Home
Microsoft

Windows Update for Business & Windows Analytics: a real-world experience

Over the past two months, we have shared insight into how Windows Update for Business leverages diagnostic data to monitor servicing channels and quickly address issues. We also provided suggested configuration guidance around setting up automatic updates, managing feature and quality updates, enforcing compliance, and more.

We have seen many IT departments simplify their deployment strategies using Windows Update for Business to more quickly improve productivity and the Windows 10 experience for their end users. I’d like to share the experience of one of those customers to help you better understand how you can leverage Windows Update for Business—in conjunction with Windows Analytics—to help you do the same.

In a recent implementation, a customer was using Windows Analytics to investigate gaps in their update experience. After running the Upgrade Readiness script on a sample set of PCs to identify why some PCs were having difficulty getting up to date, they found that a critical line of business (LOB) application had multiple versions with different prerequisites. Windows Analytics provided them with the insights they needed to audit and align which version of the application was running on which devices, and they were able to move forward. After configuring a Commercial ID and turning on the telemetry settings in System Center Configuration Manager, they implemented a task sequence to execute the monthly Upgrade Readiness script, and successfully updated their remaining PCs.

With Windows Analytics flowing broadly across their PCs, the customer was ready to use Windows Update for Business to implement monthly quality and semi-annual feature updates across their organization. They set up a “pilot” servicing ring with a set of Azure AD joined devices using a static device group and, because they were already using Configuration Manager, configured co-management so that they could manage devices use both Configuration Manager and Microsoft Intune. The pilot ring was configured so that devices would receive quality updates from Windows Update for Business and be monitored via Windows Analytics Update Compliance with regard to the status of monthly quality update installation and overall delivery optimization. 

After the success of its Windows Update for Business servicing pilot, the customer decided to move forward with taking monthly quality updates from the Internet for all of their Windows 10 devices. They moved the slider bar in Configuration Manager all the way over to Intune and set out on their journey to broadly adopt the Windows as a service model.

Nothing excites us more than hearing how you apply tools to embrace servicing and simplify the delivery of Windows 10 and updates in your organization. As a result, I’ld like to share a few other key learnings from working with the customer whose story is outlined above:

  • They initially tried to deploy three rings (two targeted, one broad), but with 1,000 PCs to manage, they found they could accomplish their goals using one pilot ring and one broad ring since all of their applications were fully compatible and they were using the 64-bit versions of Windows and Office. Having only two rings also made it easier to manage updates from the Windows Update for Business side.
  • The customer is using Update Compliance and Delivery Optimization to refine and optimize peer-to-peer (P2P) distribution. They are looking at moving away from default settings and using Download Mode, combined with Group IDs, to service other departments if they are in separate locations or have similar circumstances.
  • With success taking monthly quality and semi-annual feature updates from Windows Update for Business, with co-management working well, and with active monitoring in place using Windows Analytics, the customer is now interested in moving additional workloads to Intune. 

Additional resources

For more information on configuring and deploying updates, please see the following resources:

1 Comment
Super Contributor

We don't have CM or Intune. So we use WSUS to do semi-annual updates and distribute security updates. It has some quirks, but worked for us so far.