|

WSUS or WUfB

Windows Server Update Services (WSUS) and its predecesor (Server Update Servcices (SUS) has been around for 20+ years and has been the go to tool for many administrators to manage Windows updates. Windows Update for Business (WUfB) is a free “cloud service” hosted by Microsoft to keep Windows 10 devices up to date. WUfB is available for all premium editions including Windows 10 Pro, Enterprise, Pro for Workstation, and Education editions.

Windows Server Update Services (WSUS) Details

WSUS is a Windows Server role available since 2005 in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that Microsoft Endpoint Manager provides.

When you choose WSUS as your source for Windows updates, you use Group Policy to point Windows 10 client devices to the WSUS server for their updates. From there, updates are periodically downloaded to the WSUS server and managed, approved, and deployed through the WSUS administration console or Group Policy, streamlining enterprise update management. If you’re currently using WSUS to manage Windows updates in your environment, you can continue to do so in Windows 10.

Windows Update for Business Details

WUfB is a service is built specifically for Windows 10. The settings can be managed by group policies, or from your MDM solution, Intune for example. No on-premises infrastructure is needed. The updates will be delivered to your Windows 10 devices by these super-fast update servers in the cloud. In the early days, WufB was limited, but nowadays, the features are rapidly growing.

There are different types of updates.

Quality updatesThese types of updates contain patches, bugfixes, drivers and small adjustments. As usual, these types of updates are delivered on Patch Tuesday (second Tuesday of the month). However, Microsoft also releases so-called C and D releases, usually delivered in the 3rd or 4th week of the month. These types of updates can be delivered anytime to patch vulnerabilities or risks. These updates are cumulative updates, meaning that all updates that have been released earlier, will be superseded by the next one.
Feature updatesFeature updates are released semiannual, normally during spring and fall. These updates containing significant changes and bring more features to the operating system. Feature updates are relatively large and can have a big impact. In fact, this is where I see companies struggle the most.
Driver updatesThis type of update contains non-Microsoft drivers. Administrators can turn off this feature.
Microsoft updatesThese types of updates contain updates for other Microsoft products, such as Office. Administrators can also turn off these types of updates.

Additionally, you can:

  • Set and select Update Channels including:
    • Windows Insider Fast
    • Windows Insider Slow
    • Windows Insider Release Preview
    • Semi-Annual Channel
  • Configure Ring Management
  • Defer, Pause or set deadlines for updates
  • Manage deadline compliance and reboots

Delivery Optimization Capability (managing traffic)

One thing to note is that using WufB can cause a tremendous impact on your bandwidth usage. Each and every client have to download the updates individually from the Microsoft update servers in order to install them. For this reason, Microsoft has developed Delivery Optimization where clients can share updates over the local network using peer to peer technology.

Which one should I use?

If you have endorsed Modern Device Management, and your are using cloud management tools to manage your environment, your choice should be WUfB. It offers:

  • Works on-prem and off-prem without need for VPN
  • Close alignment with the Office 365 updates and its rings
  • Reduce the steps required to update devices
  • Set and forget: lower touch management option that comes without resources required and at no cost

Key Disadvantage:

Third party product updates are still not supported by WUfB. To do this, a solution such as Microsoft Endpoint Manager.

Further reading:

Similar Posts