||1803||04/30/2018||November 12, 2019|
Windows Servicing Tools
To manage the installation of these Feature Updates, several options are available. Depending on your resources, expertise and staff, these options provide varying levels of administrative overhead and support for servicing.
If you do not have a supporting Active Directory Group Policy structure, native Windows Update provides basic control over feature updates. The administrator must manually configure the device to be in the Semi-Annual Channel. You target devices to defer updates by selecting the Defer upgrades checkbox in Start\Settings\Update & Security\Advanced Options on a Windows 10 client.
Windows Update for Business (WUfB)
If you have a supporting Group Policy structure with no internal WSUS server, Windows Update for Business (WUfB) allows administrators to control update deferment and provides centralized management. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the Semi-Annual Channel. WUfB options are available through either Active Directory Group Policy or Microsoft Intune.
Windows Server Update Services (WSUS)
If you have Windows Server Update Services (WSUS), you can have extensive control over Windows 10 updates. WSUS provides the option to defer updates, require administrative approvals for updates and choose to deploy them to targeted computers or groups of computers whenever approved.
System Center Configuration Manager
If you have System Center Configuration Manager Current Branch, it provides the greatest control over servicing Windows as a service. For enterprises using SCCM, IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.
Two options exist in SCCM for Windows 10 servicing
- Windows 10 Servicing (Update) – this provides limited control over deployment of updates, delivering feature updates on an automated updating schedule defined in your servicing plan.
- Task Sequence – this option uses a task sequence to deliver the upgrade package and provides significant control of the scheduling, pre and post upgrade process.
Windows Application Compatibility
A critical component of any Windows version upgrade is application and driver compatibility testing. While most Windows 7 applications and drivers will be compatible, testing should be performed prior to upgrading. The same is true for web-based applications and access to websites.
For business-critical applications, organizations should perform testing to validate compatibility with new builds. For any remaining applications, generally validation as part of a pilot deployment process is sufficient.
Upgrade Readiness, a component of the Microsoft Operations Management Suite, allows enterprises to plan and manage the upgrade process when adopting new Windows releases. With new Windows versions being released twice a year, evaluating ongoing application and driver compatibility is critical to adopting new Windows versions as they are released. Windows Upgrade Readiness not only supports upgrade management from Windows 7, Windows 8.1 to Windows 10, but also Windows 10 upgrades in the Windows as a service model. See https://docs.microsoft.com/en-us/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness for more information.
Windows Servicing – What You Need to Know
There are many changes to the Windows 10 Servicing infrastructure discussed here, but here are some of the key points for your consideration:
- To continue to receive Windows 10 quality updates (security patches and bug fixes) your organization must remain on a currently supported build of Windows 10. This means every desktop will need to be upgraded at least once every 18 months. Your organization must have a plan to meet this demanding upgrade schedule.
- While Microsoft makes significant efforts to ensure application and driver compatibility, some applications or devices may cause challenges during upgrades. An ongoing inventory of existing devices is important, as well as a compatibility review and remediation plan.
- Your servicing plan and options differ depending on which servicing tool your organization uses.
Windows 10 & Win-as-a-Service (WaaS) Preparedness
As the 1st Microsoft Cloud Partner in Canada and Leading Infrastructure Partner in Western Canada, we help organizations assess, plan and execute servicing your Windows infrastructure for the long-term, including our Win-as-a-Service (WaaS) Preparedness Plan Workshop. To book your FREE Consultation to discover if the Win-as-a-Service (WaaS) Preparedness Plan Workshop is a good fit for your organization — email email@example.com or call 1 888 952 8800 today before you fall further behind!