mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
safety commit
This commit is contained in:
jaimeo
parent
845ce07813
commit
9dd415335b
@ -13,7 +13,7 @@ ms.collection: M365-modern-desktop
|
|||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.custom: seo-marvel-apr2020
|
ms.custom: seo-marvel-apr2020
|
||||||
---
|
---
|
||||||
|
{DELETE}
|
||||||
# Deploy feature updates during maintenance windows
|
# Deploy feature updates during maintenance windows
|
||||||
|
|
||||||
**Applies to**: Windows 10
|
**Applies to**: Windows 10
|
||||||
@ -105,7 +105,7 @@ or documentation, even if Microsoft has been advised of the possibility of such
|
|||||||
```
|
```
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> If you elect not to override the default setup priority, you will need to increase the [maximum run time](/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for Feature Update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
|
> If you elect not to override the default setup priority, you will need to increase the [maximum run time](/sccm/sum/get-started/manage-settings-for-software-updates#BKMK_SetMaxRunTime) value for feature update to Windows 10, version 1709 or higher from the default of 60 minutes. A value of 240 minutes may be required. Remember to ensure that your maintenance window duration is larger than your defined maximum run time value.
|
||||||
|
|
||||||
## Manually deploy feature updates
|
## Manually deploy feature updates
|
||||||
|
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
title: Windows 10 updates, channels, and tools
|
title: Windows client updates, channels, and tools
|
||||||
description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them
|
description: Brief summary of the kinds of Windows updates, the channels they are served through, and the tools for managing them
|
||||||
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
|
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
@ -12,7 +12,12 @@ manager: laurawi
|
|||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
# Windows 10 updates, channels, and tools
|
# Windows client updates, channels, and tools
|
||||||
|
|
||||||
|
**Applies to**
|
||||||
|
|
||||||
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
## How Windows updates work
|
## How Windows updates work
|
||||||
|
|
||||||
@ -30,34 +35,31 @@ version of the software.
|
|||||||
|
|
||||||
We include information here about many different update types you'll hear about, but the two overarching types that you have the most direct control over are *feature updates* and *quality updates*.
|
We include information here about many different update types you'll hear about, but the two overarching types that you have the most direct control over are *feature updates* and *quality updates*.
|
||||||
|
|
||||||
- **Feature updates:** Released twice per year, during the first half and second half of each calendar year. Feature updates add new features and functionality to Windows 10. Because they are delivered frequently (rather than every 3-5 years), they are easier to manage.
|
- **Feature updates:** Released as soon as they become available. Feature updates add new features and functionality to Windows 10. Because they are delivered frequently (rather than every 3-5 years), they are easier to manage.
|
||||||
- **Quality updates:** Quality updates deliver both security and non-security fixes to Windows 10. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are *cumulative*, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update, including any out-of-band security fixes and any *servicing stack updates* that might have been released previously.
|
- **Quality updates:** Quality updates deliver both security and non-security fixes. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. They are typically released on the second Tuesday of each month, though they can be released at any time. The second-Tuesday releases are the ones that focus on security updates. Quality updates are *cumulative*, so installing the latest quality update is sufficient to get all the available fixes for a specific feature update, including any out-of-band security fixes and any *servicing stack updates* that might have been released previously.
|
||||||
- **Servicing stack updates:** The "servicing stack" is the code component that actually installs Windows updates. From time to time, the servicing stack itself needs to be updated in order to function smoothly. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. Servicing stack updates are not necessarily included in *every* monthly quality update, and occasionally are released out of band to address a late-breaking issue. Always install the latest available quality update to catch any servicing stack updates that might have been released. The servicing stack also contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). For more detail about servicing stack updates, see [Servicing stack updates](servicing-stack-updates.md).
|
- **Servicing stack updates:** The "servicing stack" is the code component that actually installs Windows updates. From time to time, the servicing stack itself needs to be updated in order to function smoothly. If you don't install the latest servicing stack update, there's a risk that your device can't be updated with the latest Microsoft security fixes. Servicing stack updates are not necessarily included in *every* monthly quality update, and occasionally are released out of band to address a late-breaking issue. Always install the latest available quality update to catch any servicing stack updates that might have been released. The servicing stack also contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month. You can find a list of servicing stack updates at [Latest servicing stack updates](https://portal.msrc.microsoft.com/security-guidance/advisory/ADV990001). For more detail about servicing stack updates, see [Servicing stack updates](servicing-stack-updates.md).
|
||||||
- **Driver updates**: These update drivers applicable to your devices. Driver updates are turned off by default in Windows Server Update Services (WSUS), but for cloud-based update methods, you can control whether they are installed or not.
|
- **Driver updates**: These update drivers applicable to your devices. Driver updates are turned off by default in Windows Server Update Services (WSUS), but for cloud-based update methods, you can control whether they are installed or not.
|
||||||
- **Microsoft product updates:** These update other Microsoft products, such as Office. You can enable or disable Microsoft updates by using policies controlled by various servicing tools.
|
- **Microsoft product updates:** These update other Microsoft products, such as Office. You can enable or disable Microsoft updates by using policies controlled by various servicing tools.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Servicing channels
|
## Servicing channels
|
||||||
|
|
||||||
Windows 10 offers three servicing channels, each of which offers you a different level of flexibility with how and when updates are delivered to devices. Using the different servicing channels allows you to deploy Windows 10 "as a service," which conceives of deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process.
|
There are three servicing channels, each of which offers you a different level of flexibility with how and when updates are delivered to devices. Using the different servicing channels allows you to deploy Windows "as a service," which conceives of deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process.
|
||||||
|
|
||||||
The first step of controlling when and how devices install updates is assigning them to the appropriate servicing channel. You can assign devices to a particular channel with any of several tools, including Microsoft Endpoint Configuration Manager, Windows Server Update Services (WSUS), and Group Policy settings applied by any of several means. By dividing devices into different populations ("deployment groups" or "rings") you can use servicing channel assignment, followed by other management features such as update deferral policies, to create a phased deployment of any update that allows you to start with a limited pilot deployment for testing before moving to a broad deployment throughout your organization.
|
The first step of controlling when and how devices install updates is assigning them to the appropriate servicing channel. You can assign devices to a particular channel with any of several tools, including Microsoft Endpoint Configuration Manager, Windows Server Update Services (WSUS), and Group Policy settings applied by any of several means. By dividing devices into different populations ("deployment groups" or "rings") you can use servicing channel assignment, followed by other management features such as update deferral policies, to create a phased deployment of any update that allows you to start with a limited pilot deployment for testing before moving to a broad deployment throughout your organization.
|
||||||
|
|
||||||
|
|
||||||
### Semi-annual Channel
|
### General Availability Channel
|
||||||
|
|
||||||
In the Semi-annual Channel, feature updates are available as soon as Microsoft releases them, twice per year. As long as a device isn't set to defer feature updates, any device using the Semi-annual Channel will install a feature update as soon as it's released. If you use Windows Update for Business, the Semi-annual Channel provides three months of additional total deployment time before being required to update to the next release.
|
In the General Availability Channel, feature updates are available as soon as Microsoft releases them. As long as a device isn't set to defer feature updates, any device in this channel will install a feature update as soon as it's released. If you use Windows Update for Business, the channel provides three months of additional total deployment time before being required to update to the next release.
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.
|
|
||||||
|
|
||||||
### Windows Insider Program for Business
|
### Windows Insider Program for Business
|
||||||
|
|
||||||
Insider preview releases are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. There are actually three options within the Windows Insider Program for Business channel:
|
Insider preview releases are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered. There are actually three options within the Windows Insider Program for Business channel:
|
||||||
|
|
||||||
- Windows Insider Fast
|
- Windows Insider Dev
|
||||||
- Windows Insider Slow
|
- Windows Insider Beta
|
||||||
- Windows Insider Release Preview
|
- Windows Insider Release Preview
|
||||||
|
|
||||||
We recommend that you use the Windows Insider Release Preview channel for validation activities.
|
We recommend that you use the Windows Insider Release Preview channel for validation activities.
|
||||||
@ -67,10 +69,10 @@ We recommend that you use the Windows Insider Release Preview channel for valida
|
|||||||
|
|
||||||
The **Long-Term Servicing Channel** is designed to be used only for specialized devices (which typically don't run Office) such as ones that control medical equipment or ATMs. Devices on this channel receive new feature releases every two to three years. LTSB releases service a special LTSB edition of Windows 10 and are only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
|
The **Long-Term Servicing Channel** is designed to be used only for specialized devices (which typically don't run Office) such as ones that control medical equipment or ATMs. Devices on this channel receive new feature releases every two to three years. LTSB releases service a special LTSB edition of Windows 10 and are only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
|
||||||
|
|
||||||
The Semi-Annual Channel is the default servicing channel for all Windows 10 devices except those with the LTSB edition installed. The following table shows the servicing channels available to each Windows 10 edition.
|
The General Availability Channel is the default servicing channel for all Windows devices except those with the LTSB edition installed. The following table shows the servicing channels available to each edition.
|
||||||
|
|
||||||
|
|
||||||
| Windows 10 edition | Semi-Annual Channel | Insider Program | Long-Term Servicing Channel |
|
| Edition | General Availability Channel | Insider Program | Long-Term Servicing Channel |
|
||||||
| --- | --- | --- | --- |
|
| --- | --- | --- | --- |
|
||||||
| Home | | | |
|
| Home | | | |
|
||||||
| Pro |  |  | |
|
| Pro |  |  | |
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: How Windows Update works
|
title: How Windows Update works
|
||||||
description: In this article, learn about the process Windows Update uses to download and install updates on a Windows 10 devices.
|
description: In this article, learn about the process Windows Update uses to download and install updates on a Windows client devices.
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl:
|
ms.mktglfcycl:
|
||||||
audience: itpro
|
audience: itpro
|
||||||
|
|||||||
@ -14,6 +14,11 @@ ms.collection: m365initiative-coredeploy
|
|||||||
|
|
||||||
# Define update strategy with a calendar
|
# Define update strategy with a calendar
|
||||||
|
|
||||||
|
**Applies to**
|
||||||
|
|
||||||
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
|
Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices.
|
||||||
|
|
||||||
Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
|
Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
|
||||||
@ -21,7 +26,7 @@ Today, more organizations are treating deployment as a continual process of upda
|
|||||||
Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, and so you might choose to update annually. The 18/30 month lifecycle cadence lets you allow some portion of your environment to move faster while a majority can move less quickly.
|
Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, and so you might choose to update annually. The 18/30 month lifecycle cadence lets you allow some portion of your environment to move faster while a majority can move less quickly.
|
||||||
|
|
||||||
## Calendar approaches
|
## Calendar approaches
|
||||||
You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing Windows 10 feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
|
You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
|
||||||
|
|
||||||
### Annual
|
### Annual
|
||||||
Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Manager and Microsoft 365 Apps release cycles:
|
Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Manager and Microsoft 365 Apps release cycles:
|
||||||
@ -38,14 +43,4 @@ This cadence might be most suitable for you if any of these conditions apply:
|
|||||||
|
|
||||||
- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months).
|
- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months).
|
||||||
|
|
||||||
### Rapid
|
|
||||||
This calendar shows an example schedule that installs each feature update as it is released, twice per year:
|
|
||||||
|
|
||||||
[  ](images/rapid-calendar.png#lightbox)
|
|
||||||
|
|
||||||
This cadence might be best for you if these conditions apply:
|
|
||||||
|
|
||||||
- You have a strong appetite for change.
|
|
||||||
- You want to continuously update supporting infrastructure and unlock new scenarios.
|
|
||||||
- Your organization has a large population of information workers that can use the latest features and functionality in Windows 10 and Office.
|
|
||||||
- You have experience with feature updates for Windows 10.
|
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
title: Configure Windows Update for Business (Windows 10)
|
title: Configure Windows Update for Business
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
|
description: You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices.
|
||||||
@ -19,13 +19,14 @@ ms.topic: article
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
- Windows Server 2016
|
- Windows Server 2016
|
||||||
- Windows Server 2019
|
- Windows Server 2019
|
||||||
|
- Windows Server 2022
|
||||||
|
|
||||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||||
|
|
||||||
|
You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and later, including Windows 11. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
|
||||||
You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).
|
|
||||||
|
|
||||||
> [!IMPORTANT]
|
> [!IMPORTANT]
|
||||||
> Beginning with Windows 10, version 1903, organizations can use Windows Update for Business policies, regardless of the diagnostic data level chosen. If the diagnostic data level is set to **0 (Security)**, Windows Update for Business policies will still be honored. For instructions, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
|
> Beginning with Windows 10, version 1903, organizations can use Windows Update for Business policies, regardless of the diagnostic data level chosen. If the diagnostic data level is set to **0 (Security)**, Windows Update for Business policies will still be honored. For instructions, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
|
||||||
@ -33,7 +34,7 @@ You can use Group Policy or your mobile device management (MDM) service to confi
|
|||||||
|
|
||||||
## Start by grouping devices
|
## Start by grouping devices
|
||||||
|
|
||||||
By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups which can be as a quality control measure as updates are deployed in Windows 10. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization. For more information, see [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md).
|
By grouping devices with similar deferral periods, administrators are able to cluster devices into deployment or validation groups which can be as a quality control measure as updates are deployed. With deferral windows and the ability to pause updates, administrators can effectively control and measure update deployments, updating a small pool of devices first to verify quality, prior to a broader roll-out to their organization.
|
||||||
|
|
||||||
>[!TIP]
|
>[!TIP]
|
||||||
>In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsoft’s design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/).
|
>In addition to setting up multiple rings for your update deployments, also incorporate devices enrolled in the Windows Insider Program as part of your deployment strategy. This will provide you the chance to not only evaluate new features before they are broadly available to the public, but it also increases the lead time to provide feedback and influence Microsoft’s design on functional aspects of the product. For more information on Windows Insider program, see [https://insider.windows.com/](https://insider.windows.com/).
