mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
Edited short descriptions
Edited metadata descriptions below 100 characters.
This commit is contained in:
jdmartinez36
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Best practices for feature updates - conclusion
|
||||
description: Final thoughts about how to deploy feature updates
|
||||
description: This article contains final thoughts about best practices when deploying feature updates for Windows 10.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
audience: itpro
|
||||
@ -12,6 +12,7 @@ ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Conclusion
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Best practices - deploy feature updates during maintenance windows
|
||||
description: Learn how to deploy feature updates during a maintenance window
|
||||
description: In this article, learn how to get ready and then deploy feature updates for Windows 10 during a maintenance window.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
audience: itpro
|
||||
@ -12,6 +12,7 @@ ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Deploy feature updates during maintenance windows
|
||||
@ -34,7 +35,7 @@ Use the following information to deploy feature updates during a maintenance win
|
||||
|
||||
### Step 2: Review computer restart device settings
|
||||
|
||||
If you’re not suppressing computer restarts and the feature update will be installed when no users are present, consider deploying a custom client settings policy to your feature update target collection to shorten the settings below or consider the total duration of these settings when defining your maintenance window duration.
|
||||
If you're not suppressing computer restarts and the feature update will be installed when no users are present, consider deploying a custom client settings policy to your feature update target collection to shorten the settings below or consider the total duration of these settings when defining your maintenance window duration.
|
||||
|
||||
For example, by default, 90 minutes will be honored before the system is rebooted after the feature update install. If users will not be impacted by the user logoff or restart, there is no need to wait a full 90 minutes before rebooting the computer. If a delay and notification is needed, ensure that the maintenance window takes this into account along with the total time needed to install the feature update.
|
||||
|
||||
@ -51,7 +52,7 @@ Use **Peer Cache** to help manage deployment of content to clients in remote loc
|
||||
|
||||
### Step 4: Override the default Windows setup priority (Windows 10, version 1709 and later)
|
||||
|
||||
If you’re deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
|
||||
If you're deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
|
||||
|
||||
%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Best practices and recommendations for deploying Windows 10 Feature updates to mission-critical devices
|
||||
description: Learn how to deploy feature updates to your mission-critical devices
|
||||
description: In this article, learn about best practices to follow when deploying Windows 10 feature updates to your mission-critical devices.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
audience: itpro
|
||||
@ -12,13 +12,14 @@ ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Best practices and recommendations for deploying Windows 10 Feature updates to mission critical devices
|
||||
|
||||
**Applies to**: Windows 10
|
||||
|
||||
Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren’t the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the Microsoft Endpoint Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
|
||||
Managing an environment with devices that provide mission critical services 24 hours a day, 7 days a week, can present challenges in keeping these devices current with Windows 10 feature updates. The processes that you use to keep regular devices current with Windows 10 feature updates, often aren't the most effective to service mission critical devices. This whitepaper will focus on the recommended approach of using the Microsoft Endpoint Configuration Manager (current branch) software updates feature to deploy Windows 10 semi-annual feature updates.
|
||||
|
||||
For simplicity, we will outline the steps to deploy a feature update manually. If you prefer an automated approach, see [Manage Windows as a service using Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/manage-windows-as-a-service).
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Best practices - deploy feature updates for user-initiated installations
|
||||
description: Learn how to manually deploy feature updates
|
||||
description: In this article, learn how to prepare and then manually deploy feature updates for user-initiated installations.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
audience: itpro
|
||||
@ -12,6 +12,7 @@ ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Deploy feature updates for user-initiated installations (during a fixed service window)
|
||||
@ -29,7 +30,7 @@ Use **Peer Cache** to help manage deployment of content to clients in remote loc
|
||||
|
||||
### Step 2: Override the default Windows setup priority (Windows 10, version 1709 and later)
|
||||
|
||||
If you’re deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
|
||||
If you're deploying **Feature update to Windows 10, version 1709** or later, by default, portions of setup are configured to run at a lower priority. This can result in a longer total install time for the feature update. When deploying within a maintenance window, we recommend that you override this default behavior to benefit from faster total install times. To override the default priority, create a file called SetupConfig.ini on each machine to be upgraded in the below location containing the single section noted.
