|

Managing Windows 10 Updates

Share

Many businesses (especially large ones) have been using  Windows Server Update Service (WSUS) with Software Center Configuration Manager (SCCM) or similar system to manage Windows updates to the end-point devices for a very long time.  However many do not have a formalized process to  update the O/S  on their devices.

For the past 3 years or so  Microsoft’s Windows 10 introduced  automatically downloads and installs updates to make sure your device is secure and up to date.

key challenges

As businesses adopt and migrate to Windows 10 they have to deal with three basic challenges:

Challenge Feature Update Quality Update
Update Frequency Twice/Year Monthly
Critical applications need to be tested before deploying new updates  to production devices.   A defined process for Release Management, and what to do when an issue is found need to be in place.
Size of Update Average: 4GB Average:  1GB
Getting the package  to each device  across the enterprise can prove taxing for your network.
Max Deferral  Time 356 Days 30 days
Feature and Quality updates are no longer optional, they are mandatory.  Businesses must adopt a proper update cycle and process in order to reduce risk and maintain a healthy client environment.

Side note:
As explained by Microsoft’s Mike Benson Blog Post on 7/11/2018,  outside the Quality Full Cumulative Updates, there are two other smaller updates issued by Microsoft: Express updates and Delta updates.    For the purpose of this article we will not talk about them.  

Deferring Updates (Discouraged Option)

If you have  Windows 10 Pro or Windows 10 Enterprise devices, although strongly and highly discouraged,   Microsoft provides a mechanism for you to defer / postpone an update  by pausing  updates from being downloaded and installed for a certain number of days based on its type:

Category Maximum deferral Deferral increments Example
Feature Updates 365 days Days From Windows 10, version 1511 to version 1607 maximum was 180 days.
From Windows 10, version 1703 to version 1809, the maximum is 365 days.
Quality Updates 30 days Days Security updates
Drivers (optional)
Non-security updates
Microsoft updates (Office,Visual Studio, etc.)

Please Note: if you disable Windows 10 Updates, your system will be at risk from attack and:

  • Windows Defender will not be updated
  • Operating System patches will not be applied
  • Windows Apps will not update and possibly fail
You can do this manually on each computer by:
Select the Start button, then select Settings >Update & security > Windows Update . Under Update settings, select Advanced options. Turn on Pause updates.

A Much Better Alternative

If you do not have a Patch Management System, Microsoft provides a good free alternative in Windows Update For Business (WUfB).

Windows Update for Business makes it easier for organizations to manage updates in Windows 10 Pro, Enterprise, and Education. Unlike the update mechanisms that most organizations are familiar with, WUfB does not require any infrastructure to be installed.

Windows Update for Business enables information technology administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service.

WUfB has improved over the years adding features along the way:

You can setup and configure Windows Update for Business  to manage Windows Updates with MDM, SCCM,  Group Policies (GPO), Windows Settings, Intune and more…

More information on Windows as a Service and WUfB can be found:

 

 

Similar Posts