|
||||||
@ -43,13 +44,13 @@ By grouping devices with similar deferral periods, administrators are able to cl
|
|||||||
|
|
||||||
## Configure devices for the appropriate service channel
|
## Configure devices for the appropriate service channel
|
||||||
|
|
||||||
With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the Semi-Annual Channel servicing branch. For more information on this servicing model, see [Windows 10 servicing options](waas-overview.md#servicing-channels).
|
With Windows Update for Business, you can set a device to be on either Windows Insider Preview or the General Availability Channel servicing branch. For more information on this servicing model, see [Servicing channels](waas-overview.md#servicing-channels).
|
||||||
|
|
||||||
**Release branch policies**
|
**Release branch policies**
|
||||||
|
|
||||||
| Policy | Sets registry key under HKLM\Software |
|
| Policy | Sets registry key under HKLM\Software |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
|
| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when feature updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\BranchReadinessLevel |
|
||||||
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade |
|
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgrade |
|
||||||
| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**BranchReadinessLevel** | \Microsoft\PolicyManager\default\Update\BranchReadinessLevel |
|
| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**BranchReadinessLevel** | \Microsoft\PolicyManager\default\Update\BranchReadinessLevel |
|
||||||
| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**RequireDeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
|
| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**RequireDeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
|
||||||
@ -64,9 +65,9 @@ Starting with Windows 10, version 1703, users can configure the branch readiness
|
|||||||
|
|
||||||
## Configure when devices receive feature updates
|
## Configure when devices receive feature updates
|
||||||
|
|
||||||
After you configure the servicing branch (Windows Insider Preview or Semi-Annual Channel), you can then define if, and for how long, you would like to defer receiving Feature Updates following their availability from Microsoft on Windows Update. You can defer receiving these Feature Updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.
|
After you configure the servicing branch (Windows Insider Preview or General Availability Channel), you can then define if, and for how long, you would like to defer receiving feature updates following their availability from Microsoft on Windows Update. You can defer receiving these feature updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.
|
||||||
|
|
||||||
For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriodinDays=30` will not install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
|
For example, a device on the General Availability Channel with `DeferFeatureUpdatesPeriodinDays=30` will not install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
|
||||||
|
|
||||||
|
|
||||||
</br></br>
|
</br></br>
|
||||||
@ -74,7 +75,7 @@ For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriod
|
|||||||
|
|
||||||
| Policy | Sets registry key under HKLM\Software |
|
| Policy | Sets registry key under HKLM\Software |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when Feature Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
|
| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when feature updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferFeatureUpdatesPeriodInDays |
|
||||||
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgradePeriod |
|
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpgradePeriod |
|
||||||
| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferFeatureUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays |
|
| MDM for Windows 10, version 1607 and later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferFeatureUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferFeatureUpdatesPeriodInDays |
|
||||||
| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
|
| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpgrade |
|
||||||
@ -84,7 +85,7 @@ For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriod
|
|||||||
|
|
||||||
## Pause feature updates
|
## Pause feature updates
|
||||||
|
|
||||||
You can also pause a device from receiving Feature Updates by a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable Feature Updates. Following this scan, you can then pause Feature Updates for the device again.
|
You can also pause a device from receiving feature updates by a period of up to 35 days from when the value is set. After 35 days has passed, the pause setting will automatically expire and the device will scan Windows Update for applicable feature updates. Following this scan, you can then pause feature updates for the device again.
|
||||||
|
|
||||||
Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
|
Starting with Windows 10, version 1703, when you configure a pause by using policy, you must set a start date for the pause to begin. The pause period is calculated by adding 35 days to this start date.
|
||||||
|
|
||||||
@ -98,20 +99,20 @@ In cases where the pause policy is first applied after the configured start date
|
|||||||
|
|
||||||
| Policy | Sets registry key under HKLM\Software |
|
| Policy | Sets registry key under HKLM\Software |
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when Feature Updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
|
| GPO for Windows 10, version 1607 or later: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > **Select when feature updates are received** | **1607:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdates</br>**1703 and later:** \Policies\Microsoft\Windows\WindowsUpdate\PauseFeatureUpdatesStartTime |
|
||||||
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
|
| GPO for Windows 10, version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\Pause |
|
||||||
| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates</br> **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime |
|
| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseFeatureUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdates</br> **1703 and later:** \Microsoft\PolicyManager\default\Update\PauseFeatureUpdatesStartTime |
|
||||||
| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
|
| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
|
||||||
|
|
||||||
You can check the date that Feature Updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
|
You can check the date that feature updates were paused by checking the registry key **PausedFeatureDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
|
||||||
|
|
||||||
The local group policy editor (GPEdit.msc) will not reflect whether the Feature Update pause period has expired. Although the device will resume Feature Updates after 35 days automatically, the pause checkbox will remain selected in the policy editor. To check whether a device has automatically resumed taking Feature Updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
|
The local group policy editor (GPEdit.msc) will not reflect whether the feature update pause period has expired. Although the device will resume feature updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking feature updates, check the status registry key **PausedFeatureStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
|
||||||
|
|
||||||
| Value | Status|
|
| Value | Status|
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
| 0 | Feature Updates not paused |
|
| 0 | feature updates not paused |
|
||||||
| 1 | Feature Updates paused |
|
| 1 | feature updates paused |
|
||||||
| 2 | Feature Updates have auto-resumed after being paused |
|
| 2 | feature updates have auto-resumed after being paused |
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>If not configured by policy, individual users can pause feature updates by using **Settings > Update & security > Windows Update > Advanced options**.
|
>If not configured by policy, individual users can pause feature updates by using **Settings > Update & security > Windows Update > Advanced options**.
|
||||||
@ -122,9 +123,9 @@ Starting with Windows 10, version 1703, using Settings to control the pause beha
|
|||||||
- Any pending update installations are canceled.
|
- Any pending update installations are canceled.
|
||||||
- Any update installation running when pause is activated will attempt to roll back.
|
- Any update installation running when pause is activated will attempt to roll back.
|
||||||
|
|
||||||
## Configure when devices receive Quality Updates
|
## Configure when devices receive quality updates
|
||||||
|
|
||||||
Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving Quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
|
Quality updates are typically published on the second Tuesday of every month, although they can be released at any time. You can define if, and for how long, you would like to defer receiving quality updates following their availability. You can defer receiving these quality updates for a period of up to 30 days from their release by setting the **DeferQualityUpdatesPeriodinDays** value.
|
||||||
|
|
||||||
You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
|
You can set your system to receive updates for other Microsoft products—known as Microsoft updates (such as Microsoft Office, Visual Studio)—along with Windows updates by setting the **AllowMUUpdateService** policy. When you do this, these Microsoft updates will follow the same deferral and pause rules as all other quality updates.
|
||||||
|
|
||||||
@ -160,15 +161,15 @@ In cases where the pause policy is first applied after the configured start date
|
|||||||
| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseQualityUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdates</br>**1703:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime |
|
| MDM for Windows 10, version 1607 or later: </br>../Vendor/MSFT/Policy/Config/Update/</br>**PauseQualityUpdates** | **1607:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdates</br>**1703:** \Microsoft\PolicyManager\default\Update\PauseQualityUpdatesStartTime |
|
||||||
| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
|
| MDM for Windows 10, version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\Pause |
|
||||||
|
|
||||||
You can check the date that quality Updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
|
You can check the date that quality updates were paused by checking the registry key **PausedQualityDate** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings**.
|
||||||
|
|
||||||
The local group policy editor (GPEdit.msc) will not reflect whether the quality Update pause period has expired. Although the device will resume quality Updates after 35 days automatically, the pause checkbox will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
|
The local group policy editor (GPEdit.msc) will not reflect whether the quality update pause period has expired. Although the device will resume quality updates after 35 days automatically, the pause check box will remain selected in the policy editor. To check whether a device has automatically resumed taking quality Updates, check the status registry key **PausedQualityStatus** under **HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\Settings** for the following values:
|
||||||
|
|
||||||
| Value | Status|
|
| Value | Status|
|
||||||
| --- | --- |
|
| --- | --- |
|
||||||
| 0 | Quality Updates not paused |
|
| 0 | quality updates not paused |
|
||||||
| 1 | Quality Updates paused |
|
| 1 | quality updates paused |
|
||||||
| 2 | Quality Updates have auto-resumed after being paused |
|
| 2 | quality updates have auto-resumed after being paused |
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>If not configured by policy, individual users can pause quality updates by using **Settings > Update & security > Windows Update > Advanced options**.
|
>If not configured by policy, individual users can pause quality updates by using **Settings > Update & security > Windows Update > Advanced options**.
|
||||||
@ -193,8 +194,8 @@ The **Manage preview builds** setting gives administrators control over enabling
|
|||||||
>* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds**
|
>* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds**
|
||||||
>* MDM: **System/AllowBuildPreview**
|
>* MDM: **System/AllowBuildPreview**
|
||||||
|
|
||||||
The policy settings to **Select when Feature Updates are received** allows you to choose between preview flight rings, and allows you to defer or pause their delivery.
|
The policy settings to **Select when feature updates are received** allows you to choose between preview flight rings, and allows you to defer or pause their delivery.
|
||||||
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
|
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and feature updates are received*
|
||||||
* MDM: **Update/BranchReadinessLevel**
|
* MDM: **Update/BranchReadinessLevel**
|
||||||
|
|
||||||
## Exclude drivers from quality updates
|
## Exclude drivers from quality updates
|
||||||
@ -216,7 +217,7 @@ The following are quick-reference tables of the supported policy values for Wind
|
|||||||
|
|
||||||
| GPO Key | Key type | Value |
|
| GPO Key | Key type | Value |
|
||||||
| --- | --- | --- |
|
| --- | --- | --- |
|
||||||
| BranchReadinessLevel | REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel </br>32: systems take Feature Updates from Semi-Annual Channel </br>Note: Other value or absent: receive all applicable updates |
|
| BranchReadinessLevel | REG_DWORD | 2: systems take feature updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take feature updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take feature updates for the Release Windows Insider build (added in Windows 10, version 1709)</br></br>Other value or absent: receive all applicable updates |
|
||||||
| DeferQualityUpdates | REG_DWORD | 1: defer quality updates</br>Other value or absent: don’t defer quality updates |
|
| DeferQualityUpdates | REG_DWORD | 1: defer quality updates</br>Other value or absent: don’t defer quality updates |
|
||||||
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
|
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
|
||||||
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
|
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
|
||||||
@ -230,7 +231,7 @@ The following are quick-reference tables of the supported policy values for Wind
|
|||||||
|
|
||||||
| MDM Key | Key type | Value |
|
| MDM Key | Key type | Value |
|
||||||
| --- | --- | --- |
|
| --- | --- | --- |
|
||||||
| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-Annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-Annual Channel </br>32: systems take Feature Updates from Semi-Annual Channel </br>Note: Other value or absent: receive all applicable updates |
|
| BranchReadinessLevel | REG_DWORD |2: systems take feature updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take feature updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take feature updates for the Release Windows Insider build (added in Windows 10, version 1709) </br>32: systems take feature updates from General Availability Channel </br>Note: Other value or absent: receive all applicable updates |
|
||||||
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
|
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
|
||||||
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
|
| PauseQualityUpdatesStartTime | REG_DWORD | 1: pause quality updates</br>Other value or absent: don’t pause quality updates |
|
||||||
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |
|
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |
|
||||||
@ -253,20 +254,3 @@ When a device running a newer version sees an update available on Windows Update
|
|||||||
| PauseFeatureUpdates | PauseFeatureUpdatesStartTime |
|
| PauseFeatureUpdates | PauseFeatureUpdatesStartTime |
|
||||||
| PauseQualityUpdates | PauseQualityUpdatesStartTime |
|
| PauseQualityUpdates | PauseQualityUpdatesStartTime |
|
||||||
|
|
||||||
## Related topics
|
|
||||||
|
|
||||||
- [Update Windows 10 in the enterprise](index.md)
|
|
||||||
- [Overview of Windows as a service](waas-overview.md)
|
|
||||||
- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
|
|
||||||
- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
|
|
||||||
- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
|
|
||||||
- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
|
|
||||||
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
|
|
||||||
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
|
|
||||||
- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
|
|
||||||
- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
|
|
||||||
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
|
|
||||||
- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
|
|
||||||
- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
|
|
||||||
- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
|
|
||||||
- [Manage device restarts after updates](waas-restart.md)
|
|
||||||
|
|||||||
@ -12,6 +12,8 @@ ms.collection: M365-modern-desktop
|
|||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
|
{DELETE ALTOGETHER??}
|
||||||
|
|
||||||
# Build deployment rings for Windows client updates
|
# Build deployment rings for Windows client updates
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
title: Integrate Windows Update for Business (Windows 10)
|
title: Integrate Windows Update for Business
|
||||||
description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
|
description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: manage
|
ms.mktglfcycl: manage
|
||||||
@ -17,6 +17,7 @@ ms.topic: article
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||||
|
|
||||||
@ -25,7 +26,7 @@ You can integrate Windows Update for Business deployments with existing manageme
|
|||||||
## Integrate Windows Update for Business with Windows Server Update Services
|
## Integrate Windows Update for Business with Windows Server Update Services
|
||||||
|
|
||||||
|
|
||||||
For Windows 10, version 1607, devices can now be configured to receive updates from both Windows Update (or Microsoft Update) and Windows Server Update Services (WSUS). In a joint WSUS and Windows Update for Business setup:
|
For Windows 10, version 1607 and later, devices can be configured to receive updates from both Windows Update (or Microsoft Update) and Windows Server Update Services (WSUS). In a joint WSUS and Windows Update for Business setup:
|
||||||
|
|
||||||
- Devices will receive their Windows content from Microsoft and defer these updates according to Windows Update for Business policy
|
- Devices will receive their Windows content from Microsoft and defer these updates according to Windows Update for Business policy
|
||||||
- All other content synced from WSUS will be directly applied to the device; that is, updates to products other than Windows will not follow your Windows Update for Business deferral policies
|
- All other content synced from WSUS will be directly applied to the device; that is, updates to products other than Windows will not follow your Windows Update for Business deferral policies
|
||||||
@ -34,7 +35,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
|
|||||||
|
|
||||||
**Configuration:**
|
**Configuration:**
|
||||||
|
|
||||||
- Device is configured to defer Windows Quality Updates using Windows Update for Business
|
- Device is configured to defer Windows quality updates using Windows Update for Business
|
||||||
- Device is also configured to be managed by WSUS
|
- Device is also configured to be managed by WSUS
|
||||||
- Device is not configured to enable Microsoft Update (**Update/AllowMUUpdateService** = not enabled)
|
- Device is not configured to enable Microsoft Update (**Update/AllowMUUpdateService** = not enabled)
|
||||||
- Admin has opted to put updates to Office and other products on WSUS
|
- Admin has opted to put updates to Office and other products on WSUS
|
||||||
@ -46,11 +47,11 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
|
|||||||
<tr><td>Third-party drivers</td><td>WSUS</td><td>WSUS</td><td>No</td></tr>
|
<tr><td>Third-party drivers</td><td>WSUS</td><td>WSUS</td><td>No</td></tr>
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
### Configuration example \#2: Excluding drivers from Windows Quality Updates using Windows Update for Business
|
### Configuration example \#2: Excluding drivers from Windows quality updates using Windows Update for Business
|
||||||
|
|
||||||
**Configuration:**
|
**Configuration:**
|
||||||
|
|
||||||
- Device is configured to defer Windows Quality Updates and to exclude drivers from Windows Update Quality Updates (**ExcludeWUDriversInQualityUpdate** = enabled)
|
- Device is configured to defer Windows quality updates and to exclude drivers from Windows Update quality updates (**ExcludeWUDriversInQualityUpdate** = enabled)
|
||||||
- Device is also configured to be managed by WSUS
|
- Device is also configured to be managed by WSUS
|
||||||
- Admin has opted to put Windows Update drivers on WSUS
|
- Admin has opted to put Windows Update drivers on WSUS
|
||||||
|
|
||||||
@ -66,7 +67,7 @@ For Windows 10, version 1607, devices can now be configured to receive updates f
|
|||||||
|
|
||||||
**Configuration:**
|
**Configuration:**
|
||||||
|
|
||||||
- Device is configured to defer Quality Updates using Windows Update for Business and to be managed by WSUS
|
- Device is configured to defer quality updates using Windows Update for Business and to be managed by WSUS
|
||||||
- Device is configured to “receive updates for other Microsoft products” along with updates to Windows (**Update/AllowMUUpdateService** = enabled)
|
- Device is configured to “receive updates for other Microsoft products” along with updates to Windows (**Update/AllowMUUpdateService** = enabled)
|
||||||
- Admin has also placed Microsoft Update, non-Microsoft, and locally published update content on the WSUS server
|
- Admin has also placed Microsoft Update, non-Microsoft, and locally published update content on the WSUS server
|
||||||
|
|
||||||
@ -86,26 +87,9 @@ In this example, the deferral behavior for updates to Office and other non-Windo
|
|||||||
|
|
||||||
## Integrate Windows Update for Business with Microsoft Endpoint Configuration Manager
|
## Integrate Windows Update for Business with Microsoft Endpoint Configuration Manager
|
||||||
|
|
||||||
For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (i.e. setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
|
For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (that is, setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
For more information, see [Integration with Windows Update for Business in Windows 10](/sccm/sum/deploy-use/integrate-windows-update-for-business-windows-10).