|
||||
|
||||
%systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Windows 10 - How to make FoD and language packs available when you're using WSUS/SCCM
|
||||
description: Learn how to make FoD and language packs available when you're using WSUS/SCCM
|
||||
description: Learn how to make Features on Demand (FoD) and language packs available when you're using WSUS/SCCM.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
|
||||
@ -13,6 +13,7 @@ ms.date: 03/13/2019
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
# How to make Features on Demand and language packs available when you're using WSUS/SCCM
|
||||
|
||||
@ -20,11 +21,11 @@ ms.topic: article
|
||||
|
||||
As of Windows 10 version 1709, you can't use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (FODs) locally. Starting with Windows 10 version 1803, language packs can no longer be hosted on WSUS.
|
||||
|
||||
The **Specify settings for optional component installation and component repair** policy, located under `Computer Configuration\Administrative Templates\System` in the Group Policy Editor, can be used to specify alternate ways to acquire FOD packages, language packages, and content for corruption repair. However, it’s important to note this policy only allows specifying one alternate location and behaves differently across OS versions.
|
||||
The **Specify settings for optional component installation and component repair** policy, located under `Computer Configuration\Administrative Templates\System` in the Group Policy Editor, can be used to specify alternate ways to acquire FOD packages, language packages, and content for corruption repair. However, it's important to note this policy only allows specifying one alternate location and behaves differently across OS versions.
|
||||
|
||||
In Windows 10 version 1709 and 1803, changing the **Specify settings for optional component installation and component repair** policy to download content from Windows Update enables acquisition of FOD packages while also enabling corruption repair. Specifying a network location works for either, depending on the content is found at that location. Changing this policy on these OS versions does not influence how language packs are acquired.
|
||||
|
||||
In Windows 10 version 1809 and beyond, changing the **Specify settings for optional component installation and component repair** policy also influences how language packs are acquired, however language packs can only be acquired directly from Windows Update. It’s currently not possible to acquire them from a network share. Specifying a network location works for FOD packages or corruption repair, depending on the content at that location.
|
||||
In Windows 10 version 1809 and beyond, changing the **Specify settings for optional component installation and component repair** policy also influences how language packs are acquired, however language packs can only be acquired directly from Windows Update. It's currently not possible to acquire them from a network share. Specifying a network location works for FOD packages or corruption repair, depending on the content at that location.
|
||||
|
||||
For all OS versions, changing the **Specify settings for optional component installation and component repair** policy does not affect how OS updates are distributed. They continue to come from WSUS or SCCM or other sources as you have scheduled them, even while optional content is sourced from Windows Update or a network location.
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: How Windows Update works
|
||||
description: Learn how Windows Update works, including architecture and troubleshooting.
|
||||
description: In this article, learn about the process Windows Update uses to download and install updates on a Windows 10 PC.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl:
|
||||
audience: itpro
|
||||
@ -12,6 +12,7 @@ ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# How does Windows Update work?
|
||||
@ -45,7 +46,7 @@ The Windows Update workflow has four core areas of functionality:
|
||||
|
||||
|
||||
## How updating works
|
||||
During the updating process, the Windows Update Orchestrator operates in the background to scan, download, and install updates. It does this automatically, according to your settings, and in a silent manner that doesn’t disrupt your computer usage.
|
||||
During the updating process, the Windows Update Orchestrator operates in the background to scan, download, and install updates. It does this automatically, according to your settings, and in a silent manner that doesn't disrupt your computer usage.
|
||||
|
||||
## Scanning updates
|
||||
|
||||
@ -80,7 +81,7 @@ Windows Update takes the following sets of actions when it runs a scan.
