Onboarding guide: Preview of Unified Update Platform (UUP) on premises update management

Microsoft

Welcome to the UUP on premises preview

Thank you for your interest in participating in the UUP on premises preview! We are very excited to share the benefits of Unified Update Platform (UUP) updates with those who manage Windows PCs with Windows Server Update Services (WSUS) or Microsoft Configuration Manager.

Simplifying the upgrade from Windows 10 to Windows 11

UUP makes OS upgrades easier for you to manage. You no longer need to create your own custom images or complicated task sequences to retain installed optional features or language packs. New capabilities include:

  • Simplified content management via servicing, instead of media-based task sequences
  • Upgrading the OS to the latest security compliance level with one reboot
  • Installed optional features on demand (FODs) and language packs (LPs) are retained during upgrades
  • If desired, the ability to implement well known task sequences for other custom actions needed in your environment

Note: To upgrade to windows 11 from windows 10, the minimum required version of windows 10 is 21h1 or later.

Quality updates for Windows 11

Quality updates with the UUP continue to be cumulative and include all released Windows quality and security fixes. New capabilities are:

Note: To receive quality updates on windows 11, we recommend that the latest security updates be installed on your devices. Minimally, devices should be updated through April 2022.

Keep an eye on Get started with Windows Update for additional information on these capabilities.

The goal of UUP on premises preview: Simpler management of feature and quality updates

Manage feature updates

UUP feature updates make OS upgrades easier for you to manage. You no longer need to create your own custom images or complicated task sequences to retain installed optional features (FODs) or language packs (LPs).

Please try UUP feature updates to experience these benefits, including:

  • Upgrade straight to the latest security compliance level. You no longer need to install security updates immediately after upgrading to be compliant.
  • Preserve all FODs and LPs during the upgrade process.
  • Continue to use task sequences for other custom actions that are needed in your environment.

Platforms supported: Upgrade to Windows 11 from Windows 10, version 20H1 or later.

Note: Devices must also meet Windows 11 system requirements (see Windows 11 Specs and System Requirements).

Manage quality updates

Quality updates with UUP continue to be cumulative and include all released Windows quality and security fixes.

In addition, please deploy UUP quality updates to try these new features:

  • End users can acquire FODs and LPs on demand in an offline environment.
  • Configure automatic corruption repair for highest protection and productivity.

Platforms supported: Windows 11

How to join the UUP on premises preview

1. Send your WSUS Server ID to Microsoft

To participate in the UUP private preview, please share your WSUS Server ID with Microsoft so that we can onboard your environment into the preview. Without this, you won't be able to see any UUP updates in your environment.

To retrieve your WSUS ID, run the following in PowerShell on your top-level WSUS server:

$server = Get-WsusServer
$config = $server.GetConfiguration()
$config.ServerId

Please complete this form to provide your WSUS Server ID: https://aka.ms/uuppublicpreview.  

2. Ensure you are using a supported management platform

  • For WSUS standalone customers, any supported version of WSUS will work with UUP updates.
  • For Configuration Manager customers, version 2203 or later is required for UUP updates.

3. Update Windows clients to supported versions

Recommended versions for feature updates

UUP on premises supports upgrades to Windows 11 from Windows 10, version 20H1 and later. The devices must also meet the Windows 11 system requirements (see Windows 11 Specs and System Requirements) for the Windows 11 feature updates to be applicable.

Recommended versions for quality updates

UUP on premises quality updates are supported on Windows 11 with the April 2022 security update or later.

4. Ensure superseded updates are not removed too quickly

Ensure the last quality update installed on each PC is present in your WSUS or Configuration Manager environment, even if that quality update has been superseded. This is required for some of the benefits of UUP updates, including automatic corruption repair and the ability for end users to acquire FODs or LPs. This means that you will want to make sure Quality Updates remain in your environment until most, if not all, of your PCs have installed a more recent Quality Update. This might require you to modify maintenance tasks that remove superseded updates.

For details on how to configure Supersedence Rules in Configuration Manager, see
Install and configure a software update point.

For details on how to manage superseded updates in WSUS, see The Server cleanup Wizard.

5. [Configuration Manager users only] Ensure your ADRs are set as desired

Before enabling sync of UUP updates, review your automatic deployment rules (ADRs) and any other update infrastructure you have in place. If you don't want these updates to automatically deploy as part of your existing ADRs and Servicing Plans, be sure to update your ADRs to filter them out, see How to Find Synced UUP Updates. Existing Servicing Plans will deploy non-UUP only by default, but you can update them to change this behavior.

Also consider if these will affect any of your compliance reporting or other infrastructure just by syncing them and make any desired modifications in advance. For example, if you measure compliance across all products, you'll now see both the UUP and non-UUP cumulative Windows 11 updates as non-compliant or compliant, therefore skewing your numbers.

Enable UUP and start testing

[WSUS standalone users only] Enable support for MIME types

If you are a WSUS standalone customer, add the .msu and .wim MIME types on Internet Information Services (IIS) by opening an elevated PowerShell and running the below commands. Note: This is not required for Configuration Manager.

See also Adding file types for Unified Update Platform on premises.

Select products and classifications to sync

Enable the new product once you are ready to start syncing UUP updates and trying them out, and once you have received word from Microsoft that we have enabled your WSUS to see the pilot.

WSUS synchronization

  1. On WSUS console, open the WSUS Server Configuration Wizard and follow through the steps.
  2. On the Products tab, a new product should appear once your WSUS server is added to the preview. This product will contain the UUP preview content.
  3. Select Windows 11 UUP Preview to see Windows workstation UUP updates.
  4. On the Classifications tab, ensure you have selected:
    • Security Updates to see the UUP cumulative updates.
    • Upgrades to see the UUP feature updates.
  1. Synchronize the WSUS server to see new UUP updates.

