Home
Microsoft

Windows 10 quality updates explained & the end of delta updates

With Windows 10, quality updates are cumulative. Installing the most recent update ensures that you receive any previous updates you may have missed. We used a cumulative update model to reduce ecosystem fragmentation, and to make it easier for IT admins and end users to stay up to date and secure. However, cumulative updates can prove challenging when it comes to the size of the update and the impact that size can have on your organization’s valuable network bandwidth.

When a new Windows 10 feature update is released, the first cumulative update is generally between 100-200 MB in size. Across all versions of Windows 10, cumulative updates grow as additional components and features get serviced, pushing the size to somewhere between 1-1.2 GB. Generally, this happens within the first 6-8 months after the release of a feature update.

To help you reduce the burden on your network bandwidth, yet still receive the same equivalent update, Microsoft designed three different update types:

  • Full updates have all the necessary components and files that have changed since the last feature update. We refer to this as the latest cumulative update, or LCU. It can quickly grow to a little over 1 GB in size, but typically stays that size for the lifetime of that supported version of Windows 10.
  • Express updates generate differential downloads for every component in the full update based on several historical bases. For example, the latest May LCU contains tcpip.sys. We will generate a differential for all tcpip.sys file changes from April to May, March to May, and from the original feature release to May. A device leveraging express updates will use network protocol to determine optimal differentials, then download only what is needed, which is typically around 150-200 MB in size each month. Ultimately, the more up to date a device is, the smaller the size of the differential download. Devices connected directly to Windows Server Update Services (WSUS), System Center Configuration Manager, or a third-party update manager that supports express updates will receive these smaller payloads.
  • Delta updates include only the components that changed in the most recent quality update. Delta updates will only install if a device already has the previous month’s update installed. For example, assume in May that we changed tcpip.sys and ntfs.sys, but did not change notepad.exe. A device that downloads the delta update will get the latest version of tcpip.sys and ntfs.sys, but not notepad.exe. Delta updates include the full component (not just the individual files) that changed. As a result, they are larger than express updates, often around 300-500 MB in size.

Regardless of which type of update is installed on a device, that update is fully cumulative and installing the latest update will ensure that the device has all the necessary quality and security improvements.

update-size.png

This raises an important question: why make delta updates available if express updates are more optimized and don’t require the previous month’s update already be installed? Delta updates were originally created because the express update protocol was only available to devices connecting directly to Windows Update or Windows Server Update Services. In January 2017, the express protocol was extended to all 3rd party update management systems; however, we continued to ship delta updates to give companies and third-party update management tools time to implement support for express updates.

Currently delta updates are available for the following versions of Windows 10:

  • Windows 10, version 1607
  • Windows 10, version 1703
  • Windows 10, version 1709
  • Windows 10, version 1803

Now that express update support for third-party update managers has been available for over a year, we plan to stop shipping delta updates. Beginning February 12, 2019 Microsoft will end its practice of creating delta updates for all versions of Windows 10. Express updates are much smaller in size, and simplifying the cumulative options available will reduce complexity for IT administrators.

For more information on optimizing update bandwidth and more details about express updates, see Optimize Windows 10 update delivery. To learn more about Windows as a service, check out the new Windows as a service page on the Windows IT Pro Center.

20 Comments
Contributor

Hey. Maybe you also will fix an issue with Windows 10 not seeing a few latest CU updates on WSUS after a feature update. This has been an issue with 1703 and newer versions (maybe even earlier). I now have a script wiping SoftwareDistribution on every startup, because i can't find any other way to make it pull the latest CU from WSUS otherwise (although WSUS shows that they are needed). This is one of the most annoying sides of "windows as a service"..

 

P.S. this site is so bullsh. It constantly eats my comments (yeah, i had this page opened for a while, it's not a reason to fail to authenticate when posting a comment), it is HORRIBLE on mobile.

Microsoft

Hello Oleg,
Thanks for the feedback.  I'll forward your question to the folks responsible for WSUS and how we publish to WSUS.  That does sound pretty annoying.

 

Mike

Contributor

Thanks. I think it is not isolated to WSUS only though. I had a same issue after my parents laptop has been updated to 1803. It couldn't find latest CU, although it found Flash player updates. Using Windows Update there.