|
||||
#### Starts the scan for updates
|
||||
When users start scanning in Windows Update through the Settings panel, the following occurs:
|
||||
|
||||
- The scan first generates a “ComApi” message. The caller (Windows Defender Antivirus) tells the WU engine to scan for updates.
|
||||
- The scan first generates a "ComApi" message. The caller (Windows Defender Antivirus) tells the WU engine to scan for updates.
|
||||
- "Agent" messages: queueing the scan, then actually starting the work:
|
||||
- Updates are identified by the different IDs ("Id = 10", "Id = 11") and from the different thread ID numbers.
|
||||
- Windows Update uses the thread ID filtering to concentrate on one particular task.
|
||||
@ -119,7 +120,7 @@ Common update failure is caused due to network issues. To find the root of the i
|
||||
> [!NOTE]
|
||||
> Warning messages for SLS can be ignored if the search is against WSUS/SCCM.
|
||||
|
||||
- On sites that only use WSUS/SCCM, the SLS may be blocked at the firewall. In this case the SLS request will fail, and can’t scan against Windows Update or Microsoft Update but can still scan against WSUS/SCCM, since it’s locally configured.
|
||||
- On sites that only use WSUS/SCCM, the SLS may be blocked at the firewall. In this case the SLS request will fail, and can't scan against Windows Update or Microsoft Update but can still scan against WSUS/SCCM, since it's locally configured.
|
||||
|
||||
|
||||
## Downloading updates
|
||||
@ -127,7 +128,7 @@ Common update failure is caused due to network issues. To find the root of the i
|
||||
|
||||
Once the Windows Update Orchestrator determines which updates apply to your computer, it will begin downloading the updates, if you have selected the option to automatically download updates. It does this in the background without interrupting your normal use of the computer.
|
||||
|
||||
To ensure that your other downloads aren’t affected or slowed down because updates are downloading, Windows Update uses the Delivery Optimization (DO) technology which downloads updates and reduces bandwidth consumption.
|
||||
To ensure that your other downloads aren't affected or slowed down because updates are downloading, Windows Update uses the Delivery Optimization (DO) technology which downloads updates and reduces bandwidth consumption.
|
||||
|
||||
For more information see [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md).
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Olympia Corp enrollment guidelines
|
||||
description: Olympia Corp enrollment guidelines
|
||||
description: Learn about the enrollment guidelines for Olympia Corp, a virtual corporation created as part of the Windows Insider Lab for Enterprise.
|
||||
ms.author: jaimeo
|
||||
ms.topic: article
|
||||
ms.prod: w10
|
||||
@ -11,6 +11,7 @@ author: jaimeo
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
keywords: insider, trial, enterprise, lab, corporation, test
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Olympia Corp
|
||||
@ -96,7 +97,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
|
||||
|
||||
|
||||
2. If you are already connected to a domain, click the existing account and then click **Disconnect**. Click **Restart Later**.
|
||||
|
||||
|
||||
3. Click **Connect**, then click **Join this device to Azure Active Directory**.
|
||||
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Servicing stack updates (Windows 10)
|
||||
description: Servicing stack updates improve the code that installs the other updates.
|
||||
description: In this article, learn how servicing stack updates improve the code that installs the other updates.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
audience: itpro
|
||||
@ -12,6 +12,7 @@ ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Servicing stack updates
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Delivery Optimization in Update Compliance (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: new Delivery Optimization data displayed in Update Compliance
|
||||
description: Learn how new Delivery Optimization data displays in Update Compliance, including observed bandwidth savings across devices using peer-to-peer distribution.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.pagetype: deploy
|
||||
@ -13,6 +13,7 @@ keywords: oms, operations management suite, optimization, downloads, updates, lo
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Delivery Optimization in Update Compliance
|
||||
@ -41,5 +42,5 @@ The table breaks down the number of bytes from each download source into specifi
|
||||
|
||||
The download sources that could be included are:
|
||||
- LAN Bytes: Bytes downloaded from LAN Peers which are other devices on the same local network
|
||||
- Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the “Group” download mode is used)
|
||||
- Group Bytes: Bytes downloaded from Group Peers which are other devices that belong to the same Group (available when the "Group" download mode is used)
|
||||
- HTTP Bytes: Non-peer bytes. The HTTP download source can be Microsoft Servers, Windows Update Servers, a WSUS server or an SCCM Distribution Point for Express Updates.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Update Compliance - Feature Update Status report
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: an overview of the Feature Update Status report
|
||||
description: This article contains an overview of the Feature Update Status report, which provides information about the status of feature updates across all devices.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.pagetype: deploy
|
||||
@ -12,6 +12,7 @@ author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Feature Update Status
|
||||
@ -37,7 +38,7 @@ Refer to the following list for what each state means:
|
||||
|
||||
## Compatibility holds
|
||||
|
||||
Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the device’s upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release.
|
||||
Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *compatibility hold* is generated to delay the device's upgrade and safeguard the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all compatibility holds on the Windows 10 release information page for any given release.
|
||||
|
||||
To learn how compatibility holds are reflected in the experience, see [Update compliance perspectives](update-compliance-perspectives.md#deployment-status).
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Update Compliance - Need Attention! report
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: an overview of the Update Compliance Need Attention! report
|
||||
description: This article contains an overview of the Update Compliance Needs Attention! report, which provides information like the number of devices that have issues.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.pagetype: deploy
|
||||
@ -12,6 +12,7 @@ author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Needs attention!
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Update Compliance - Perspectives
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: an overview of Update Compliance Perspectives
|
||||
description: This article contains an overview of Update Compliance Perspectives, which provide elaborations on specific queries.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.pagetype: deploy
|
||||
@ -12,6 +12,7 @@ author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Perspectives
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Update Compliance - Security Update Status report
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: an overview of the Security Update Status report
|
||||
description: This article is an overview of the Security Update Status report, providing information about security updates across all devices.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.pagetype: deploy
|
||||
@ -10,6 +10,7 @@ author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Security Update Status
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Using Update Compliance (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Explains how to begin using Update Compliance.
|
||||
description: Learn how to begin using Update Compliance to monitor your device's Windows updates and Windows Defender Antivirus status.
|
||||
keywords: oms, operations management suite, wdav, updates, upgrades, antivirus, antimalware, signature, log analytics
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -13,6 +13,7 @@ ms.author: jaimeo
|
||||
ms.localizationpriority: medium
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Use Update Compliance
|
||||
@ -28,7 +29,7 @@ Update Compliance:
|
||||
- Provides all of the above data in [Log Analytics](#using-log-analytics), which affords additional querying and export capabilities.
|
||||
|
||||
## The Update Compliance tile
|
||||
After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you’ll see this tile:
|
||||
After Update Compliance has successfully been [added to your Azure subscription](update-compliance-get-started.md#add-update-compliance-to-your-azure-subscription), you'll see this tile:
|
||||
|
||||
|
||||
|
||||
@ -48,7 +49,7 @@ When you select this tile, you will be redirected to the Update Compliance works
|
||||
|
||||
|
||||
|
||||
Update Compliance’s overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
|
||||
Update Compliance's overview blade summarizes all the data Update Compliance provides. It functions as a hub from which you can navigate to different sections. The total number of devices detected by Update Compliance is reported in the title of this blade. What follows is a distribution for all devices as to whether they are up to date on the following items:
|
||||
* Security updates: A device is up to date on quality updates whenever it has the latest applicable quality update installed. Quality updates are monthly cumulative updates that are specific to a version of Windows 10.
|
||||
* Feature updates: A device is up to date on feature updates whenever it has the latest applicable feature update installed. Update Compliance considers [Servicing Channel](waas-overview.md#servicing-channels) when determining update applicability.
|
||||
* AV Signature: A device is up to date on Antivirus Signature when the latest Windows Defender Signatures have been downloaded. This distribution only considers devices that are running Windows Defender Antivirus.
|
||||
@ -84,9 +85,9 @@ This means you should generally expect to see new data device data every 24 hour
|
||||
Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure Portal, can deeply enhance your experience and complement Update Compliance.
|
||||
|
||||
See below for a few topics related to Log Analytics:
|
||||
* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure’s excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
|
||||
* Learn how to effectively execute custom Log Searches by referring to Microsoft Azure's excellent documentation on [querying data in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-log-searches).
|
||||
* To develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/); check out documentation on [analyzing data for use in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-dashboards).
|
||||
* [Gain an overview of Log Analytics’ alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
|
||||
* [Gain an overview of Log Analytics' alerts](https://docs.microsoft.com/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
|
||||
|
||||
## Related topics
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Update Compliance - Windows Defender AV Status report
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: an overview of the Windows Defender AV Status report
|
||||
description: This article is an overview of the Windows Defender AV Status report, which shows data about signature and threat status.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.pagetype: deploy
|
||||
@ -12,6 +12,7 @@ author: jaimeo
|
||||
ms.author: jaimeo
|
||||
ms.collection: M365-analytics
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Windows Defender AV Status
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Configure BranchCache for Windows 10 updates (Windows 10)
|
||||
description: Use BranchCache to optimize network bandwidth during update deployment.
|
||||
description: In this article, learn how to use BranchCache to optimize network bandwidth during update deployment.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
author: jaimeo
|
||||
@ -9,6 +9,7 @@ ms.author: jaimeo
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Configure BranchCache for Windows 10 updates
|
||||
@ -20,7 +21,7 @@ ms.topic: article
|
||||
|
||||
> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
|
||||
|
||||
BranchCache is a bandwidth-optimization feature that has been available since the Windows Server 2008 R2 and Windows 7 operating systems. Each client has a cache and acts as an alternate source for content that devices on its own network request. Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager can use BranchCache to optimize network bandwidth during update deployment, and it’s easy to configure for either of them. BranchCache has two operating modes: Distributed Cache mode and Hosted Cache mode.
|
||||
BranchCache is a bandwidth-optimization feature that has been available since the Windows Server 2008 R2 and Windows 7 operating systems. Each client has a cache and acts as an alternate source for content that devices on its own network request. Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager can use BranchCache to optimize network bandwidth during update deployment, and it's easy to configure for either of them. BranchCache has two operating modes: Distributed Cache mode and Hosted Cache mode.
|
||||
|
||||
- Distributed Cache mode operates like the [Delivery Optimization](waas-delivery-optimization.md) feature in Windows 10: each client contains a cached version of the BranchCache-enabled files it requests and acts as a distributed cache for other clients requesting that same file.
|
||||
|
||||
@ -33,7 +34,7 @@ For detailed information about how Distributed Cache mode and Hosted Cache mode
|
||||
|
||||
## Configure clients for BranchCache
|
||||
|
||||
Whether you use BranchCache with Configuration Manager or WSUS, each client that uses BranchCache must be configured to do so. You typically make your configurations through Group Policy. For step-by-step instructions on how to use Group Policy to configure BranchCache for Windows clients, see [Client Configuration](https://technet.microsoft.com/library/dd637820%28v=ws.10%29.aspx) in the [BranchCache Early Adopter’s Guide](https://technet.microsoft.com/library/dd637762(v=ws.10).aspx).
|
||||
Whether you use BranchCache with Configuration Manager or WSUS, each client that uses BranchCache must be configured to do so. You typically make your configurations through Group Policy. For step-by-step instructions on how to use Group Policy to configure BranchCache for Windows clients, see [Client Configuration](https://technet.microsoft.com/library/dd637820%28v=ws.10%29.aspx) in the [BranchCache Early Adopter's Guide](https://technet.microsoft.com/library/dd637762(v=ws.10).aspx).
|
||||
|
||||
In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization by default, even when the updates are retrieved from WSUS. When using BranchCache with Windows 10, simply set the Delivery Optimization mode to Bypass to allow clients to use the Background Intelligent Transfer Service (BITS) protocol with BranchCache instead. For instructions on how to use BranchCache in Distributed Cache mode with WSUS, see the section WSUS and Configuration Manager with BranchCache in Distributed Cache mode.
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Delivery Optimization reference
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Reference of all Delivery Optimization settings and descriptions of same
|
||||
description: This article provides a summary of references and descriptions for all of the Delivery Optimization settings.
|
||||
keywords: oms, operations management suite, wdav, updates, downloads, log analytics
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -13,6 +13,7 @@ ms.localizationpriority: medium
|
||||
ms.author: jaimeo
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Delivery Optimization reference
|
||||
@ -107,10 +108,10 @@ Download mode dictates which download sources clients are allowed to use when do
|
||||
| --- | --- |
|
||||
| HTTP Only (0) | This setting disables peer-to-peer caching but still allows Delivery Optimization to download content over HTTP from the download's original source. This mode uses additional metadata provided by the Delivery Optimization cloud services for a peerless reliable and efficient download experience. |
|
||||
| LAN (1 – Default) | This default operating mode for Delivery Optimization enables peer sharing on the same network. The Delivery Optimization cloud service finds other clients that connect to the Internet using the same public IP as the target client. These clients then attempts to connect to other peers on the same network by using their private subnet IP.|
|
||||
| Group (2) | When group mode is set, the group is automatically selected based on the device’s Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
|
||||
| Group (2) | When group mode is set, the group is automatically selected based on the device's Active Directory Domain Services (AD DS) site (Windows 10, version 1607) or the domain the device is authenticated to (Windows 10, version 1511). In group mode, peering occurs across internal subnets, between devices that belong to the same group, including devices in remote offices. You can use GroupID option to create your own custom group independently of domains and AD DS sites. Starting with Windows 10, version 1803, you can use the GroupIDSource parameter to take advantage of other method to create groups dynamically. Group download mode is the recommended option for most organizations looking to achieve the best bandwidth optimization with Delivery Optimization. |
|
||||
| Internet (3) | Enable Internet peer sources for Delivery Optimization. |
|
||||
| Simple (99) | Simple mode disables the use of Delivery Optimization cloud services completely (for offline environments). Delivery Optimization switches to this mode automatically when the Delivery Optimization cloud services are unavailable, unreachable or when the content file size is less than 10 MB. In this mode, Delivery Optimization provides a reliable download experience, with no peer-to-peer caching. |
|
||||
|Bypass (100) | Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You do not need to set this option if you are using SCCM. If you want to disable peer-to-peer functionality, it's best to set **DownloadMode** to **0** or **99**. |
|
||||
|Bypass (100) | Bypass Delivery Optimization and use BITS, instead. You should only select this mode if you use WSUS and prefer to use BranchCache. You do not need to set this option if you are using SCCM. If you want to disable peer-to-peer functionality, it's best to set **DownloadMode** to **0** or **99**. |
|
||||
|
||||
>[!NOTE]
|
||||
>Group mode is a best-effort optimization and should not be relied on for an authentication of identity of devices participating in the group.
|
||||
@ -152,7 +153,7 @@ This setting specifies the required minimum disk size (capacity in GB) for the d
|
||||
|
||||
### Max Cache Age
|
||||
|
||||
In environments configured for Delivery Optimization, you might want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. The default Max Cache Age value is 259,200 seconds (3 days). Alternatively, organizations might choose to set this value to “0” which means “unlimited” to avoid peers re-downloading content. When “Unlimited” value is set, Delivery Optimization will hold the files in the cache longer and will clean up the cache as needed (for example when the cache size exceeded the maximum space allowed).