Configuration Manager synchronization

  1. Synchronize software updates to allow the new products to populate.
  2. In the Configuration Manager console, navigate to Administration \ Site Configuration \ Sites.
  3. Select your top-level site (CAS or standalone primary).
  4. Open Configure Site Components \ Software Update Point.
  5. On the Products tab, a new product should appear once your WSUS server is added to the preview. This product will contain the UUP preview content.
  6. Select Windows 11 UUP Preview to see Windows workstation UUP updates.
  7. On the Classifications tab, ensure you have selected:
    • Security Updates to see the UUP cumulative updates.
    • Upgrades to see the UUP feature updates.
  1. Synchronize software updates to see the new UUP updates.

Find and test synced UUP updates

After you have synced UUP updates into your environment, you'll want to find them to test.

Find UUP updates in WSUS

UUP updates can be identified with the string “UUP” at the end of the update title. Documentation for viewing and managing updates in WSUS can be found here: Viewing and Managing Updates.

Find UUP updates in Configuration Manager

There are two easy ways to find the UUP preview updates within the Configuration Manager console.

  • Because these preview updates are in separate products, you can always use the product to filter or find these updates. Product filter has been added to Servicing Plans to enable you to select whether you want to deploy the UUP or non-UUP feature updates.
  • There is a new optional column Tag in the All Software Updates and All Windows 10 Updates nodes of Software Library, as well as a filter in ADRs. This field will be set to UUP for UUP updates and blank for non-UUP updates.

Try latest updates during UUP preview

During preview, all Windows 11 quality and feature updates starting from the May 2022 security update will be available as UUP.

We will also publish UUP pre-release builds and updates for the Windows Insider Dev Channel.

Once we complete preview, only Windows 11, version 22H2 quality updates and feature updates will be supported in production.

Test key scenarios

Test feature updates

  • Upgrade straight to the security compliance level of your choosing.
  • Upgrade with FODs and/or LPs installed before the upgrade (they will be preserved through the upgrade).
  • Use familiar task sequences for custom actions.

Each month a new feature update will be published to include the latest quality update, which allows you to choose which compliance level to approve for upgrades. You will not need to re-download or distribute most of the feature update content to your Distribution Points (DPs) each month (see details below).

Test cumulative updates

During the preview, keep clients compliant using the UUP type update for multiple consecutive updates to get the feel for ongoing expectations.

Test content

You'll also notice differences in content size. The first UUP update you sync for each major Windows version (e.g., Windows 11, version 21H2), architecture and language combination will appear to be large, in both number of files and disk space, compared to what you would have seen in non-UUP updates before. This extra content is primarily for FODs, language packs, and automatic corruption repair. This is what you can expect:

  • If you only download quality updates, the first UUP update will be about 10GB on your DPs.
  • If you download feature updates, the first UUP update will be about 15GB on your DPs. Note: Quality updates are a subset of feature updates. Therefore, if you download a feature update, it will include all the content associated with the quality update.

However, in subsequent updates (both the quality updates and the monthly feature updates at higher compliance levels), the amount of new content that needs to be downloaded and distributed will be much smaller. That is because all the FOD and language pack content is intelligently shared across updates rather than redownloaded or redistributed. In a typical month, the only new content that will be downloaded to DPs is the monthly security update.

Test supported content channels

For the preview, please test with what you use in your real enterprise environments. UUP will support all content channels, including:

  • Windows Delivery Optimization
  • Configuration Manager peer cache
  • Windows BranchCache
  • Deploy without downloading to server (no deployment package) to download straight from Microsoft Update. If that's what you are using, we recommend using it in conjunction with Windows Delivery Optimization.
  • Third-party alternate content providers

Documentation on options for optimizing content can be found at Optimize Windows update delivery.

Getting support

WSUS support

To report any issues with WSUS, open a support case using either ServiceHub or in the EndPoint Manager admin portal. You can also open a support case with your CSAM or account manager. 

Configuration Manager support

  • Please report any issues using your Configuration Manager console.
    • Follow instructions to submit your feedback or issues at Product feedback.  
    • Please attach the logs while submitting your feedback. Client logs can be collected using your Configuration Manager console and the steps mentioned in Client diagnostics.
  • For new feature requests, please use the Microsoft Feedback Portal.

 

2 Replies

@thad_martin Hi, I know I'm a bit late with this, but I've just tried to do the "normal" offline servicing to my Win11 22H2 wim via SCCM offline servicing with the 2023-04 monthly update and it's failed - are UUP updates compatible with offline servicing, and if not how do I keep my Win11 2H2 wim up to date?

Thanks.

@thad_martin 

 

Hello

 

Thank you for all this very useful information

I have applied all the firewall recommendations and IIS requirements

 

I still can't download the windows 11 22H2 updates since March from WSUS 2012 R2

 

The other patches work correctly

 

I have this error

 

I have the following error on the file download

 

I tried several things and nothing happens

 

In the event log I have an error 364

 

Failed to download the content file.

Reason: File cert verification failure.

Fichier source : /filestreamingservice/files/5d20b45d-2345-41d9-a08e-5d9b640e173b/public/languagepackclient_9bb203c316981be69e7fe22dbb6279ea6c60f072.wim

Destination file: E:\WSUS\WsusContent\72\9BB203C316981BE69E7FE22DBB6279EA6C60F072.wim

 

Do you have an idea

 

Thanking you in advance for your help