Occasional Contributor

The definition you gave for "Express updates" contradicts the WSUS definition of "express updates". In WSUS, not only an express update is not smaller, it is significantly larger; but, allegedly, it installs faster.

 

Of course, it is still possible that these two are the same: The update is larger for the sever, but clients download less. If that's the case, I don't use them; size matters much more on the Internet connection, not on the local network connection.

Microsoft

Mr. Mysterious,

That is correct - if you enable express on WSUS, the update you download to the server is much larger (typically over 4GB in size).  Then each client that connects to WSUS gets the much smaller download size.  So it works well in scenarios where enterprises have branch offices with slower download links while their central location has a much larger pipe.

The file is larger on WSUS because it contains all the baselines that any client could ask for, as well as all SKU's and architectures.  While the clients only download the SKU, architecture, and specific component differentials that they need.

Mike

Microsoft

Oleg,
For your parents machine, which I'm assuming is connected directly to Windows Update, when it downloads a feature update it also downloads and installs the latest cumulative update (LCU) at the same time.  So when they upgraded to 1803, then were already fully up to date on LCU's.  

Example:

1803 released in April

April patch tuesday, first 1803 LCU released (I'll call this 1804B)

May patch tuesday, another 1803 LCU released (I'll call this 1805B)

If your parents machine upgraded on May 22nd (one week after patch tuesday) they would download and install both the feature update and the 1805B LCU.  They would only see a single reboot, and their machine would be fully up to date.

Mike

Occasional Contributor

Hello Mike

I see. I forgot about the branch office scenario.

Of course, I actually am working somewhere with a branch office but that office does not use an upstream WSUS over WAN; it is cheaper to connect to the Internet than to connect to the main office. Our orders are to keep the redundant traffic off that WAN link. So, the branch office admin has a separate WSUS deployment.

 

Contributor

Mike, but when i have deleted SoftwareDistribution folder on parents laptop it then found new CU update and installed it.

Microsoft

Oleg,
I don't think deleting the SoftwareDistribution folder should have had an impact.   Any chance you also enabled a language pack or feature on demand (FoD) (.NET 3.5, many others)?  Enabling language packs and features on demand triggers a new download of the quality update to make sure you have the latest language strings and any updates for the components in the FoD.

 

 

One way to see if you have the current LCU is to look at the windows version and then compare to the release information page.  If you get into this state again it would be interesting to see what the winver is before and after you delete the SoftwareDistribution folder.

 

https://www.microsoft.com/en-us/itpro/windows-10/release-information

 

Mike

Contributor

Well, that will take a while as i don't look after their laptop that often. But will have that in mind if i encounter this issue again.

Occasional Visitor

I support a large globally distributed SCCM environment supporting multiple versions of Windows 10, both 32 and 64 bit and Server 2016.  Having each Express update be > 4 GB (7.96 GB for x64 KB4338814 this month) quickly bloats the size of the Software Update Packages and is challenging to distribute globally in a timely matter.  This impacts QA and PreProd testing time frames, especially for sites that are behind a slower WAN link.

Additionally, these updates increases the install time of the updates themselves effecting the user experience.

For these reasons we were forced to stop using Express Updates.

Occasional Visitor

Will the wsusscn2.cab be populated with these types of updates, for use with mbsa?

Microsoft

Sean,
Thank you for the feedback.  We have some ideas we're working on to improve that scenario.  Hopefully we'll have something we can announce soon.

Mike

Microsoft

Pappy,
Yes, the wsusscn2.cab file documents updates and can be used to show which KB#'s are missing on a machine.  Regardless of whether you use the Full LCU or an express update, the actual KB you install is the same KB# and your device will have the same versions of all updated files on it.

Mike

Occasional Visitor

Hello Mike,

 

I hope will get some answers to my questions. I have tested Express Update and my opinion is better to leverage Full Update or LCU update types to patch our End User Devices until really MS bring improvements.

