The benefits of Windows 10 Dynamic Update

Monika_Sinha · ‎Apr 17 2019

Dynamic Update can help organizations and end users alike ensure that their Windows 10 devices have the latest feature update content (as part of an in-place upgrade)—and preserve precious features on demand (FODs) and language packs (LPs) that may have been previously installed. Further, Dynamic Update also eliminates the need to install a separate quality update as part of the in-place upgrade process.

From an IT perspective, using Dynamic Update reduces the need to apply separate updates to recently installed systems and makes it easier to get your devices up to date with the latest available quality update in one step.

In this blog, we’ll explore which core components are updated by Dynamic Update, how Dynamic Update is initiated, and how to enable or disable it.

What is updated by Dynamic Update?

There are several core components that can be updated by Dynamic Update, including:

Setup DU: Fixes to Setup binaries or any files that Setup uses for feature updates.
SafeOS DU: Fixes for the ‘safe OS’ that we use to update Windows recovery environment (WinRE).
Servicing Stack Update (SSU)/Critical DU: Fixes that are necessary to address the Windows 10 servicing stack issue and thus required to complete the feature update.
Latest Cumulative Update (LCU)/General Distribution Release (GDR) DU: Installs the latest cumulative quality update.
Language Pack (LP) and Feature On Demand (FOD) DU: Preserves users’ installed language packs and optional features by reinstalling them.
Driver DU: Latest version of applicable drivers that have been already published by manufacturers (OEMs and/or IHVs) into Windows Update and specifically targeted for Dynamic Update.

How Dynamic Update works

As soon as a feature update is initiated, whether from media or a Windows Update service-connected environment, Dynamic Update is one of the first steps invoked. Windows 10 Setup reaches out to the HTTPS endpoint, i.e. the Internet-facing URL hosted by Microsoft, fetches the Dynamic Update content, then applies those updates to your OS installation media, thus making the installation process go as smoothly as possible.

Based on your feedback, starting with Windows 10, version 1809, Dynamic Update content is downloaded directly from HTTPS endpoints. Prior to version 1809, Setup leveraged the in-box Windows Update client to retrieve Dynamic Update content, which required those organizations using Configuration Manager with WSUS to approve the Dynamic Update content in the WSUS console.

How do I enable or disable Dynamic Update?

Dynamic Update is enabled by default in all Windows feature update workflows unless disabled explicitly. In an interactive installation, users will be prompted automatically to choose whether to allow Dynamic Update to occur as shown below:

In an unattended installation (i.e. one that does not require user interaction and automates Windows installation using an answer file), the setting shown below will control whether Dynamic Update occurs or not. By default, it is set to True; however, to disable it, the value can be set to False.

<DynamicUpdate>
     <Enable>True</Enable>
</DynamicUpdate>

The following Setup.exe command line option can also be used to specify whether Windows Setup performs Dynamic Update operations:

/DynamicUpdate {enable | disable}
setup /auto upgrade /DynamicUpdate disable

In a Configuration Manager OS upgrade task sequence, the Task Sequence Editor features a setting for “Dynamically update Windows Setup with Windows Update” to control whether Dynamic Update occurs or not, as shown below:

If a command line setting cannot be passed to Setup—for example, in Windows Update or Configuration Manager scenarios based on the software update servicing flow—the setupconfig file can be used to configure Dynamic Update options.

If Dynamic Update is not enabled, Setup will use only the files that are provided on the installation media. FODs and LPs will not be retained or migrated. Instead, after the feature update is installed, the OS will attempt to reacquire these from Windows Update. If the device is offline or cannot reach Windows Update, then the user or admin will need to manually initiate the reinstallation of the FODs and LPs from separate media or an ISO file.

How to manage Dynamic Update content in a managed environment

If you’re a larger commercial organization, you likely manage updates using WSUS or Configuration Manager, approving and deploying them at your own pace to specified devices and users. Configuration Manager can work in conjunction with WSUS; however, as noted above, Dynamic Update content must be approved via the WSUS console for Windows 10, version 1803 and prior. For Windows 10, version 1809 and later, there is no approval required in WSUS. Instead, by default, the client device receives all content from the following HTTPS endpoints:

These specific endpoints are not exclusive to Dynamic Update; instead, they are used for any content download related to Windows updates.

In a media-based scenario, you will need to download the latest Windows 10 ISO and use it as starting point for customization; for example, removing in-box applications and customizing the user interface, drivers, and applications. For Internet-connected devices, Dynamic Update content will be downloaded directly from HTTPS endpoints. For devices not connected to the Internet, you will first need to download all Dynamic Update content and then patch your media image before initiating Setup. This makes it easier to get your device up to date with the latest available quality update in one step.

Learn more

If you need to ensure that LPs and FODs are retained when updating devices with the latest Windows 10 feature updates, see Language pack acquisition and retention for enterprise devices. To learn more about the process of approving and downloading Dynamic Update content via WSUS for Windows 10, version 1803 and prior, see Using Dynamic Update with WSUS to install Windows 10 feature updates.