|
For more information, see [Integration with Windows Update for Business in Windows 10](/sccm/sum/deploy-use/integrate-windows-update-for-business-windows-10).
|
||||||
|
|
||||||
## Related topics
|
|
||||||
|
|
||||||
- [Update Windows 10 in the enterprise](index.md)
|
|
||||||
- [Overview of Windows as a service](waas-overview.md)
|
|
||||||
- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
|
|
||||||
- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
|
|
||||||
- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
|
|
||||||
- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
|
|
||||||
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
|
|
||||||
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
|
|
||||||
- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
|
|
||||||
- [Configure Windows Update for Business](waas-configure-wufb.md)
|
|
||||||
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
|
|
||||||
- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
|
|
||||||
- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
|
|
||||||
- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
|
|
||||||
- [Manage device restarts after updates](waas-restart.md)
|
|
||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
title: Windows Update for Business (Windows 10)
|
title: Windows Update for Business
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
|
description: Learn how Windows Update for Business lets you manage when devices receive updates from Windows Update.
|
||||||
@ -18,14 +18,15 @@ ms.custom: seo-marvel-apr2020
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
|
|
||||||
Windows Update for Business is a free service that is available for all premium editions including Windows 10 Pro, Enterprise, Pro for Workstation, and Education editions.
|
Windows Update for Business is a free service that is available for all premium editions including Windows 10 and Windows 11 Pro, Enterprise, Pro for Workstation, and Education editions.
|
||||||
|
|
||||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||||
|
|
||||||
|
|
||||||
Windows Update for Business enables IT administrators to keep the Windows 10 devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when Windows 10 devices are updated.
|
Windows Update for Business enables IT administrators to keep the Windows client devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Windows Update service. You can use Group Policy or Mobile Device Management (MDM) solutions such as Microsoft Intune to configure the Windows Update for Business settings that control how and when devices are updated.
|
||||||
|
|
||||||
Specifically, Windows Update for Business lets you control update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization. It also provides a positive update experience for people in your organization.
|
Specifically, Windows Update for Business lets you control update offerings and experiences to allow for reliability and performance testing on a subset of devices before deploying updates across the organization. It also provides a positive update experience for people in your organization.
|
||||||
|
|
||||||
@ -46,7 +47,7 @@ Windows Update for Business enables an IT administrator to receive and manage a
|
|||||||
|
|
||||||
Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
|
Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
|
||||||
|
|
||||||
- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released semi-annually in the fall and in the spring.
|
- **Feature updates:** Previously referred to as "upgrades," feature updates contain not only security and quality revisions, but also significant feature additions and changes. Feature updates are released as soon as they become available.
|
||||||
- **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as updates for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
|
- **Quality updates:** Quality updates are traditional operating system updates, typically released on the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as updates for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and you can set devices to receive such updates (or not) along with their Windows updates.
|
||||||
- **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer.
|
- **Driver updates:** Updates for non-Microsoft drivers that are relevant to your devices. Driver updates are on by default, but you can use Windows Update for Business policies to turn them off if you prefer.
|
||||||
- **Microsoft product updates**: Updates for other Microsoft products, such as versions of Office that are installed by using Windows Installer (MSI). Versions of Office that are installed by using Click-to-Run can't be updated by using Windows Update for Business. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
|
- **Microsoft product updates**: Updates for other Microsoft products, such as versions of Office that are installed by using Windows Installer (MSI). Versions of Office that are installed by using Click-to-Run can't be updated by using Windows Update for Business. Product updates are off by default. You can turn them on by using Windows Update for Business policies.
|
||||||
@ -62,16 +63,15 @@ You can defer or pause the installation of updates for a set period of time.
|
|||||||
|
|
||||||
The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both pre-release and released updates:
|
The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both pre-release and released updates:
|
||||||
|
|
||||||
- Windows Insider Fast
|
- Windows Insider Dev
|
||||||
- Windows Insider Slow
|
- Windows Insider Beta
|
||||||
- Windows Insider Release Preview
|
- Windows Insider Preview
|
||||||
- Semi-Annual Channel
|
- General Availability Channel
|
||||||
|
|
||||||
Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days are calculated against a release’s Semi-Annual Channel release date. For exact release dates, see [Windows Release Information](/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. To use this policy to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
|
|
||||||
|
|
||||||
#### Defer an update
|
#### Defer an update
|
||||||
|
|
||||||
A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and Feature Updates are Received** policy.
|
A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device. That is, if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days. To defer feature updates, use the **Select when Preview Builds and feature updates are Received** policy.
|
||||||
|
|
||||||
|
|
||||||
|Category |Maximum deferral period |
|
|Category |Maximum deferral period |
|
||||||
@ -88,7 +88,7 @@ A Windows Update for Business administrator can defer the installation of both f
|
|||||||
If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated.
|
If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days from a specified start date to prevent other devices from installing it until the issue is mitigated.
|
||||||
If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
|
If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
|
||||||
|
|
||||||
To pause feature updates, use the **Select when Preview Builds and Feature Updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
|
To pause feature updates, use the **Select when Preview Builds and feature updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
|
||||||
|
|
||||||
Built-in benefits:
|
Built-in benefits:
|
||||||
When updating from Windows Update, you get the added benefits of built-in compatibility checks to prevent against a poor update experience for your device as well as a check to prevent repeated rollbacks.
|
When updating from Windows Update, you get the added benefits of built-in compatibility checks to prevent against a poor update experience for your device as well as a check to prevent repeated rollbacks.
|
||||||
@ -110,9 +110,9 @@ Windows Update for Business provides controls to help meet your organization’s
|
|||||||
|
|
||||||
Features like the smart busy check (which ensure updates don't happen when a user is signed in) and active hours help provide the best experience for end users while keeping devices more secure and up to date. Follow these steps to take advantage of these features:
|
Features like the smart busy check (which ensure updates don't happen when a user is signed in) and active hours help provide the best experience for end users while keeping devices more secure and up to date. Follow these steps to take advantage of these features:
|
||||||
|
|
||||||
1. Automatically download, install, and restart (default if no restart policies are set up or enabled)
|
1. Automatically download, install, and restart (default if no restart policies are set up or enabled).
|
||||||
2. Use the default notifications
|
2. Use the default notifications.
|
||||||
3. Set update deadlines
|
3. Set update deadlines.
|
||||||
|
|
||||||
##### Setting deadlines
|
##### Setting deadlines
|
||||||
|
|
||||||
@ -121,101 +121,11 @@ A compliance deadline policy (released in June 2019) enables you to set separate
|
|||||||
This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This approach is useful in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
|
This policy enables you to specify the number of days from an update's publication date that it must be installed on the device. The policy also includes a configurable grace period that specifies the number of days from when the update is installed on the device until the device is forced to restart. This approach is useful in a vacation scenario as it allows, for example, users who have been away to have a bit of time before being forced to restart their devices when they return from vacation.
|
||||||
|
|
||||||
#### Update Baseline
|
#### Update Baseline
|
||||||
The large number of different policies offered for Windows 10 can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
|
|
||||||
|
The large number of different policies offered can be overwhelming. Update Baseline provides a clear list of recommended Windows update policy settings for IT administrators who want the best user experience while also meeting their update compliance goals. The Update Baseline for Windows 10 includes policy settings recommendations covering deadline configuration, restart behavior, power policies, and more.
|
||||||
|
|
||||||
The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. You can get the Update Baseline toolkit from the [Download Center](https://www.microsoft.com/download/details.aspx?id=101056).
|
The Update Baseline toolkit makes it easy by providing a single command for IT Admins to apply the Update Baseline to devices. You can get the Update Baseline toolkit from the [Download Center](https://www.microsoft.com/download/details.aspx?id=101056).
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when.
|
>The Update Baseline toolkit is available only for Group Policy. Update Baseline does not affect your offering policies, whether you’re using deferrals or target version to manage which updates are offered to your devices when. Update Baseline is not currently supported for Windows 11.
|
||||||
|
|
||||||
<!--
|
|
||||||
|
|
||||||
>[!NOTE]
|
|
||||||
> To use Windows Update for Business, you must allow devices to access the Windows Update service.
|
|
||||||
|
|
||||||
## Types of updates managed by Windows Update for Business
|
|
||||||
|
|
||||||
Windows Update for Business provides management policies for several types of updates to Windows 10 devices:
|
|
||||||
|
|
||||||
- **Feature updates:** previously referred to as upgrades, feature updates contain not only security and quality revisions, but also significant feature additions and changes; they are released semi-annually in the fall and in the spring.
|
|
||||||
- **Quality updates:** these are traditional operating system updates, typically released the second Tuesday of each month (though they can be released at any time). These include security, critical, and driver updates. Windows Update for Business also treats non-Windows updates (such as those for Microsoft Office or Visual Studio) as quality updates. These non-Windows Updates are known as "Microsoft updates" and can configure devices to receive or not receive such updates along with their Windows updates.
|
|
||||||
- **Driver updates:** these are non-Microsoft drivers that are applicable to your devices. Driver updates can be turned off by using Windows Update for Business policies.
|
|
||||||
- **Microsoft product updates**: these are updates for other Microsoft products, such as Office. These updates can be enabled or disabled by using Windows Update for Business policy.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Offering
|
|
||||||
|
|
||||||
You can control when updates are applied, for example by deferring when an update is installed on a device or by pausing updates for a certain period.
|
|
||||||
|
|
||||||
### Manage which updates are offered
|
|
||||||
|
|
||||||
Windows Update for Business offers you the ability to turn on or off both driver and Microsoft product updates.
|
|
||||||
|
|
||||||
- Disable Drivers (on/off): When "on," this policy will not include drivers with Windows Update.
|
|
||||||
- Microsoft product updates (on/off): When "on" this policy will install updates for other Microsoft products.
|
|
||||||
|
|
||||||
|
|
||||||
### Manage when updates are offered
|
|
||||||
You can defer or pause the installation of updates for a set period of time.
|
|
||||||
|
|
||||||
#### Defer or pause an update
|
|
||||||
|
|
||||||
A Windows Update for Business administrator can defer the installation of both feature and quality updates from deploying to devices within a bounded range of time from when those updates are first made available on the Windows Update service. You can use this deferral to allow time to validate deployments as they are pushed to devices. Deferrals work by allowing you to specify the number of days after an update is released before it is offered to a device (if you set a feature update deferral period of 365 days, the device will not install a feature update that has been released for less than 365 days). To defer feature updates use the **Select when Preview Builds and Feature Updates are Received** policy.
|
|
||||||
|
|
||||||
|
|
||||||
|Category |Maximum deferral |
|
|
||||||
|---------|---------|
|
|
||||||
|Feature updates | 365 days |
|
|
||||||
|Quality updates | 30 days |
|
|
||||||
|Non-deferrable | none |
|
|
||||||
|
|
||||||
#### Pause an update
|
|
||||||
|
|
||||||
If you discover a problem while deploying a feature or quality update, the IT administrator can pause the update for 35 days to prevent other devices from installing it until the issue is mitigated.
|
|
||||||
|
|
||||||
If you pause a feature update, quality updates are still offered to devices to ensure they stay secure. The pause period for both feature and quality updates is calculated from a start date that you set.
|
|
||||||
|
|
||||||
To pause feature updates use the **Select when Preview Builds and Feature Updates are Received** policy and to pause quality updates use the **Select when Quality Updates are Received** policy. For more information, see [Pause feature updates](waas-configure-wufb.md#pause-feature-updates) and [Pause quality updates](waas-configure-wufb.md#pause-quality-updates).
|
|
||||||
|
|
||||||
#### Select branch readiness level for feature updates
|
|
||||||
|
|
||||||
The branch readiness level enables administrators to specify which channel of feature updates they want to receive. Today there are branch readiness level options for both pre-release and released updates:
|
|
||||||
|
|
||||||
- Windows Insider Program for Business pre-release updates
|
|
||||||
- Windows Insider Fast
|
|
||||||
- Windows Insider Slow
|
|
||||||
- Windows Insider Release Preview
|
|
||||||
- Semi-Annual Channel for released updates
|
|
||||||
|
|
||||||
Prior to Windows 10, version 1903, there are two channels for released updates: Semi-Annual Channel and Semi-Annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-Annual Channel. All deferral days will be calculated against a release's Semi-Annual Channel release date. To see release dates, visit [Windows Release Information](/windows/release-health/release-information). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
|
|
||||||
|
|
||||||
### Recommendations
|
|
||||||
|
|
||||||
For the best experience with Windows Update, follow these guidelines:
|
|
||||||
|
|
||||||
- Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
|
|
||||||
- Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
|
|
||||||
- Make sure that devices have at least 10 GB of free space.
|
|
||||||
- Give devices unobstructed access to the Windows Update service.
|
|
||||||
|
|
||||||
|
|
||||||
## Monitor Windows Updates by using Update Compliance
|
|
||||||
|
|
||||||
Update Compliance provides a holistic view of operating system update compliance, update deployment progress, and failure troubleshooting for Windows 10 devices. This service uses diagnostic data including installation progress, Windows Update configuration, and other information to provide such insights, at no extra cost and without extra infrastructure requirements. Whether used with Windows Update for Business or other management tools, you can be assured that your devices are properly updated.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
For more information about Update Compliance, see [Monitor Windows Updates using Update Compliance](update-compliance-monitor.md).
|
|
||||||
|
|
||||||
|
|
||||||
## Steps to manage updates for Windows 10
|
|
||||||
|
|
||||||
| | |
|
|
||||||
| --- | --- |
|
|
||||||
|  | [Learn about updates and servicing channels](waas-overview.md) |
|
|
||||||
|  | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) |
|
|
||||||
|  | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
|
|
||||||
|  | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
|
|
||||||
|  | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
|
|
||||||
|  | Deploy updates using Windows Update for Business (this topic) </br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
|
|
||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Optimize update delivery for Windows client updates
|
title: Optimize Windows update delivery
|
||||||
description: Two methods of peer-to-peer content distribution are available in Windows 10, Delivery Optimization and BranchCache.
|
description: Two methods of peer-to-peer content distribution are available, Delivery Optimization and BranchCache.
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: manage
|
ms.mktglfcycl: manage
|
||||||
author: jaimeo
|
author: jaimeo
|
||||||
@ -11,7 +11,7 @@ manager: laurawi
|
|||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
|
||||||
# Optimize Windows client update delivery
|
# Optimize Windows update delivery
|
||||||
|
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Overview of Windows as a service (Windows 10)
|
title: Overview of Windows as a service
|
||||||
description: Windows as a service introduces a new way to build, deploy, and service Windows. Learn how Windows as a service works.
|
description: Windows as a service is a way to build, deploy, and service Windows. Learn how Windows as a service works.
|
||||||
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
|
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: manage
|
ms.mktglfcycl: manage
|
||||||
@ -18,10 +18,11 @@ ms.topic: article
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||||
|
|
||||||
The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
|
Windows as a service is a way to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.
|
||||||
|
|
||||||
## Building
|
## Building
|
||||||
|
|
||||||
@ -35,87 +36,65 @@ Of course Microsoft also performs extensive internal testing, with engineering t
|
|||||||
|
|
||||||
## Deploying
|
## Deploying
|
||||||
|
|
||||||
Deploying Windows 10 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, an easy in-place upgrade process can be used to automatically preserve all apps, settings, and data. And once running Windows 10, deployment of Windows 10 feature updates will be equally simple.
|
Deploying Windows 10 and Windows 11 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, you can use an easy in-place upgrade process to automatically preserve all apps, settings, and data. Afterwards, deployment of feature updates is equally simple.
|
||||||
|
|
||||||
One of the biggest challenges for organizations when it comes to deploying a new version of Windows is compatibility testing. Whereas compatibility was previously a concern for organizations upgrading to a new version of Windows, Windows 10 is compatible with most hardware and software capable of running on Windows 7 or later. Because of this high level of compatibility, the app compatibility testing process can be greatly simplified.
|
|
||||||
|
|
||||||
### Application compatibility
|
### Application compatibility
|
||||||
|
|
||||||
Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. With Windows 10, application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously. Microsoft understands the challenges organizations experienced when they migrated from the Windows XP operating system to Windows 7 and has been working to make Windows 10 upgrades a much better experience.
|
Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. .
|
||||||
|
|
||||||
Most Windows 7–compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and diagnostic data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story similar to desktop applications, so most of them will be compatible with Windows 10.
|
|
||||||
|
|
||||||
For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. Desktop Analytics is a cloud-based service that integrates with Configuration Manager. The service provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows endpoints, including assessment of your existing applications. For more, see [Ready for modern desktop retirement FAQ](/mem/configmgr/desktop-analytics/ready-for-windows).
|
For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. Desktop Analytics is a cloud-based service that integrates with Configuration Manager. The service provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows endpoints, including assessment of your existing applications. For more, see [Ready for modern desktop retirement FAQ](/mem/configmgr/desktop-analytics/ready-for-windows).
|
||||||
|
|
||||||
### Device compatibility
|
|
||||||
|
|
||||||
Device compatibility in Windows 10 is also very strong; new hardware is not needed for Windows 10 as any device capable of running Windows 7 or later can run Windows 10. In fact, the minimum hardware requirements to run Windows 10 are the same as those required for Windows 7. Most hardware drivers that functioned in Windows 8.1, Windows 8, or Windows 7 will continue to function in Windows 10.
|
|
||||||
|
|
||||||
## Servicing
|
## Servicing
|
||||||
|
|
||||||
Traditional Windows servicing has included several release types: major revisions (e.g., the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality twice per year, and quality updates that provide security and reliability fixes at least once a month.
|
Traditional Windows servicing has included several release types: major revisions (for example, the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10 and Windows 11, there are two release types: feature updates that add new functionality and quality updates that provide security and reliability fixes.
|
||||||
|
|
||||||
With Windows 10, organizations will need to change the way they approach deploying updates. Servicing channels are the first way to separate users into deployment groups for feature and quality updates. With the introduction of servicing channels comes the concept of a [deployment ring](waas-deployment-rings-windows-10-updates.md), which is simply a way to categorize the combination of a deployment group and a servicing channel to group devices for successive waves of deployment. For more information about developing a deployment strategy that leverages servicing channels and deployment rings, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md).
|
Servicing channels are the first way to separate users into deployment groups for feature and quality updates. For more information about developing a deployment strategy that leverages servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
|
||||||
|
|
||||||
For information about each servicing tool available for Windows 10, see [Servicing tools](#servicing-tools).
|
For information about each servicing tool, see [Servicing tools](#servicing-tools).
|
||||||
|
|
||||||
To align with this new update delivery model, Windows 10 has three servicing channels, each of which provides different levels of flexibility over when these updates are delivered to client computers. For information about the servicing channels available in Windows 10, see [Servicing channels](#servicing-channels).
|
There are three servicing channels, each of which provides different levels of flexibility over when these updates are delivered to client computers. For more information, see [Servicing channels](#servicing-channels).
|
||||||
|
|
||||||
### Naming changes
|
|
||||||
|
|
||||||
There are currently two release channels for Windows 10:
|
There are currently three release channels for Windows clients:
|
||||||
|
|
||||||
- The **Semi-Annual Channel** receives feature updates twice per year.
|
- The **General Availability Channel** receives feature updates as soon as they are available.
|
||||||
- The **Long-Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
|
- The **Long-Term Servicing Channel**, which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
|
||||||
|
- The **Windows Insider Program** provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update.
|
||||||
|
|
||||||
|
>[!NOTE]
|
||||||
|
>With each General Availability release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible.
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>With each Semi-Annual Channel release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion. This will enable you to gain access to new features, experiences, and integrated security as soon as possible. The "Semi-Annual Channel (Targeted)" designation is no longer used. For more information, see the blog post [Windows 10 and the "disappearing" SAC-T](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-and-the-disappearing-SAC-T/ba-p/199747).
|
>Devices on the General Availability Channel must have their diagnostic data set to **1 (Basic)** or higher in order to ensure that the service is performing at the expected quality. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
>For additional information, see the section about [Servicing Channels](#servicing-channels).
|
|
||||||
>
|
|
||||||
>You can also read the blog post [Waas simplified and aligned](https://blogs.technet.microsoft.com/windowsitpro/2017/07/27/waas-simplified-and-aligned/), with details on this change.
|
|
||||||
|
|
||||||
>[!IMPORTANT]
|
|
||||||
>Devices on the Semi-Annual Channel must have their diagnostic data set to **1 (Basic)** or higher, in order to ensure that the service is performing at the expected quality. For instructions to set the diagnostic data level, see [Configure the operating system diagnostic data level](/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
|
|
||||||
|
|
||||||
### Feature updates
|
### Feature updates
|
||||||
|
|
||||||
With Windows 10, Microsoft will package new features into feature updates that can be deployed using existing management tools. Because feature updates are delivered more frequently than with previous Windows releases — twice per year, around March and September, rather than every 3–5 years — changes will be in bite-sized chunks rather than all at once and end user readiness time much shorter.
|
New features are packaged into feature updates that you can deploy using existing management tools. These changes come in bite-sized chunks rather than all at once, decreasing user readiness time.
|
||||||
|
|
||||||
|
|
||||||
### Quality updates
|
### Quality updates
|
||||||
|
|
||||||
Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn’t, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of non-security fixes.
|
Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn’t, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of non-security fixes.
|
||||||
|
|
||||||
In Windows 10, rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators will see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes patching simpler and ensures that customers’ devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from patching. The left side of Figure 1 provides an example of Windows 7 devices in an enterprise and what their current patch level might look like. On the right is what Microsoft’s test environment devices contain. This drastic difference is the basis for many compatibility issues and system anomalies related to Windows updates.
|
Rather than receiving several updates each month and trying to figure out which the organization needs, which ultimately causes platform fragmentation, administrators see one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. This approach makes updating simpler and ensures that devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from updates.
|
||||||
|
|
||||||
**Figure 1**
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Servicing channels
|
## Servicing channels
|
||||||
|
|
||||||
To align with the new method of delivering feature updates and quality updates in Windows 10, Microsoft introduced the concept of servicing channels to allow customers to designate how frequently their individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and then specialized devices that require a longer feature update cycle to ensure continuity.
|
There are three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [General Availability Channel](#general-availability-channel) provides new functionality with feature update releases. Organizations can choose when to deploy updates from the General Availability Channel. The [Long-Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](/windows/release-health/release-information).
|
||||||
|
|
||||||
With that in mind, Windows 10 offers three servicing channels. The [Windows Insider Program](#windows-insider) provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. The [Semi-Annual Channel](#semi-annual-channel) provides new functionality with twice-per-year feature update releases. Organizations can choose when to deploy updates from the Semi-Annual Channel. The [Long-Term Servicing Channel](#long-term-servicing-channel), which is designed to be used only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years. For details about the versions in each servicing channel, see [Windows 10 release information](/windows/release-health/release-information).
|
|
||||||
|
|
||||||
The concept of servicing channels is new, but organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows. For more information about the servicing tool options for Windows 10 and their capabilities, see [Servicing tools](#servicing-tools).
|
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md).
|
> Servicing channels are not the only way to separate groups of devices when consuming updates. Each channel can contain subsets of devices, which staggers servicing even further. For information about the servicing strategy and ongoing deployment process for Windows 10, including the role of servicing channels, see [Plan servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md).
|
||||||
|
|
||||||
### Semi-Annual Channel
|
### General Availability Channel
|
||||||
|
|
||||||
In the Semi-Annual servicing channel, feature updates are available as soon as Microsoft releases them. Windows 10, version 1511, had few servicing tool options to delay feature updates, limiting the use of the Semi-Annual servicing channel. Starting with Windows 10, version 1607, more servicing tools that can delay feature updates for up to 365 days are available. This servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
|
In the General Availability Channel, feature updates are available as soon as Microsoft releases them. This servicing model is ideal for pilot deployments and testing of feature updates and for users such as developers who need to work with the latest features immediately. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
|
||||||
|
|
||||||
When Microsoft officially releases a feature update for Windows 10, it is made available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about Windows 10 servicing tools, see [Servicing tools](#servicing-tools).
|
When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the Semi-Annual Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about servicing tools, see [Servicing tools](#servicing-tools).
|
||||||
|
|
||||||
|
|
||||||
Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases. All customers, independent software vendors (ISVs), and partners should use this time for testing and piloting within their environments. After 2-4 months, we will transition to broad deployment and encourage customers and partners to expand and accelerate the deployment of the release. For customers using Windows Update for Business, the Semi-Annual Channel provides three months of additional total deployment time before being required to update to the next release.
|
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.
|
> All releases of Windows 10 have **18 months of servicing for all editions**--these updates provide security and feature updates for the release. However, fall releases of the **Enterprise and Education editions** will have an **additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release**. This extended servicing window applies to Enterprise and Education editions starting with Windows 10, version 1607.
|
||||||
>
|
>
|
||||||
@ -125,82 +104,44 @@ Organizations are expected to initiate targeted deployment on Semi-Annual Channe
|
|||||||
|
|
||||||
### Long-term Servicing Channel
|
### Long-term Servicing Channel
|
||||||
|
|
||||||
Specialized systems—such as devices that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Windows 10 Enterprise LTSB devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSB clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.
|
Specialized systems—such as devices that control medical equipment, point-of-sale systems, and ATMs—often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The LTSC servicing model prevents Enterprise LTSB devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. With this in mind, quality updates are still immediately available to Windows 10 Enterprise LTSB clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Windows 10 Enterprise LTSB is a separate Long-Term Servicing Channel version.
|
|
||||||
>
|
>
|
||||||
> Long-term Servicing channel is not intended for deployment on most or all the devices in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel.
|
> The Long-term Servicing channel is not intended for deployment on most or all the devices in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the General Availability channel.
|
||||||
|
|
||||||
Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle.
|
Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 or Windows 11 Enterprise LTSB. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle.
|
||||||
|
|
||||||
> [!NOTE]
|
> [!NOTE]
|
||||||
> Windows 10 LTSB will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future Windows 10 LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
|
> LTSB releases will support the currently released processors and chipsets at the time of release of the LTSB. As future CPU generations are released, support will be created through future LTSB releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](https://support.microsoft.com/help/18581/lifecycle-support-policy-faq-windows-products).
|
||||||
|
|
||||||
The Long-term Servicing Channel is available only in the Windows 10 Enterprise LTSB edition. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in Windows 10 Enterprise LTSB edition, even if you install by using sideloading.
|
The Long-term Servicing Channel is available only in the Windows 10 or Windows 11 Enterprise LTSB editions. This edition of Windows doesn’t include a number of applications, such as Microsoft Edge, Microsoft Store, Cortana (though limited search capabilities remain available), Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. These apps are not supported in the Enterprise LTSB editions, even if you install by using sideloading.
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> If an organization has devices currently running Windows 10 Enterprise LTSB that it would like to change to the Semi-Annual Channel, it can make the change without losing user data. Because LTSB is its own SKU, however, an upgrade is required from Windows 10 Enterprise LTSB to Windows 10 Enterprise, which supports the Semi-Annual Channel.
|
|
||||||
|
|
||||||
### Windows Insider
|
### Windows Insider
|
||||||
|
|
||||||
For many IT pros, gaining visibility into feature updates early—before they’re available to the Semi-Annual Channel — can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next Semi-Annual Channel release. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft.
|
For many IT pros, gaining visibility into feature updates early--before they’re available to the Semi-Annual Channel — can be both intriguing and valuable for future end user communications as well as provide the means to test for any issues on the next General Availability release. Windows Insiders can consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds helps both Microsoft and its customers because they have the opportunity to discover possible issues before the update is ever publicly available and can report it to Microsoft.
|
||||||
|
|
||||||
Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started).
|
Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program and provide feedback on any issues they encounter. For information about the Windows Insider Program for Business, go to [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started).
|
||||||
|
|
||||||
>[!NOTE]
|
|
||||||
>Microsoft recommends that all organizations have at least a few devices enrolled in the Windows Insider Program, to include the Windows Insider Program in their deployment plans and to provide feedback on any issues they encounter to Microsoft via our Feedback Hub app.
|
|
||||||
>
|
|
||||||
> The Windows Insider Program isn’t intended to replace Semi-Annual Channel deployments in an organization. Rather, it provides IT pros and other interested parties with pre-release Windows builds that they can test and ultimately provide feedback on to Microsoft.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Servicing tools
|
## Servicing tools
|
||||||
|
|
||||||
There are many tools with which IT pros can service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates:
|
There are many tools you can use to service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates:
|
||||||
|
|
||||||
- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the Defer upgrades check box in Start\Settings\Update & Security\Advanced Options on a Windows 10 device.
|
- **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the **Defer upgrades** check box in **Start\Settings\Update & Security\Advanced Options** on a Windows client device.
|
||||||
- **Windows Update for Business** is the second option for servicing Windows as a service. This servicing tool includes control over update deferment and provides centralized management using Group Policy. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the Semi-Annual Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune.
|
- **Windows Update for Business** includes control over update deferment and provides centralized management using Group Policy or MDM. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the General Availability Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Microsoft Intune.
|
||||||
- **Windows Server Update Services (WSUS)** provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.
|
- **Windows Server Update Services (WSUS)** provides extensive control over updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.
|
||||||
- **Microsoft Endpoint Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.
|
- **Microsoft Endpoint Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.
|
||||||
|
|
||||||
With all these options, which an organization chooses depends on the resources, staff, and expertise its IT organization already has. For example, if IT already uses Microsoft Endpoint Manager to manage Windows updates, it can continue to use it. Similarly, if IT is using WSUS, it can continue to use that. For a consolidated look at the benefits of each tool, see Table 1.
|
**Servicing tools comparison**
|
||||||
|
|
||||||
**Table 1**
|
|
||||||
|
|
||||||
| Servicing tool | Can updates be deferred? | Ability to approve updates | Peer-to-peer option | Additional features |
|
| Servicing tool | Can updates be deferred? | Ability to approve updates | Peer-to-peer option | Additional features |
|
||||||
| --- | --- | --- | --- | --- |
|
| --- | --- | --- | --- | --- |
|
||||||
| Windows Update | Yes (manual) | No | Delivery Optimization | None|
|
| Windows Update | Yes (manual) | No | Delivery Optimization | None|
|
||||||
| Windows Update for Business | Yes | No | Delivery Optimization | Other Group Policy objects |
|
| Windows Update for Business | Yes | No | Delivery Optimization | Other Group Policy objects |
|
||||||
| WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability |
|
| WSUS | Yes | Yes | BranchCache or Delivery Optimization | Upstream/downstream server scalability |
|
||||||
| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache, or Delivery Optimization. For the latter, see [peer-to-peer content distribution](/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#peer-to-peer-content-distribution) and [Optimize Windows 10 Update Delivery](./waas-optimize-windows-10-updates.md) | Distribution points, multiple deployment options |
|
| Configuration Manager | Yes | Yes | BranchCache, Client Peer Cache, or Delivery Optimization. For the latter, see [peer-to-peer content distribution](/configmgr/sum/deploy-use/optimize-windows-10-update-delivery#peer-to-peer-content-distribution) and [Optimize Windows Update Delivery](./waas-optimize-windows-10-updates.md) | Distribution points, multiple deployment options |
|
||||||
|
|
||||||
>[!NOTE]
|
|
||||||
>Due to [naming changes](#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
|
|
||||||
|
|
||||||
</br>
|
|
||||||
|
|
||||||
## Steps to manage updates for Windows 10
|
|
||||||
|
|
||||||
| | |
|
|
||||||
| --- | --- |
|
|
||||||
|  | Learn about updates and servicing channels (this topic) |
|
|
||||||
|  | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) |
|
|
||||||
|  | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
|
|
||||||
|  | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) |
|
|
||||||
|  | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
|
|
||||||
|  | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Related topics
|
|
||||||
|
|
||||||
- [Update Windows 10 in the enterprise](index.md)
|
|
||||||
- [Quick guide to Windows as a service](waas-quick-start.md)
|
|
||||||
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
|
|
||||||
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
|
|
||||||
- [Configure Windows Update for Business](waas-configure-wufb.md)
|
|
||||||
- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
|
|
||||||
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
|
|
||||||
- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
|
|
||||||
- [Manage device restarts after updates](waas-restart.md)
|
|
||||||
|
|||||||
@ -18,17 +18,18 @@ ms.topic: article
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
Windows as a service is a new concept, introduced with the release of Windows 10. While [an extensive set of documentation](index.md) is available explaining all the specifics and nuances, here is a quick guide to the most important concepts.
|
Here is a quick guide to the most important concepts in Windows as a service. For more information, see the [extensive set of documentation](index.md).
|
||||||
|
|
||||||
## Definitions
|
## Definitions
|
||||||
|
|
||||||
Some new terms have been introduced as part of Windows as a service, so you should know what these terms mean.
|
Some new terms have been introduced as part of Windows as a service, so you should know what these terms mean.
|
||||||
- **Feature updates** are released twice per year, around March and September. As the name suggests, these updates add new features to Windows 10, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
|
- **Feature updates** are released twice per year, around March and September. As the name suggests, these updates add new features, delivered in bite-sized chunks compared to the previous practice of Windows releases every 3-5 years.
|
||||||
- **Quality updates** deliver both security and non-security fixes. They are typically released on the second Tuesday of each month, though they can be released at any time. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they are important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md).
|
- **Quality updates** deliver both security and non-security fixes. They are typically released on the second Tuesday of each month, though they can be released at any time. Quality updates include security updates, critical updates, servicing stack updates, and driver updates. Quality updates are cumulative, so installing the latest quality update is sufficient to get all the available fixes for a specific Windows 10 feature update. The "servicing stack" is the code that installs other updates, so they are important to keep current. For more information, see [Servicing stack updates](servicing-stack-updates.md).
|
||||||
- **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
|
- **Insider Preview** builds are made available during the development of the features that will be shipped in the next feature update, enabling organizations to validate new features and confirm compatibility with existing apps and infrastructure, providing feedback to Microsoft on any issues encountered.
|
||||||
- **Servicing channels** allow organizations to choose when to deploy new features.
|
- **Servicing channels** allow organizations to choose when to deploy new features.
|
||||||
- The **Semi-Annual Channel** receives feature updates twice per year.
|
- The **General Availability Channel** receives feature updates as they become available.
|
||||||
- The **Long-Term Servicing Channel**, which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
|
- The **Long-Term Servicing Channel**, which meant only for specialized devices (which typically don't run Office) such as those that control medical equipment or ATM machines, receives new feature releases every two to three years.
|
||||||
- **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization.
|
- **Deployment rings** are groups of devices used to initially pilot, and then to broadly deploy, each feature update in an organization.
|
||||||
|
|
||||||
@ -36,42 +37,20 @@ See [Overview of Windows as a service](waas-overview.md) for more information.
|
|||||||
|
|
||||||
For some interesting in-depth information about how cumulative updates work, see [Windows Updates using forward and reverse differentials](PSFxWhitepaper.md).
|
For some interesting in-depth information about how cumulative updates work, see [Windows Updates using forward and reverse differentials](PSFxWhitepaper.md).
|
||||||
|
|
||||||
## Key Concepts
|
## Key concepts
|
||||||
|
|
||||||
Windows 10 gains new functionality with twice-per-year feature update releases. Initially, organizations will use these feature update releases for pilot deployments to ensure compatibility with existing apps and infrastructure. With each Semi-Annual Channel release, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion.
|
With each release in the General Availability Channel, we recommend beginning deployment right away to devices selected for early adoption (targeted validation) and ramp up to full deployment at your discretion.
|
||||||
|
|
||||||
All releases of Windows 10 have 18 months of servicing for all editions--these updates provide security and feature updates for the release. Customers running Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. These versions include Enterprise and Education editions for Windows 10, versions 1607 and later. Starting in October 2018, all Semi-Annual Channel releases in the September/October timeframe will also have the additional 12 months of servicing for a total of 30 months from the initial release. The Semi-Annual Channel versions released in March/April timeframe will continue to have an 18-month lifecycle.
|
Windows 10 and Windows 11 Enterprise LTSB are separate **Long-Term Servicing Channel** versions. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
|
||||||
|
|
||||||
Windows 10 Enterprise LTSB is a separate **Long-Term Servicing Channel** version. Each release is supported for a total of 10 years (five years standard support, five years extended support). New releases are expected about every three years.
|
For more information, see [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md).
|
||||||
|
|
||||||
For more information, see [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md).
|
|
||||||
|
|
||||||
## Staying up to date
|
## Staying up to date
|
||||||
|
|
||||||
The process for keeping Windows 10 up to date involves deploying a feature update, at an appropriate time after its release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Endpoint Configuration Manager, and non-Microsoft products) to help with this process. [Upgrade Readiness](/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
|
To stay up to date, deploy feature updates at an appropriate time after their release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Endpoint Configuration Manager, and non-Microsoft products) to help with this process. [Upgrade Readiness](/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
|
||||||
|
|
||||||
Because app compatibility, both for desktop apps and web apps, is outstanding with Windows 10, extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
|
Extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
|
||||||
|
|
||||||
This process repeats with each new feature update, twice per year. These are small deployment projects, compared to the large projects that were necessary with the old three-to-five-year Windows release cycles.
|
This process repeats with each new feature update as they become available. These are small deployment projects, compared to the large projects that were necessary with the old three-to-five-year Windows release cycles.
|
||||||
|
|
||||||
Other technologies such as BranchCache and Delivery Optimization, both peer-to-peer distribution tools, can help with the distribution of the feature update installation files.
|
Other technologies such as BranchCache and Delivery Optimization, both peer-to-peer distribution tools, can help with the distribution of the feature update installation files.
|
||||||
|
|
||||||
See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) and [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) for more information.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Learn more
|
|
||||||
|
|
||||||
- [Adopting Windows as a service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft)
|
|
||||||
- [Windows lifecycle fact sheet](https://support.microsoft.com/help/13853/windows-lifecycle-fact-sheet)
|
|
||||||
|
|
||||||
## Related topics
|
|
||||||
|
|
||||||
- [Update Windows 10 in the enterprise](index.md)
|
|
||||||
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
|
|
||||||
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
|
|
||||||
- [Configure Windows Update for Business](waas-configure-wufb.md)
|
|
||||||
- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
|
|
||||||
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
|
|
||||||
- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
|
|
||||||
- [Manage device restarts after updates](waas-restart.md)
|
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
title: Assign devices to servicing channels for Windows 10 updates (Windows 10)
|
title: Assign devices to servicing channels for Windows client updates
|
||||||
description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM
|
description: Learn how to assign devices to servicing channels for Windows 10 updates locally, by using Group Policy, and by using MDM
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
@ -19,18 +19,17 @@ ms.custom:
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
|
|
||||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||||
|
|
||||||
>[!TIP]
|
>[!TIP]
|
||||||
>If you're not familiar with the Windows 10 servicing or release channels, read [Servicing Channels](waas-overview.md#servicing-channels) first.
|
>If you're not familiar with the servicing or release channels, read [Servicing Channels](waas-overview.md#servicing-channels) first.
|
||||||
>
|
|
||||||
>Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
|
|
||||||
|
|
||||||
The Semi-Annual Channel is the default servicing channel for all Windows 10 devices except devices with the LTSB edition installed. The following table shows the servicing channels available to each Windows 10 edition.
|
The General Availability Channel is the default servicing channel for all Windows 10 and Windows 11 devices except devices with the LTSB edition installed. The following table shows the servicing channels available to each edition.
|
||||||
|
|
||||||
| Windows 10 edition | Semi-Annual Channel | Long-Term Servicing Channel | Insider Program |
|
| Edition | General Availability Channel | Long-Term Servicing Channel | Insider Program |
|
||||||
| --- | --- | --- | --- |
|
| --- | --- | --- | --- |
|
||||||
| Home |  |  |  |
|
| Home |  |  |  |
|
||||||
| Pro |  |  |  |
|
| Pro |  |  |  |
|
||||||
@ -41,48 +40,27 @@ The Semi-Annual Channel is the default servicing channel for all Windows 10 devi
|
|||||||
|
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>The LTSB edition of Windows 10 is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
|
>The LTSB edition is only available through the [Microsoft Volume Licensing Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Assign devices to Semi-Annual Channel
|
|
||||||
|
|
||||||
>[!IMPORTANT]
|
|
||||||
>Due to [naming changes](waas-overview.md#naming-changes), older terms like CB and CBB might still be displayed in some of our products, such as in Group Policy. If you encounter these terms, "CB" refers to the Semi-Annual Channel (Targeted)--which is no longer used--while "CBB" refers to the Semi-Annual Channel.
|
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>Devices will automatically recieve updates from the Semi-Annual Channel, unless they are configured to recieve preview updates through the Windows Insider Program.
|
>Devices will automatically receive updates from the Semi-Annual Channel, unless they are configured to receive preview updates through the Windows Insider Program.
|
||||||
|
|
||||||
**To assign devices to the Semi-Annual Channel by using Group Policy**
|
|
||||||
|
|
||||||
|
|
||||||
- In Windows 10, version 1607 and later releases:
|
|
||||||
|
|
||||||
Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Feature Updates are received** - enable policy and set branch readiness level to the Semi-Annual Channel
|
|
||||||
|
|
||||||
**To assign devices to the Semi-Annual Channel by using MDM**
|
|
||||||
|
|
||||||
|
|
||||||
- In Windows 10, version 1607 and later releases:
|
|
||||||
|
|
||||||
../Vendor/MSFT/Policy/Config/Update/**BranchReadinessLevel**
|
|
||||||
|
|
||||||
|
|
||||||
## Enroll devices in the Windows Insider Program
|
## Enroll devices in the Windows Insider Program
|
||||||
|
|
||||||
To get started with the Windows Insider Program for Business, you will need to follow a few steps:
|
To get started with the Windows Insider Program for Business, follows these steps:
|
||||||
|
|
||||||
1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/insidersigninaad/).
|
1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/insidersigninaad/).
|
||||||
2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
|
2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
|
||||||
3. Make sure the **Allow Telemetry** setting is set to **2** or higher.
|
3. Make sure the **Allow Telemetry** setting is set to **2** or higher.
|
||||||
4. Starting with Windows 10, version 1709, set policies to manage preview builds and their delivery:
|
4. For Windows 10, version 1709 or later, set policies to manage preview builds and their delivery:
|
||||||
|
|
||||||
The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
|
The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
|
||||||
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
|
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
|
||||||
* MDM: **Update/ManagePreviewBuilds**
|
* MDM: **Update/ManagePreviewBuilds**
|
||||||
|
|
||||||
The **Branch Readiness Level** settings allow you to choose between preview flight rings, and allows you to defer or pause the delivery of updates.
|
The **Branch Readiness Level** settings allow you to choose between preview flight rings, and allows you to defer or pause the delivery of updates.
|
||||||
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and Feature Updates are received*
|
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/ Windows Update for Business** - *Select when Preview Builds and feature updates are received*
|
||||||
* MDM: **Update/BranchReadinessLevel**
|
* MDM: **Update/BranchReadinessLevel**
|
||||||
|
|
||||||
For more information, see [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started)
|
For more information, see [Windows Insider Program for Business](/windows-insider/at-work-pro/wip-4-biz-get-started)
|
||||||
@ -99,85 +77,3 @@ To prevent devices in your organization from being enrolled in the Insider Progr
|
|||||||
> * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
|
> * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
|
||||||
> * MDM: **Update/ManagePreviewBuilds**
|
> * MDM: **Update/ManagePreviewBuilds**
|
||||||
|
|
||||||
|
|
||||||
## Switching channels
|
|
||||||
|
|
||||||
During the life of a device, it might be necessary or desirable to switch between the available channels. Depending on the channel you are using, the exact mechanism for doing this can be different; some will be simple, others more involved.
|
|
||||||
|
|
||||||
<table>
|
|
||||||
<colgroup>
|
|
||||||
<col width="33%" />
|
|
||||||
<col width="33%" />
|
|
||||||
<col width="33%" />
|
|
||||||
</colgroup>
|
|
||||||
<thead>
|
|
||||||
<tr class="header">
|
|
||||||
<th align="left">From this channel</th>
|
|
||||||
<th align="left">To this channel</th>
|
|
||||||
<th align="left">You need to</th>
|
|
||||||
</tr>
|
|
||||||
</thead>
|
|
||||||
<tbody>
|
|
||||||
<tr class="odd">
|
|
||||||
<td align="left" rowspan="3">Windows Insider Program</td>
|
|
||||||
</tr>
|
|
||||||
<tr class="even">
|
|
||||||
<td align="left">Semi-Annual Channel</td>
|
|
||||||
<td align="left">Not directly possible</td>
|
|
||||||
</tr>
|
|
||||||
<tr class="odd">
|
|
||||||
<td align="left">Long-Term Servicing Channel</td>
|
|
||||||
<td align="left">Not directly possible (requires wipe-and-load).</td>
|
|
||||||
</tr>
|
|
||||||
<tr class="odd">
|
|
||||||
<td align="left" rowspan="3">Semi-Annual Channel</td>
|
|
||||||
<td align="left">Insider</td>
|
|
||||||
<td align="left">Use the Settings app to enroll the device in the Windows Insider Program.</td>
|
|
||||||
</tr>
|
|
||||||
<tr class="even">
|
|
||||||
</tr>
|
|
||||||
<tr class="odd">
|
|
||||||
<td align="left">Long-Term Servicing Channel</td>
|
|
||||||
<td align="left">Not directly possible (requires wipe-and-load).</td>
|
|
||||||
</tr>
|
|
||||||
<tr class="even">
|
|
||||||
<td align="left" rowspan="3">Long-Term Servicing Channel</td>
|
|
||||||
<td align="left">Insider</td>
|
|
||||||
<td align="left">Use media to upgrade to the latest Windows Insider Program build.</td>
|
|
||||||
<tr class="even">
|
|
||||||
<td align="left">Semi-Annual Channel</td>
|
|
||||||
<td align="left">Use media to upgrade. Note that the Semi-Annual Channel build must be a later build.</td>
|
|
||||||
</tr>
|
|
||||||
</tbody>
|
|
||||||
</table>
|
|
||||||
|
|
||||||
## Block user access to Windows Update settings
|
|
||||||
|
|
||||||
In Windows 10, administrators can control user access to Windows Update.
|
|
||||||
|
|
||||||
Administrators can disable the "Check for updates" option for users by enabling the Group Policy setting under **Computer Configuration\Administrative Templates\Windows Components\Windows update\Remove access to use all Windows update features**. Any background update scans, downloads, and installations will continue to work as configured. We don't recomment this setting if you have configured the device to "notify" to download or install as this policy will prevent the user from being able to do so.
|
|
||||||
|
|
||||||
>[!NOTE]
|
|
||||||
> Starting with Windows 10, any Group Policy user configuration settings for Windows Update are no longer supported.
|
|
||||||
|
|
||||||
## Steps to manage updates for Windows 10
|
|
||||||
|
|
||||||
| | |
|
|
||||||
| --- | --- |
|
|
||||||
|  | [Learn about updates and servicing channels](waas-overview.md) |
|
|
||||||
|  | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) |
|
|
||||||
|  | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) |
|
|
||||||
|  | Assign devices to servicing channels for Windows 10 updates (this topic) |
|
|
||||||
|  | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) |
|
|
||||||
|  | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
|
|
||||||
|
|
||||||
## Related topics
|
|
||||||
|
|
||||||
- [Update Windows 10 in the enterprise](index.md)
|
|
||||||
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
|
|
||||||
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
|
|
||||||
- [Configure Windows Update for Business](waas-configure-wufb.md)
|
|
||||||
- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
|
|
||||||
- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
|
|
||||||
- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
|
|
||||||
- [Manage device restarts after updates](waas-restart.md)
|
|
||||||
|
|||||||
@ -15,6 +15,7 @@ ms.collection: M365-modern-desktop
|
|||||||
ms.custom: seo-marvel-apr2020
|
ms.custom: seo-marvel-apr2020
|
||||||
---
|
---
|
||||||
# Understanding the differences between servicing Windows 10-era and legacy Windows operating systems
|
# Understanding the differences between servicing Windows 10-era and legacy Windows operating systems
|
||||||
|
{DELETE}
|
||||||
|
|
||||||
> Applies to: Windows 10
|
> Applies to: Windows 10
|
||||||
>
|
>
|
||||||
|
|||||||
@ -23,39 +23,20 @@ ms.collection: m365initiative-coredeploy
|
|||||||
|
|
||||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||||
|
|
||||||
In the past, traditional Windows deployments tended to be large, lengthy, and expensive. Windows 10 offers a new approach to deploying both quality and feature updates, making the process much simpler and therefore the planning much more straightforward. With Windows as a service, the methodology around updating Windows has changed, moving away from major upgrades every few years to iterative updates twice per year. Each iteration contains a smaller subset of changes so that they won’t seem like substantial differences, like they do today. This image illustrates the level of effort needed for traditional Windows deployments versus servicing Windows 10 and how it is now spread evenly over time versus spiking every few years.
|
Here’s an example of what this process might look like:
|
||||||
|
|
||||||
|
- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the Semi-Annual Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
|
||||||
|
- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSB edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
|
||||||
|
|
||||||
Windows 10 spreads the traditional deployment effort of a Windows upgrade, which typically occurred every few years, over smaller, continuous updates. With this change, you must approach the ongoing deployment and servicing of Windows differently. A strong Windows 10 deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. Here’s an example of what this process might look like:
|
|
||||||
|
|
||||||
- **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the Semi-Annual Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program on a Windows 10 device.
|
|
||||||
- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the Semi-Annual Channel can offer. For those machines, you must install Windows 10 Enterprise LTSB to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly.
|
|
||||||
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
|
- **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
|
||||||
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). Always manage new group policies from the version of Windows 10 they shipped with by using the Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
|
- **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](https://support.microsoft.com/help/929841/how-to-create-the-central-store-for-group-policy-administrative-templa) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
|
||||||
- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. With Windows 10, multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
|
- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
|
||||||
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with Windows 10 will be high, only the most business critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview).
|
- **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview).
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> This strategy is applicable to approaching an environment in which Windows 10 already exists. For information about how to deploy or upgrade to Windows 10 where another version of Windows exists, see [Plan for Windows 10 deployment](../planning/index.md).
|
|
||||||
>
|
|
||||||
> Windows 10 Enterprise LTSC is a separate Long-Term Servicing Channel version.
|
|
||||||
|
|
||||||
Each time Microsoft releases a Windows 10 feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
|
Each time Microsoft releases a feature update, the IT department should use the following high-level process to help ensure that the broad deployment is successful:
|
||||||
|
|
||||||
1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier “Configure test machines” step of the Predeployment strategy section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase. For more information about device and application compatibility in Windows 10, see the section Compatibility.
|
1. **Validate compatibility of business critical apps.** Test your most important business-critical applications for compatibility with the new Windows 10 feature update running on your Windows Insider machines identified in the earlier “Configure test machines” step of the Predeployment strategy section. The list of applications involved in this validation process should be small because most applications can be tested during the pilot phase. For more information about device and application compatibility, see the section Compatibility.
|
||||||
2. **Target and react to feedback.** With Windows 10, Microsoft expects application and device compatibility to be high, but it’s still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity will represent most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the Semi-Annual channel that you identified in the “Recruit volunteers” step of the Predeployment strategy section. Be sure to communicate clearly that you’re looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan in place to address it.
|
2. **Target and react to feedback.** With Windows 10, Microsoft expects application and device compatibility to be high, but it’s still important to have targeted groups within both the IT department and business units to verify application compatibility for the remaining applications in your application portfolio. Because only the most business-critical applications are tested beforehand, this activity will represent most of the application compatibility testing in your environment. It shouldn't necessarily be a formal process but rather user validation by using a particular application. So, the next step is to deploy the feature update to early-adopting IT users and your targeted groups running in the Semi-Annual channel that you identified in the “Recruit volunteers” step of the Predeployment strategy section. Be sure to communicate clearly that you’re looking for feedback as soon as possible, and state exactly how users can submit feedback to you. Should an issue arise, have a remediation plan to address it.
|
||||||
3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings, like the ones discussed in Table 1. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don’t prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department.
|
3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings, like the ones discussed in Table 1. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don’t prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department.
|
||||||
|
|
||||||
|
|
||||||
## Steps to manage updates for Windows client
|
|
||||||
|
|
||||||
| | |
|
|
||||||
| --- | --- |
|
|
||||||
|  | [Learn about updates and servicing channels](waas-overview.md) |
|
|
||||||
|  | Prepare servicing strategy for Windows client updates (this topic) |
|
|
||||||
|  | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) |
|
|
||||||
|  | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
|
|
||||||
|  | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) |
|
|
||||||
|  | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)</br>or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Manage additional Windows Update settings (Windows 10)
|
title: Manage additional Windows Update settings
|
||||||
description: In this article, learn about additional settings to control the behavior of Windows Update in Windows 10.
|
description: In this article, learn about additional settings to control the behavior of Windows Update.
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
audience: itpro
|
audience: itpro
|
||||||
@ -19,11 +19,12 @@ ms.custom: seo-marvel-apr2020
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
|
|
||||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||||
|
|
||||||
You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update (WU) on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more.
|
You can use Group Policy settings or mobile device management (MDM) to configure the behavior of Windows Update on your Windows 10 devices. You can configure the update detection frequency, select when updates are received, specify the update service location and more.
|
||||||
|
|
||||||
## Summary of Windows Update settings
|
## Summary of Windows Update settings
|
||||||
|
|
||||||
@ -45,7 +46,7 @@ You can use Group Policy settings or mobile device management (MDM) to configure
|
|||||||
|
|
||||||
## Scanning for updates
|
## Scanning for updates
|
||||||
|
|
||||||
With Windows 10, admins have a lot of flexibility in configuring how their devices scan and receive updates.
|
Admins have a lot of flexibility in configuring how their devices scan and receive updates.
|
||||||
|
|
||||||
[Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) allows admins to point devices to an internal Microsoft update service location, while [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) gives them the option to restrict devices to just that internal update service. [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) controls how frequently devices scan for updates.
|
[Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location) allows admins to point devices to an internal Microsoft update service location, while [Do not connect to any Windows Update Internet locations](#do-not-connect-to-any-windows-update-internet-locations) gives them the option to restrict devices to just that internal update service. [Automatic Updates Detection Frequency](#automatic-updates-detection-frequency) controls how frequently devices scan for updates.
|
||||||
|
|
||||||
@ -55,7 +56,7 @@ Finally, to make sure the updating experience is fully controlled by the admins,
|
|||||||
|
|
||||||
For additional settings that configure when Feature and Quality updates are received, see [Configure Windows Update for Business](waas-configure-wufb.md).
|
For additional settings that configure when Feature and Quality updates are received, see [Configure Windows Update for Business](waas-configure-wufb.md).
|
||||||
|
|
||||||
### Specify Intranet Microsoft update service location
|
### Specify intranet Microsoft update service location
|
||||||
|
|
||||||
Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
|
Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
|
||||||
This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
|
This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
|
||||||
@ -138,11 +139,11 @@ To configure this policy with MDM, use [AllowNonMicrosoftSignedUpdate](/windows/
|
|||||||
|
|
||||||
To add more flexibility to the update process, settings are available to control update installation.
|
To add more flexibility to the update process, settings are available to control update installation.
|
||||||
|
|
||||||
[Configure Automatic Updates](#configure-automatic-updates) offers 4 different options for automatic update installation, while [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) makes sure drivers are not installed with the rest of the received updates.
|
[Configure Automatic Updates](#configure-automatic-updates) offers four different options for automatic update installation, while [Do not include drivers with Windows Updates](#do-not-include-drivers-with-windows-updates) makes sure drivers are not installed with the rest of the received updates.
|
||||||
|
|
||||||
### Do not include drivers with Windows Updates
|
### Do not include drivers with Windows Updates
|
||||||
|
|
||||||
Allows admins to exclude Windows Update (WU) drivers during updates.
|
Allows admins to exclude Windows Update drivers during updates.
|
||||||
|
|
||||||
To configure this setting in Group Policy, use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not include drivers with Windows Updates**.
|
To configure this setting in Group Policy, use **Computer Configuration\Administrative Templates\Windows Components\Windows update\Do not include drivers with Windows Updates**.
|
||||||
Enable this policy to not include drivers with Windows quality updates.
|
Enable this policy to not include drivers with Windows quality updates.
|
||||||
@ -247,12 +248,3 @@ HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
|
|||||||
* WUStatusServer (REG_SZ)
|
* WUStatusServer (REG_SZ)
|
||||||
|
|
||||||
This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS).
|
This value sets the SUS statistics server by HTTP name (for example, http://IntranetSUS).
|
||||||
|
|
||||||
## Related topics
|
|
||||||
|
|
||||||
- [Update Windows 10 in the enterprise](index.md)
|
|
||||||
- [Overview of Windows as a service](waas-overview.md)
|
|
||||||
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
|
|
||||||
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
|
|
||||||
- [Configure Windows Update for Business](waas-configure-wufb.md)
|
|
||||||
- [Manage device restarts after updates](waas-restart.md)
|
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
title: Configure Windows Update for Business via Group Policy (Windows 10)
|
title: Configure Windows Update for Business via Group Policy
|
||||||
description: Walk-through demonstration of how to configure Windows Update for Business settings using Group Policy.
|
description: Walk-through demonstration of how to configure Windows Update for Business settings using Group Policy.
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: manage
|
ms.mktglfcycl: manage
|
||||||
@ -17,30 +17,30 @@ ms.topic: article
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||||
|
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
You can use Group Policy through the Group Policy Management Console (GPMC) to control how Windows Update for Business works. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings. See [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) for more information.
|
You can use Group Policy through the Group Policy Management Console (GPMC) to control how Windows Update for Business works. You should consider and devise a deployment strategy for updates before you make changes to the Windows Update for Business settings. See [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) for more information.
|
||||||
|
|
||||||
An IT administrator can set policies for Windows Update for Business by using Group Policy, or they can be set locally (per device). All of the relevant policies are under the path **Computer configuration > Administrative Templates > Windows Components > Windows Update**.
|
An IT administrator can set policies for Windows Update for Business by using Group Policy, or they can be set locally (per device). All of the relevant policies are under the path **Computer configuration > Administrative Templates > Windows Components > Windows Update**.
|
||||||
|
|
||||||
To manage updates with Windows Update for Business as described in this article, you should prepare with these steps, if you haven't already:
|
To manage updates with Windows Update for Business as described in this article, you should prepare with these steps, if you haven't already:
|
||||||
|
|
||||||
- Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates. See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to learn more about deployment rings in Windows 10.
|
- Create Active Directory security groups that align with the deployment rings you use to phase deployment of updates.
|
||||||
- Allow access to the Windows Update service.
|
- Allow access to the Windows Update service.
|
||||||
- Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759) and [Step-By-Step: Managing Windows 10 with Administrative templates](/archive/blogs/canitpro/step-by-step-managing-windows-10-with-administrative-templates).
|
- Download and install ADMX templates appropriate to your Windows 10 version. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](https://support.microsoft.com/help/3087759) and [Step-By-Step: Managing Windows 10 with Administrative templates](/archive/blogs/canitpro/step-by-step-managing-windows-10-with-administrative-templates).
|
||||||
|
|
||||||
|
|
||||||
## Set up Windows Update for Business
|
## Set up Windows Update for Business
|
||||||
|
|
||||||
In this example, one security group is used to manage updates. Typically we would recommend having at least three rings (early testers for pre-release builds, broad deployment for releases, critical devices for mature releases) to deploy. See [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) for more information.
|
In this example, one security group is used to manage updates. Typically we would recommend having at least three rings (early testers for pre-release builds, broad deployment for releases, critical devices for mature releases) to deploy.
|
||||||
|
|
||||||
Follow these steps on a device running the Remote Server Administration Tools or on a domain controller:
|
Follow these steps on a device running the Remote Server Administration Tools or on a domain controller:
|
||||||
|
|
||||||
### Set up a ring
|
### Set up a ring
|
||||||
|
|
||||||
1. Start Group Policy Management Console (gpmc.msc).
|
1. Start Group Policy Management Console (gpmc.msc).
|
||||||
2. Expand **Forest > Domains > *\<your domain\>**.
|
2. Expand **Forest > Domains > *\<your domain\>**.
|
||||||
3. Right-click *\<your domain>* and select **Create a GPO in this domain and link it here**.
|
3. Right-click *\<your domain>* and select **Create a GPO in this domain and link it here**.
|
||||||
@ -55,7 +55,7 @@ You can control when updates are applied, for example by deferring when an updat
|
|||||||
|
|
||||||
### Determine which updates you want offered to your devices
|
### Determine which updates you want offered to your devices
|
||||||
|
|
||||||
Both Windows 10 feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
|
Both feature and quality updates are automatically offered to devices that are connected to Windows Update using Windows Update for Business policies. However, you can choose whether you want the devices to additionally receive other Microsoft Updates or drivers that are applicable to that device.
|
||||||
|
|
||||||
To enable Microsoft Updates use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Install updates for other Microsoft products**.
|
To enable Microsoft Updates use the Group Policy Management Console go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** and select **Install updates for other Microsoft products**.
|
||||||
|
|
||||||
@ -69,14 +69,14 @@ Drivers are automatically enabled because they are beneficial to device systems.
|
|||||||
|
|
||||||
1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
|
1. Ensure that you are enrolled in the Windows Insider Program for Business. This is a completely free program available to commercial customers to aid them in their validation of feature updates before they are released. Joining the program enables you to receive updates prior to their release as well as receive emails and content related to what is coming in the next updates.
|
||||||
2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds.
|
2. Use Group Policy Management Console to go to: **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Manage preview builds** and set the policy to **Enable preview builds** for any of test devices you want to install pre-release builds.
|
||||||
3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation.
|
3. Use Group Policy Management Console to go to **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and feature updates are received**. In the **Options** pane, use the pulldown menu to select one of the preview builds. We recomment **Windows Insider Program Slow** for commercial customers using pre-release builds for validation.
|
||||||
4. Select **OK**.
|
4. Select **OK**.
|
||||||
|
|
||||||
#### I want to manage which released feature update my devices receive
|
#### I want to manage which released feature update my devices receive
|
||||||
|
|
||||||
A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you will not receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
|
A Windows Update for Business administrator can defer or pause updates. You can defer feature updates for up to 365 days and defer quality updates for up to 30 days. Deferring simply means that you will not receive the update until it has been released for at least the number of deferral days you specified (offer date = release date + deferral date). You can pause feature or quality updates for up to 35 days from a given start date that you specify.
|
||||||
|
|
||||||
- To defer or pause a feature update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and Feature Updates are Received**
|
- To defer or pause a feature update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Preview Builds and feature updates are Received**
|
||||||
- Defer or pause a quality update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are Received**
|
- Defer or pause a quality update: **Computer configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business > Select when Quality Updates are Received**
|
||||||
|
|
||||||
#### Example
|
#### Example
|
||||||
@ -111,12 +111,9 @@ At this point, the IT administrator can set a policy to pause the update. In thi
|
|||||||
|
|
||||||
Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again.
|
Now all devices are paused from updating for 35 days. When the pause is removed, they will be offered the *next* quality update, which ideally will not have the same issue. If there is still an issue, the IT admin can pause updates again.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#### I want to stay on a specific version
|
#### I want to stay on a specific version
|
||||||
|
|
||||||
If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version (for example, update fall release to fall release) use the **Select the target Feature Update version** setting instead of using the **Specify when Preview Builds and Feature Updates are received** setting for feature update deferrals. When you use this policy, specify the version that you want your device(s) to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.
|
If you need a device to stay on a version beyond the point when deferrals on the next version would elapse or if you need to skip a version, use the **Select the target feature update version** setting instead of using the **Specify when Preview Builds and feature updates are received** setting for feature update deferrals. When you use this policy, specify the version that you want your devices to use. If you don't update this before the device reaches end of service, the device will automatically be updated once it is 60 days past end of service for its edition.
|
||||||
|
|
||||||
When you set the target version policy, if you specify a feature update version that is older than your current version or set a value that isn't valid, the device will not receive any feature updates until the policy is updated. When you specify target version policy, feature update deferrals will not be in effect.
|
When you set the target version policy, if you specify a feature update version that is older than your current version or set a value that isn't valid, the device will not receive any feature updates until the policy is updated. When you specify target version policy, feature update deferrals will not be in effect.
|
||||||
|
|
||||||
@ -189,24 +186,3 @@ Users with access to update pause settings can prevent both feature and quality
|
|||||||
When you disable this setting, users will see **Some settings are managed by your organization** and the update pause settings are greyed out.
|
When you disable this setting, users will see **Some settings are managed by your organization** and the update pause settings are greyed out.
|
||||||
|
|
||||||
If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to use all Windows Update features**.
|
If you use Windows Server Update Server (WSUS), you can prevent users from scanning Windows Update. To do this, use **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Remove access to use all Windows Update features**.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Related topics
|
|
||||||
|
|
||||||
- [Update Windows 10 in the enterprise](index.md)
|
|
||||||
- [Overview of Windows as a service](waas-overview.md)
|
|
||||||
- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md)
|
|
||||||
- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md)
|
|
||||||
- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md)
|
|
||||||
- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md)
|
|
||||||
- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md)
|
|
||||||
- [Configure BranchCache for Windows 10 updates](waas-branchcache.md)
|
|
||||||
- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
|
|
||||||
- [Configure Windows Update for Business](waas-configure-wufb.md)
|
|
||||||
- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md)
|
|
||||||
- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
|
|
||||||
- [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
|
|
||||||
- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
|
|
||||||
- [Manage device restarts after updates](waas-restart.md)
|
|
||||||
@ -12,7 +12,7 @@ ms.reviewer:
|
|||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
|
{DELETE}
|
||||||
# Set up Automatic Update in Windows Update for Business with group policies
|
# Set up Automatic Update in Windows Update for Business with group policies
|
||||||
|
|
||||||
>Applies to: Windows 10
|
>Applies to: Windows 10
|
||||||
|
|||||||
@ -14,6 +14,7 @@ manager: laurawi
|
|||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Configure the Basic group policy for Windows Update for Business
|
# Configure the Basic group policy for Windows Update for Business
|
||||||
|
{DELETE}
|
||||||
|
|
||||||
For Windows Update for Business configurations to work, devices need to be configured with minimum [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) level of "Basic." Additionally, compliance reporting for configured devices is obtained using [Monitor Windows Update with Update Compliance](./update-compliance-monitor.md). To view your data in Update Compliance [diagnostics data must be enabled](/windows/deployment/update/windows-analytics-get-started#set-diagnostic-data-levels) and the devices must be configured with a commercial ID, a unique GUID created for an enterprise at the time of onboarding.
|
For Windows Update for Business configurations to work, devices need to be configured with minimum [diagnostic data](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) level of "Basic." Additionally, compliance reporting for configured devices is obtained using [Monitor Windows Update with Update Compliance](./update-compliance-monitor.md). To view your data in Update Compliance [diagnostics data must be enabled](/windows/deployment/update/windows-analytics-get-started#set-diagnostic-data-levels) and the devices must be configured with a commercial ID, a unique GUID created for an enterprise at the time of onboarding.
|
||||||
|
|
||||||
|
|||||||
@ -13,25 +13,20 @@ ms.topic: article
|
|||||||
---
|
---
|
||||||
# Enforcing compliance deadlines for updates
|
# Enforcing compliance deadlines for updates
|
||||||
|
|
||||||
> Applies to: Windows 10
|
**Applies to**
|
||||||
|
|
||||||
|
- Windows 10
|
||||||
|
- Windows 11
|
||||||
|
|
||||||
Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
|
Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
|
||||||
|
|
||||||
The compliance options have changed for devices on Windows 10, version 1709 and above:
|
With a current version, it's best to use the new policy introduced in June 2019 to Windows 10, version 1709 and later: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings:
|
||||||
|
|
||||||
- [For Windows 10, version 1709 and above](#for-windows-10-version-1709-and-above)
|
|
||||||
- [Prior to Windows 10, version 1709](#prior-to-windows-10-version-1709)
|
|
||||||
|
|
||||||
## For Windows 10, version 1709 and above
|
|
||||||
|
|
||||||
With a current version of Windows 10, it's best to use the new policy introduced in June 2019 to Windows 10, version 1709 and above: **Specify deadlines for automatic updates and restarts**. In MDM, this policy is available as four separate settings:
|
|
||||||
|
|
||||||
- Update/ConfigureDeadlineForFeatureUpdates
|
- Update/ConfigureDeadlineForFeatureUpdates
|
||||||
- Update/ConfigureDeadlineForQualityUpdates
|
- Update/ConfigureDeadlineForQualityUpdates
|
||||||
- Update/ConfigureDeadlineGracePeriod
|
- Update/ConfigureDeadlineGracePeriod
|
||||||
- Update/ConfigureDeadlineNoAutoReboot
|
- Update/ConfigureDeadlineNoAutoReboot
|
||||||
|
|
||||||
|
|
||||||
### Policy setting overview
|
### Policy setting overview
|
||||||
|
|
||||||
|Policy|Description |
|
|Policy|Description |
|
||||||
@ -49,98 +44,3 @@ When **Specify deadlines for automatic updates and restarts** is set (Windows 10
|
|||||||
For feature updates, the deadline and grace period start their countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, the device will try to update outside of active hours. Once the *effective deadline* is reached, the device will try to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.)
|
For feature updates, the deadline and grace period start their countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, the device will try to update outside of active hours. Once the *effective deadline* is reached, the device will try to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.)
|
||||||
|
|
||||||
For quality updates, the deadline countdown starts from the time the update is *offered* (not downloaded or installed). The grace period countdown starts from the time of the pending restart. The device will try to download and install the update at a time based on your other download and installation policies (the default is to automatically download and install in in the background). When the pending restart time is reached, the device will notify the user and try to update outside of active hours. Once the effective deadline is reached, the device will try to restart during active hours.
|
For quality updates, the deadline countdown starts from the time the update is *offered* (not downloaded or installed). The grace period countdown starts from the time of the pending restart. The device will try to download and install the update at a time based on your other download and installation policies (the default is to automatically download and install in in the background). When the pending restart time is reached, the device will notify the user and try to update outside of active hours. Once the effective deadline is reached, the device will try to restart during active hours.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Prior to Windows 10, version 1709
|
|
||||||
|
|
||||||
Two compliance flows are available:
|
|
||||||
|
|
||||||
- [Deadline only](#deadline-only)
|
|
||||||
- [Deadline with user engagement](#deadline-with-user-engagement)
|
|
||||||
|
|
||||||
### Deadline only
|
|
||||||
|
|
||||||
This flow only enforces the deadline where the device will attempt to silently restart outside of active hours before the deadline is reached. Once the deadline is reached the user is prompted with either a confirmation button or a restart now option.
|
|
||||||
|
|
||||||
#### User experience
|
|
||||||
|
|
||||||
Once the device is in the pending restart state, it will attempt to restart the device during non-active hours. This is known as the auto-restart period, and by default it does not require user interaction to restart the device.
|
|
||||||
|
|
||||||
> [!NOTE]
|
|
||||||
> Deadlines are enforced from pending restart state (for example, when the device has completed the installation and download from Windows Update).
|
|
||||||
|
|
||||||
#### Policy overview
|
|
||||||
|
|
||||||
|Policy|Description |
|
|
||||||
|-|-|
|
|
||||||
|Specify deadline before auto-restart for update installation|Governs the update experience once the device has entered pending restart state. It specifies a deadline, in days, to enforce compliance (such as imminent installation).|
|
|
||||||
|Configure Auto-restart warning notification schedule for updates|Configures the reminder notification and the warning notification for a scheduled installation. The user can dismiss a reminder, but not the warning.|
|
|
||||||
|
|
||||||
#### Suggested configuration
|
|
||||||
|
|
||||||
|Policy|Location|3-day compliance|5-day compliance|7-day compliance|
|
|
||||||
|-|-|-|-|-|
|
|
||||||
|Specify deadline before auto-restart for update installation| GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadline before auto-restart for update installation |State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 2| State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 3 | State: Enabled<br>**Specify the number of days before pending restart will automatically be executed outside of active hours:** 4|
|
|
||||||
|
|
||||||
#### Controlling notification experience for deadline
|
|
||||||
|
|
||||||
|Policy| Location|Suggested Configuration |
|
|
||||||
|-|-|-|
|
|
||||||
|Configure Auto-restart warning notification schedule for updates|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure auto-restart warning notifications schedule for updates |State: Enabled <br>**Reminder** (hours): 2<br>**Warning** (minutes): 60 |
|
|
||||||
|
|
||||||
#### Notification experience for deadline
|
|
||||||
|
|
||||||
Notification users get for a quality update deadline:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Notification users get for a feature update deadline:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Deadline with user engagement
|
|
||||||
|
|
||||||
This flow provides the end user with prompts to select a time to restart the device before the deadline is reached. If the device is unable to restart at the time specified by the user or the time selected is outside the deadline, the device will restart the next time it is active.
|
|
||||||
|
|
||||||
#### End-user experience
|
|
||||||
|
|
||||||
Before the deadline the device will be in two states: auto-restart period and engaged-restart period. During the auto-restart period the device will silently try to restart outside of active hours. If the device can't find an idle moment to restart, then the device will go into engaged-restart. The end user, at this point, can select a time that they would like the device to try to restart. Both phases happen before the deadline; once that deadline has passed then the device will restart at the next available time.
|
|
||||||
|
|
||||||
#### Policy overview
|
|
||||||
|
|
||||||
|Policy| Description |
|
|
||||||
|-|-|
|
|
||||||
|Specify engaged restart transition and notification schedule for updates|Governs how the user will be impacted by the pending restart. Transition days, first starts out in Auto-Restart where the device will find an idle moment to restart the device. After 2 days engaged restart will commence and the user will be able to choose a time|
|
|
||||||
|Configure Auto-restart required notification for updates|Governs the notifications during the Auto-Restart period. During Active hours, the user will be notified that the device is trying to restart. They will have the option to confirm or dismiss the notification|
|
|
||||||
|
|
||||||
#### Suggested configuration
|
|
||||||
|
|
||||||
|Policy| Location| 3-day compliance| 5-day compliance| 7-day compliance |
|
|
||||||
|-|-|-|-|-|
|
|
||||||
|Specify engaged restart transition and notification schedule for updates|GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify Engaged restart transition and notification schedule for updates|State: Enabled<br>**Transition** (Days): 2<br>**Snooze** (Days): 2<br>**Deadline** (Days): 3|State: Enabled<br>**Transition** (Days): 2<br>**Snooze** (Days): 2<br>**Deadline** (Days): 4|State: Enabled<br>**Transition** (Days): 2<br>**Snooze** (Days): 2<br>**Deadline** (Days): 5|
|
|
||||||
|
|
||||||
#### Controlling notification experience for engaged deadline
|
|
||||||
|
|
||||||
|Policy| Location |Suggested Configuration
|
|
||||||
|-|-|-|
|
|
||||||
|Configure Auto-restart required notification for updates |GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Auto-restart required notification for updates|State: Enabled <br>**Method**: 2- User|
|
|
||||||
|
|
||||||
#### Notification experience for engaged deadlines
|
|
||||||
|
|
||||||
Notification users get for quality update engaged deadline:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Notification users get for a quality update deadline:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Notification users get for a feature update engaged deadline:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Notification users get for a feature update deadline:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -13,7 +13,7 @@ manager: laurawi
|
|||||||
ms.topic: article
|
ms.topic: article
|
||||||
---
|
---
|
||||||
# Managing drivers, dual-managed environments, and Delivery Optimization with group policies
|
# Managing drivers, dual-managed environments, and Delivery Optimization with group policies
|
||||||
|
{DELETE}
|
||||||
>Applies to: Windows 10
|
>Applies to: Windows 10
|
||||||
|
|
||||||
Use the following group policy information to manage drivers, to manage environments using both Windows Update for Business and Windows Server Update Services, and to manage the bandwidth required for updates with Delivery Optimization.
|
Use the following group policy information to manage drivers, to manage environments using both Windows Update for Business and Windows Server Update Services, and to manage the bandwidth required for updates with Delivery Optimization.
|
||||||
|
|||||||
@ -15,6 +15,8 @@ ms.topic: article
|
|||||||
|
|
||||||
# Manage feature and quality updates with group policies
|
# Manage feature and quality updates with group policies
|
||||||
|
|
||||||
|
{dELETE}
|
||||||
|
|
||||||
>Applies to: Windows 10
|
>Applies to: Windows 10
|
||||||
|
|
||||||
Windows Update for Business allows users to control when devices should receive a feature or quality update from Windows Update. Depending on the size of your organization you may want to do a wave deployment of updates. The first step in this process is to determine which Branch Readiness Level you want your organization on. For more information on which level is right for your organization review [Overview of Windows as a service](waas-overview.md).
|
Windows Update for Business allows users to control when devices should receive a feature or quality update from Windows Update. Depending on the size of your organization you may want to do a wave deployment of updates. The first step in this process is to determine which Branch Readiness Level you want your organization on. For more information on which level is right for your organization review [Overview of Windows as a service](waas-overview.md).
|
||||||
|
|||||||
@ -13,6 +13,7 @@ ms.topic: article
|
|||||||
---
|
---
|
||||||
|
|
||||||
# Onboarding to Windows Update for Business in Windows 10
|
# Onboarding to Windows Update for Business in Windows 10
|
||||||
|
{DELETE}
|
||||||
|
|
||||||
>Applies to: Windows 10
|
>Applies to: Windows 10
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user