Hello @Stephane Lalancette
Unfortunately, today there is no exact match for what you are looking for. The closest thing that you could enable today in WUfB is to have the update roll out in waves to different groups and include the option of taking it before the deadline via setting policy (through an MDM like Intune or Group Policy (GP)).
To give you an example of what you could do with WUfB in this scenario:
If I were to manage 100,005 devices, I could break them up into 5 deployment waves (1. IT (5 devices), 2. Insiders (1,000), 3. early wave (5,000), 4. broad wave 1 (45,000), 5. broad wave 2 (49,000). For the rings where I want people to be able to have the choice of whether or not they want to take the update before the deadline, I could enable the user to be notified that the update was available to them, but not download it unless they manually went to Windows Update to get the update. Then, when it reaches the deadline, the update will be automatically downloaded and installed on the device. Thereby, you have enabled the end user a period of time to essentially choose whether or not they want the update (for Feature updates this period can be up to 30 days).
For information on how to configure, please see below:
*note: all of these policies are the GP implementation (feel free to ask about Intune or CSP implementation) additionally all of the GPs referenced are in the following path: Computer Configuration > Administrative Templates > Windows components > Windows Update OR Windows Update > Windows Update for Business.
[To configure rings 1, 2]
These rings are set up in this example to be used for validation and feature exploration prior to the next update I intend my organization to take being released. Click here to learn more about how to leverage the Windows Insider Program for Business to provide longer validation times / better prepare for a Feature Update.
- I would recommend enabling Manage Preview Builds: "Enable preview builds"
- Next, go to the policy "Specify when preview builds and Feature Updates are received" set branch readiness level to "Release Preview"
Done. Now just monitor any feedback coming in to ensure that you catch any issues or find any features you should be discussing broadly after deployment to improve productivity. (note - this can be done in WSUS/ConfigMngr as well).
[To configure ring 3,4,5]
- Go to "Specify when preview builds and Feature Updates are received; set branch readiness level to "Semi-Annual Channel" and set defer receiving Feature Updates to "120", "180", "240" respectively (this is just an example you could change these as per business needs and confidence - you could give your IT team this control). This will result in the devices getting a feature update once it is 120 days old in Ring 1, 180 days old in Ring 2, and 240 days old in ring 3.
- In the waves where I want to enable folks to have the chance to choose whether or not to take the update themselves for a period of time, I would recommend enabling the "Configure Automatic Updates" policy to notify to download and automatically install (Configure Automatic Updates = 2)
- Finally, to set a deadline, I would configure "Specify deadlines for automatic updates and restarts". For feature updates make the deadline 30 days and grace period 5 days. This will make it such that your end users have a period of 30 days to choose to download the update before it will be automatically downloaded and installed. They will then receive multiple notifications to schedule the restart and the device will try to automatically restart outside of active hours when the user isn't there before being forced to restart 5 days after pending reboot.
I know this isn't exactly what you are looking for, but it may be able to meet your needs. I will certainly take your feedback on wanting a similar capability to Configuration Managers on demand feature updates in WUfB back to the team. Please let me know if you have any questions. :)
Best,
Aria