In a future blog post, we’ll explore additional scenarios where Dynamic Update can be leveraged for end users and commercial customers. For information on servicing and delivery tools like WSUS, Configuration Manager, or Microsoft Intune—or to learn more about strategies for Windows 10 updates in an organization—see the Quick guide to Windows as a service. To learn more about Windows as a service, check out the Windows as a service gateway on Docs.

MasterMysterious · ‎Apr 17 2019

Hi

As long as a dynamic update includes an LCU, the same risks and concerns are associated with it.

Remember that people hate LCUs because:

An LCU is a huge update. And if I am deploying Windows to 33 computers, I definitely don't want Windows to squander 33×200=6,600 MB worth of my bandwidth, especially when I have WSUS in place. Before v1809, LCUs were even bigger, approximately 1.2 GB in size. Back then, they squandered 33×1.2=39.6 GB of bandwidth. Please pay attention that the squandered bandwidth is not just squandered money; it is squandered time.
LCUs are unreliable. They need testing before they could be deployed.

A dynamic update is nothing but a candy-wrapped LCU.

Neo Beum · ‎Apr 17 2019

So.... I assume that the issue with Windows Store and DISM/Sysprep has been fixed? Because there are issues when creating images if the Store connects to the internet.... or is this another issue Microsoft just want to ignore?

https://blogs.technet.microsoft.com/mniehaus/2018/04/17/cleaning-up-apps-to-keep-windows-10-sysprep-...

Niehaus references Brandon's blog here:

https://blogs.technet.microsoft.com/brandonlinton/2015/08/28/windows-10-sysprep-fails-after-removing...

This dynamic update isn't sysprep - but there are similarities to sysprep - and when the system image is captured for the user to create the base recovery image - it basically does run sysprep. Auto-Maintenance will eventually run

DISM /Online /Cleanup-Image /StartComponentCleanup /ResetBase

So, my question is: Have all the Connected to Internet/Online issues been resolved?

Matthias Heinrichs · ‎Apr 17 2019

@MasterMysterious

You should enable delivery optimization in case you haven't done yet. This share out the already downloaded updates to other clients in your environment and preserve bandwidth.

Jaybird283 · ‎Apr 18 2019

Where can I find info about downloading and injecting DUs into my install media?

MasterMysterious · ‎Apr 18 2019

@Matthias HeinrichsWow, you Delivery Optimization (DO) fans always choose the worst time to advertise this feature. If you review the original post above, you see that DO is useless for dynamic updates, since it is bypassed. Here is the relevant excerpt:

Based on your feedback, starting with Windows 10, version 1809, Dynamic Update content is downloaded directly from HTTPS endpoints.

AntonKolobov · ‎Jan 21 2020

Does Dynamic Update look to system settings to detect a proxy server to contact mentioned endpoints:

Or they should be only accessible directly without proxy?

Andrew Porter · ‎Jul 09 2020

@Monika_Sinha Thanks for the write up however the document doesn't describe clearly what happens if you use SCCM in your environment, have enabled the 'Windows 10 Dynamic Updates' Product for your SUP but your clients are blocked from reaching out to the internet? Will SCCM provide the new content required during the Feature Update or will the endpoints still try to reach out to the HTTPS endpoints on the internet?

Will enabling the below products in SCCM actually do anything in regards to Feature Updates?

- Windows 10 Dynamic Update

- Windows 10 version 1903 and later, Servicing Drivers

- Windows 10 version 1903 and later, Upgrade & Servicing Drivers

Thanks.

mluck94 · ‎Sep 05 2020

@Andrew Porter

I've been trying to figure this out as well. We use WSUS and have a strict rule in our company that we need to approve all updates through WSUS and cannot have them connect to Microsoft's Update services. No matter what settings I choose, any time I push out an upgrade it will always try to reach out to these endpoints. I validated this by checking the C:\$WINDOWS.~BT\Sources\Panther\setupact.log and see attempts going out to these endpoints - EVEN IF I have Dynamic Updates in WSUS marked as approved. This is a no go for us as we don't allow our workstations to reach out to these endpoints through our corporate proxy, so as a result the Upgrades always fail to install.

I've also tried setting the "Do not connect to any Windows Update Internet locations" in group policy, and it still won't respect this setting.

The only option I have had is to disable Dynamic Updates on the workstation itself before running the upgrade by creating a Setupconfig.ini file (documented here: https://www.asquaredozen.com/2019/08/25/windows-10-feature-updates-using-setupconfig-ini-to-manage-f...)...This isn't ideal as it makes more work for me to create these files every time I need to push a new feature upgrade for Win 10. There needs to be a clearly documented way to override this behavior. I notice in this article the author writes "For Windows 10, version 1809 and later, there is no approval required in WSUS. Instead, by default, the client device receives all content from the following HTTPS endpoints" -- That by default would imply there is a way to override the behavior...so how do we do it MS???

Lewes-Price · ‎Sep 29 2023

I am in the Windows Insider Program, do I need to install the dynamic update?
When I run it using the setup file, it gives me an error of "Windows could not determine the language to use for setup. Error code: 0x80004005". So there seems to be an access problem. I prefer not to use powershell, as it needs to be automated.

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs