Microsoft's SAAS changes on Win10 had the consequence of creating a FAR higher workload on the IT staff over the last few years.
Windows 7 had only one Service Pack (IMO the analogue to Win10 edition updates), and we thoroughly tested before deploying. With the Win10 edition updates, there's really not enough time to vet the update before it had to be deployed, so we earned a lot of resentment when these updates broke functionality and a lot of time was wasted in disabling updates and reimaging broken PC's.
Even with bandwidth reducing features enabled, the size of the updates created separate set of concerns (I won't go into here). Not everyone has unlimited bandwidth. My team had to support 8000 PC's, many outside the firewall under these conditions.
Lastly, Microsoft didn't help by constantly changing the cadence and terminology, as it was very difficult to communicate to the non-technical managers the jargon change which added to confusion. It was also difficult to make sure the developers kept up with the changes too, creating extra unnecessary work.
I welcome the recently announced changes in the edition updates. I believe they will really help reduce workload. However, I think Microsoft should FURTHER consolidate their patching. I would suggest: 1) Get rid of Win10 feature updates as separate update. 2) I like your new lifecycle on edition updates. Add feature updates to edition updates. 3) Security patches monthly, and out-of-band for urgent/zero-day. I can deal with security patch breakage better because #1&2 should reduce workload.
So less updates, but more comprehensive, so we do not have to devote so many resources.
Finally, create a timeboxed fast rollback capability. This would bring a lot more confidence for those who must support your "no test" updating. We would be able to rollback Windows updated for perhaps 30 days (next cycle??) to allow developers to get to RCA and resolve.
I agree, we cannot allow everyone to pick and choose patches, and all must be reasonably close on patching and versions We just need it to be less impactful.
PS off topic, but Microsoft should encourage third parties to self-update their apps too. All these should be required to have a standardized event log entry so we can quickly ID what changed.
Thank you for the feedback and for the detailed question. I'm going to focus on some of your key points:
- Edition Updates - we don't have anything called edition updates. Our recent announcements are for Feature Updates being serviced for 30 months in the Enterprise and Education editions of Windows 10. So hopefully that means your 1) and 2) are the same and that helps you stay current.
On working with ISVs and other 3rd party app providers we have a constant engagement around that. You can check for compatibility and which ISVs do that more often at www.readyforwindows.com.
As for a 30 day window to revert an update we do provide policy settings to change that.
Thanks for responding. I should be clearer in my terminology… I'm still catching myself mentioning "current branch."
Nonetheless, going from moving 8000 PC's from 1709 to 1803 (some were on 1709) was more an act of faith than an organized upgrade due to lack of bandwidth, the users resistance to upgrades in general and our inability to provide assurance to the business the update would do no harm.
I think you are definitely on the right track extending the upgrade cadence. I also think what you are doing will help increase security over time.