Update 7/15/2019: As a reminder to customers on Windows 10, version 1809 using Windows Update for Business with a Branch Readiness Level set to Semi-Annual Channel and a default 0-day deferral, your 60-day one-time built-in deferral period will end on Tuesday, July 23, 2019 and your devices will begin updating to Windows 10, version 1903.
Windows Update for Business began as a limited, cloud-based Windows Update management tool, utilizing the Windows Update service that today manages the updates for hundreds of millions of devices. With more commercial organizations turning to cloud-based update management and deployment solutions, we are enhancing and expanding the capabilities of Windows Update for Business to make the move to the cloud even easier. From simplified branch readiness options to better control over deadlines and reboots, there are several enhancements available in Windows Update for Business with the release of Windows 10, version 1903.
Let’s take a look at the changes.
Simplified deployment configuration
Because Windows 10 releases on a single Semi-Annual Channel (SAC), beginning in Windows 10, version 1903, we have simplified deployment ring creation with a single common start date for phased deployments across an organization. With a common start date, you can more easily use Windows Update for Business to implement a customized deployment plan (using deferral rings) to manage the validation and deployment of Windows quality and feature updates.
Windows Update for Business will feature a new UI and behavior to reflect this change, eliminating the dual offset milestone dates for SAC and SAC-T, and reinforcing a single SAC release date as the basis for beginning targeted deployment and working toward broad deployment. As noted in my previous blog post, Windows Update for Business and the retirement of SAC-T, we will handle this one-time transition in the following manner:
- If you have configured a device deferral based on the SAC-T branch-readiness level, your devices will be offered the update once the configured number of deferral days have passed. Thus, no change from previous releases.
- For devices that have been configured with a branch readiness of SAC, for the upgrade to version 1903 only, we will add an additional 60 days to the configured deferral. This will simulate the delay previously experienced when Microsoft declared the SAC milestone. For example, if your device is currently configured to defer updates 30 days from the SAC release date, for the upgrade to version 1903 (and this time only), we would append a 60-day delay to that configured 30-day deferral, meaning that the device would be upgraded 90 days (60+30) after version 1903 is released. (Note: the additional 60 days will be handled on our service side and will not be reflected in your device configuration or on the Windows 10 release information page.)
Once your devices have been updated to Windows 10, version 1903, please modify your Windows Update for Business deferral values if you wish to proceed with designating an additional delay between your targeted phase and broad deployment phase for the next Windows 10 feature update.
Compliance deadline enhancements
Compliance deadlines in Windows Update for Business help you manage how quickly devices in your organization receive and apply an update, often referred to as the update velocity. They provide you with the ability to define separate reboot experiences for Windows 10 feature and quality updates, and offer a proactive reboot escalation path as a device approaches the deadline.
With Windows 10, version 1903, we are bringing the following improvements to the deadline experience in Windows Update for Business:
- A new notification and reboot scheduling experience for end users
- Enforcement of update installation and reboot deadlines to achieve velocity goals
- Ability to provide end user control over reboots for a specific time period
- Control of the update behavior outside of active hours
With these improvements, it will be easier for you to consistently ensure update compliance for your organization, including your mobile workforce. With previous releases, enforcement of a configured deadline began only after a device installed the update and was pending a reboot (to apply the update). Beginning with Windows 10, version 1903, deadline enforcement begins the day an update is offered to a device, after any configured deferral has expired. IT administrators can leverage compliance deadlines to control deadline behavior for feature updates, quality updates, and non-OS updates. For example:
- Quality update deadline (days): Acceptable values 2-30 days | Default value 7 days
- Feature update deadline (days): Acceptable values 2-30 days | Default value 7 days
- Grace period (days): Acceptable values 0-7 days | Default value 2 days
In this example, the first two configurations specify the number of days the device being targeted for that class of updates will have before a mandatory reboot takes place. The third configuration will be new to Windows Update for Business, and enables you to configure a grace period, i.e. the minimum amount of time an end user has to commit to a restart. This provides a less rigid update experience for scenarios such as business travel and vacations. Using grace periods, an end user who returns from vacation would have additional days before needing to complete the reboot on her device.
Improved reporting in Update Compliance
Update Compliance is a service that enables you to utilize Windows Update for Business to monitor the update status of devices within your organization. Starting with Windows 10, version 1903, those utilizing Update Compliance can now determine which of their managed devices are not receiving a feature update due to a hardware or software compatibility issue identified by Microsoft. See the Update Compliance documentation for more details on identifying which devices are held back from updating due to known issues. To see the current upgrade compatibility holds in place, visit the Windows release health dashboard.
Changes to diagnostic data requirements
Beginning with Windows 10, version 1903, Windows Update for Business no longer requires a diagnostic data level of Basic or higher to enforce configured policies. Instead, privacy-sensitive organizations can utilize Windows Update for Business policies, regardless of the diagnostic data level chosen, for any devices running Windows 10, version 1607 or later.
Please note; however, that Microsoft analytics tools such as Windows Analytics still require a higher diagnostic data level in order to surface deployment insights.
Learn more
I am excited to share with you the improvements coming to Windows Update for Business in Windows 10, version 1903, and encourage you to continue using Feedback Hub to share your thoughts and suggestions on additional features and functionality that would help you leverage it in your organization. Additionally, if you’re not already using it in your organization, I recommend Update Compliance to gain better insights into the update status of devices in your organization and any update blockers. To learn more, see the following resources:
- Deploy updates using Windows Update for Business
- Configure Windows Update for Business
- Integrate Windows Update for Business with management solutions
- Walkthrough: use Group Policy to configure Windows Update for Business
- Manage software updates in Intune using Windows Update for Business
- Getting Started with Update Compliance