 

Reasons:

 

1.  We deploy Monthly patches to End User Devices through Microsoft SCCM CB integrated with WSUS. We have quite number of Distribution Points connected at slow network sites especially PULL DP concept. During our testing scenario; we realized the Express Update occupies the Disk Space on DPs more than LCU update types. We are worried about the replicating 7GB to 8GB package to the Distribution Points hosted at low network bandwidth locations. I am quite disappointed; When MS releases so many feature across different product groups and at the same time its impacting the other products. We deployed PULL DP with the concept of Branch Office sites and now we will not be able to utilize Express Updates because of content size limitations.

  

Questions: Lets take a scenario; Now we are in the month of July 2018. For now my Express update package has cumulative updates from January to June 2018 and size of approx. 7GB to 8GB. Lets assume we will move to December 2018 and we will have Express Update for the last one year including LCU and the content size approx.. ??.. Can I cleanup the content library or content directory of Express Update (n-2) months which means till October 2018 to get back some disk space free. If I do so; how does it impact the Client Devices to scan and installs the Windows Updates particularly in the space of Express Update.

 

2. Bad End User Experience : Express Updates takes quite a lot to download and installs the Updates. One more Bad User Experience; SCCM Client Agent downloads and keep the binaries @ C:\windows\ccm\temp and estimated disk space of 100 - 300 MB.  After completion of deployment; these files are not cleaned up and cause the Disk space utilization on End User Devices. I am not sure; does it by design with Intention? Could you please advise me do you have any information and When MS expected to announce the improvements any ETA?

Occasional Contributor
Mike, Can you clarify/confirm something you said above? Which is that express updates only contain three specific revisions of a file based on the baselines of N-1, N-2, and RTM. I've always assumed that it contained 'the latest' and that the client did a binary compare to download only the byte ranges it needed. The assumption being that this was theoretically infinite in terms of permutations versus what sounds like only one of three possibilities. Thanks, Bryan
Microsoft

Hello Bryan,
It sounds like you are asking what is stored on the windows update service and available for clients to download.  Generating differentials takes time and space on the service, so we generate the ones that will be most likely to be used by the highest number of users.  We did some data analysis and identified that over 90% of users are within N-5 of being current (with the majority being at N-1).  So we generate differential baselines for N-1, 2, 3, 4 and 5.  And we also generate a differential for RTM.  
When a device goes to download an update it chats with the service to let it know what version of a file it has, and then the service determines which differential would be the best fit.
Technically we could generate differentials for every possible baseline permutation, but that would take more processing time and more storage space.  And as you see from other people on the thread, it also impacts the disk size and download of people running WSUS who want to enable express locally (since the same files we store for express on Windows Update are also sent to WSUS).  So we try to make the best tradeoff across both experiences.

 

Mike

Microsoft

Hello Rajkumar,

I agree, in your scenario using the full LCU may be a better fit.  If WAN bandwidth is the most important, and you have a lot of machines in each branch office, then the full LCU may be the best way to optimize your bandwidth.  On the other hand, if you have a branch with only a couple machines it may be best to enable Express on a WSUS at your headquarters and then have the machines at the branch download express updates from it.  (3 machines x 150mb is smaller than downloading a full LCU to that small branch, and of course you wouldn't need to maintain a WSUS server there)

Yes, you should be able to clean up the express content library (assuming your devices are only on win10 where updates are cumulative).  If you still have some win7 or win8.1 devices you may not want to clean out their older updates since they aren't fully cumulative from RTM.  As long as you keep the latest cumulative express update, cleaning up the older ones shouldn't impact download bandwidth at all.

Unfortunately I'm not an expert on the SCCM client.  I'll reach out to some of my colleagues to get an answer on the local disk space.  The Windows Update agent keeps updates around on the disk until they've been superseded for 30 days.  Which generally means you have N-2 worth of updates on the disk and then they automatically get purged.  I'll ask the SCCM folks if they have a similar design.

Mike

Microsoft

Hello Rajkumar,
I talked with someone on the SCCM team and they said that the SCCM agent should be cleaning up those files, assuming you are using the latest version (1802).  Do you know what version you are using?

Mike

Occasional Visitor

Hello Mike,

 

Thank you very much for replying.

 

I have performed the evaluation on SCCM CB 1709 and we recently upgraded to CB 1802. Then in this case I will run through my evaluation cycle one more time.

 

BTW We are still on Windows 10 1709.