Since the release of Windows 10, which was stated at the time would be the last version of Windows, Microsoft’s approach to version control, features and functionality, and patch management has continued to evolve. The approach to scheduling, upgrade grace periods and update skipping has been changed to reflect Microsoft’s goal of a single seamless, continually updated operating system.
The following looks to highlight the current practice for Win10 upgrades and updates.
Windows 10 Servicing Model
Support for Win10 is structured differently from previous Windows versions, and the Windows-as-a-Service offering requires a new approach to the life-cycle management of the Operating System. Upgrades, known as Feature Updates, come in the form of mini implementations, as opposed to large version upgrades, that traditionally required heavily resourced projects. Software and Security patch management, now referred to as Quality Updates, is provided as a monthly all-encompassing update. No longer can organizations pick and choose which patches to apply.
Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly, and spreads the required effort across a continuous updating process, reducing the overall effort required to maintain Windows 10 devices in complex environments.
Feature Updates
Feature Updates are used to deploy new features and functionality. Each Feature Update, issued biannually in March and September, contains new and current feature sets, plus the entire operating system. The point being that each released update can be used as the complete version upgrade from Win7/8 to Win10. It is important to note that each Win10 version has a supported life span of 18 months. Redstone 4, released in March 2018, will be end-of-service life in September 2019.
These updates form part of the Win10 Servicing Options structure that supports the OS. Understanding the Servicing environment is key to planning and managing the desktop estate.
The Windows 10 Servicing concept and terminology can be a little confusing – Windows Insider Preview, Current Branch, Current Branch for Business, Semi-Annual Channel, Long-Term Service Channel – and organizations need to entirely depart from the way in which they have managed Windows updates and become agiler in their way of maintaining the Operating Systems. It is important to understand the following:
- What is Windows 10 Servicing?
- How to adapt your organization to the Servicing Options
- How do the options differ?
- How does this impact Windows 10 deployment in the long term?
- What does it mean to defer a Feature Update?
The Win10 Servicing Option does provide the ability to skip a biannual Update, but it is key to understand how this will impact the overall management of the environment.
Quality Updates
Quality Updates are issued by Microsoft monthly and cover Security and non-Security-related updates. Whereas in the past these ‘patch releases’ were issued with organizations able to pick and choose which updates to apply, Win10 Servicing Quality Updates are a single packaged download that covers all the monthly changes relating to Security and issues management.
However, Zero Day updates and periodic updates for mission-critical operations are handled by an exception based on priority resolution, and IT departments can manually schedule the update processes.
Win10 Upgrade Readiness
Prior to the initial Win7/8 to Win10 upgrade you will need to assess the readiness of the devices in your environment. Upgrade Readiness, an element of Windows Analytics, will audit the estate across several criteria, including OS version, drivers, hardware, applications, etc. You can also configure a current specific version of Windows and Upgrade Readiness can be integrated with the Configuration Manager to assess your data compatibility in the Configuration Manager admin console. You can then target devices for upgrade or remediation using dynamic collections created based on this data.
Upgrade Readiness helps you to get a visual workflow that will guide you from pilot to production with a detailed inventory of your systems and applications. It also helps you with powerful system-level search and drill downs, guidance, and insights into application and driver compatibility issues, along with suggested fixes. It facilitates application usage information, allowing targeted validation; workflow to track validation progress and decisions. It helps export data to commonly used software deployment tools, including System Center Configuration Manager.
Upgrade Readiness Requirements
It is essential to review a list of requirements before getting started as you will need to collect specific information
You will have to run a Device Health check that will help you to:
- Identify devices that crash frequently, and therefore might need to be rebuilt or replaced
- Identify device drivers that are causing device crashes, with suggestions of alternative versions of those drivers that might reduce the number of crashes
- Get notification of Windows Information Protection misconfigurations that send prompts to end-users
Update Compliance
Update Compliance (Windows Analytics) shows the state of your devices with respect to the Windows updates so that you can ensure that they are on the most current updates as appropriate. In addition, Update Compliance provides the following:
- Dedicated drill-downs for devices that might need attention
- An inventory of devices, including the version of Windows you are on and their update status
- The ability to track protection and threat status for Windows Defender Antivirus-enabled devices
- An overview of Windows Update for Business deferral configurations
- Powerful built-in log analytics to create useful custom queries
- Cloud-connected access utilizing Windows 10 diagnostic data
Windows 10 Deployment Rings & Skipping an Update
To improve the release quality and simplify deployments, Quality Updates, as well as Feature Upgrades, are cumulative. They get bigger with each new update as they include the previous updates as well as new updates.
Microsoft’s approach to managing the updates within large and scaling organizations is to create a Deployment Ring structure that can be defined as the upgrade toolset. It provides early access to both Feature and Quality packages for testing thru the various layers of testing and validation, prior to user base deployment (represented below).
Microsoft has moved to the “as a service” model where it releases feature updates twice a year. The office must be updated, SCCM must be upgraded to support the Servicing model of Windows 10. On paper, it is possible to can skip an update, however since it is only available for a certain amount of time, it is not recommended as a majority of your business users will be left unprotected.
IT Departments must begin to change their mindsets and prepare themselves for a significant culture shift in the Windows-as-a-Service model. Understanding your application estate and its readiness for the latest feature upgrade will be of paramount importance to ensuring minimal impact on your end-users. We at YASH can help you on your Upgrade journey with our expertise in the field. Ask us today!
Simon Goodman
Lead Consultant @YASH Technologies