Home
Microsoft

Windows Update for Business: Enhancements, diagnostics, configuration

Based on your feedback, Windows 10, version 1803 offers new features and improvements for Windows Update for Business that improve control and visibility, and help you better manage secure, targeted deployments. We also addressed some of your concerns related to the consistency of the “look and feel” of Windows Update for Business. Here's a quick rundown of what’s new and what’s been updated in Windows Update for Business in Windows 10, version 1803:

 

  • Greater control over update deployment – You can now remotely pause and uninstall problematic updates. When an anomaly is recognized, you can easily roll back feature or quality updates using Microsoft Intune.
  • Greater visibility to device update health – We’ve made enhancements to Windows Analytics to increase visibility into Delivery Optimization activities, enabling you to confidently manage and monitor deployments.

 

Sometimes what you don’t change is just as important as what you do change. You’ve told us that changes to the environment from one update to the next were often making update management more challenging. In this release, your feature update deferral environment will stay the same. For example, devices with a branch readiness level set to Semi-Annual Channel (SAC), will migrate to Windows 10, version 1803 later in the year and devices with a branch readiness level is set to Semi‐Annual Channel (Targeted), will be offered Windows 10, version 1803 depending on the deferral day configuration you set. 

 

For more information on Windows 10 releases and servicing options, see the Windows 10 release information page.

 

Diagnostic data

Configuring Windows Update for Business enables you to choose your Windows 10 build update schedule based on number of deferral days or branch readiness level. As more users think through their privacy settings, we wanted to draw your attention to the dependencies Windows Update for Business has on diagnostic data, including those related to branch readiness level. Specifically, Windows Update for Business features do not work unless diagnostic data levels are set to Basic or above. Enabling basic diagnostic data allows Windows Update for Business to monitor servicing channels and address any issues.

 

You can find additional details here:

 

 

Configuration guidance

In response to customer feedback, we are also working on suggested configuration guidance and best practices for Windows Update for Business. Yes, the ink is still drying, but we’re excited about it. Here’s a quick preview of what you’ll see:

 

  • Getting feature/quality updates from Windows Update (WU), and other packages from Windows Server Update Services (WSUS) and/or System Center Configuration Manager
  • Managing deferrals for feature and quality updates
  • Automatic updates and scan frequency
  • Reboot experience and compliance
  • Delivery optimization
  • Driver management

 

To find out when this guidance is available, follow us on Twitter and sign up for the Windows IT Pro Insider newsletter.

 

Don’t miss the full write-up of what’s new in security, deployment, management, and productivity in Windows 10, version 1803. If you have not yet deployed Windows 10 and are looking to test this latest release for your organization, you can download the Windows 10 Enterprise Evaluation from the Microsoft Evaluation Center.

 

Additional resources

For more information on configuring and deploying updates, please see the following resources:

 

 

We are actively evaluating new Windows Update for Business functionality to help you maintain and update devices with improved ease and confidence, with the least amount of change to your update process. We would love to hear from you on what you would like to see in upcoming releases. Please let us know in the comments below!

3 Comments
Occasional Visitor

I have been pleading with MS engineers and managers for a guide on how we're supposed to deliver patch management as an MSP these days, considering how MS has completely ruined a previously good thing. I haven't found one support engineer or IT-savvy person that likes the new patch model, and this is on the heels of just a few months ago when I was discussing with clients how I haven't seen a bad, rogue update since Windows 98. Now it's a monthly occurrence. I do appreciate the article, but in reading between the lines, it's obvious that MS doesn't yet know how to answer that question. If no one has noticed, any computer that's on 1803 UBR=48 will not recognize the fact that MS released another Cumulative Update later in May (UBR=81). All systems think they are up to date unless you MANUALLY hit the "check for updates" button, at which time it will download the latest update and elevate you to UBR=81. Why? Why doesn't the auto-check recognize the CU is available? And that's just one issue. I could write a book on what I've been going through since October of last year. It's more than enough to start advising customers to move to MACs and Linux systems, surely. I just don't understand why we're going backwards as far as stable technology, and MS is breaking systems left and right with the new patch model, not to mention trust and relationships with MSPs and their customers. We all provide patch management with various RMM and MS tools, but now we can't. Please...just recognize this was a bad decision and roll back to how patching used to work. We'd all be better off and you would not have to write apologetic articles such as this, which this obviously is if you really read the message. You have folks jumping off the MS bandwagon daily, i'm sure you're aware. One question: if the local systems don't know there's an update available, how is Intune or WSUS supposed to work? …..exactly! 

Todd -- here's my take:  there are metadata on the back end that indicate when an update is a major security update and when it's a minor one.  The May 23 update was bug fixes, not security ones and my guess is that they didn't change the metadata detection to push it out.

 

I am seeing many in the managed services arena totally disable updating to control it (which is totally not a good thing).

 

Microsoft please don't just ask us to "upvote" or join the insider group - but actually get out here to your MSP/IT pros and please ask us what we need and want in order to keep people patched.  People are delaying updating now because of these issues.

Frequent Contributor

I'm seeing the same problem with having to manually press "check for updates" even on Windows 7 machines recently. I don't care if an update is minor or what. If it was approved in WSUS or other managing system, it MUST go through automatically.