|
||||
In environments configured for Delivery Optimization, you might want to set an expiration on cached updates and Windows application installation files. If so, this setting defines the maximum number of seconds each file can be held in the Delivery Optimization cache on each Windows 10 client device. The default Max Cache Age value is 259,200 seconds (3 days). Alternatively, organizations might choose to set this value to "0" which means "unlimited" to avoid peers re-downloading content. When "Unlimited" value is set, Delivery Optimization will hold the files in the cache longer and will clean up the cache as needed (for example when the cache size exceeded the maximum space allowed).
|
||||
|
||||
### Max Cache Size
|
||||
|
||||
@ -184,7 +185,7 @@ This setting specifies the maximum download bandwidth that Delivery Optimization
|
||||
|
||||
### Max Upload Bandwidth
|
||||
|
||||
This setting allows you to limit the amount of upload bandwidth individual clients can use for Delivery Optimization. Consider this setting when clients are providing content to requesting peers on the network. This option is set in kilobytes per second (KB/s). The default setting is 0, or “unlimited” which means Delivery Optimization dynamically optimizes for minimal usage of upload bandwidth; however it does not cap the upload bandwidth rate at a set rate.
|
||||
This setting allows you to limit the amount of upload bandwidth individual clients can use for Delivery Optimization. Consider this setting when clients are providing content to requesting peers on the network. This option is set in kilobytes per second (KB/s). The default setting is 0, or "unlimited" which means Delivery Optimization dynamically optimizes for minimal usage of upload bandwidth; however it does not cap the upload bandwidth rate at a set rate.
|
||||
|
||||
### Set Business Hours to Limit Background Download Bandwidth
|
||||
Starting in Windows 10, version 1803, specifies the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth.
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Set up Delivery Optimization
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Delivery Optimization is a new peer-to-peer distribution method in Windows 10
|
||||
description: In this article, learn how to set up Delivery Optimization, a new peer-to-peer distribution method in Windows 10.
|
||||
keywords: oms, operations management suite, wdav, updates, downloads, log analytics
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -12,6 +12,7 @@ ms.localizationpriority: medium
|
||||
ms.author: jaimeo
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Set up Delivery Optimization for Windows 10 updates
|
||||
@ -47,7 +48,7 @@ Quick-reference table:
|
||||
|
||||
### Hybrid WAN scenario
|
||||
|
||||
For this scenario, grouping devices by domain allows devices to be included in peer downloads and uploads across VLANs. **Set Download Mode to 2 - Group**. The default group is the authenticated domain or Active Directory site. If your domain-based group is too wide, or your Active Directory sites aren’t aligned with your site network topology, then you should consider additional options for dynamically creating groups, for example by using the GroupIDSrc parameter.
|
||||
For this scenario, grouping devices by domain allows devices to be included in peer downloads and uploads across VLANs. **Set Download Mode to 2 - Group**. The default group is the authenticated domain or Active Directory site. If your domain-based group is too wide, or your Active Directory sites aren't aligned with your site network topology, then you should consider additional options for dynamically creating groups, for example by using the GroupIDSrc parameter.
|
||||
|
||||
|
||||
|
||||
@ -97,7 +98,7 @@ To do this with MDM, go to **.Vendor/MSFT/Policy/Config/DeliveryOptimization/**
|
||||
|
||||
|
||||
## Monitor Delivery Optimization
|
||||
[//]: # (How to tell if it’s working? What values are reasonable; which are not? If not, which way to adjust and how? -- check PercentPeerCaching for files > minimum >= 50%)
|
||||
[//]: # (How to tell if it's working? What values are reasonable; which are not? If not, which way to adjust and how? -- check PercentPeerCaching for files > minimum >= 50%)
|
||||
|
||||
### Windows PowerShell cmdlets
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Configure Delivery Optimization for Windows 10 updates (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Delivery Optimization is a peer-to-peer distribution method in Windows 10
|
||||
description: This article provides information about Delivery Optimization, a peer-to-peer distribution method in Windows 10.
|
||||
keywords: oms, operations management suite, wdav, updates, downloads, log analytics
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
@ -13,6 +13,7 @@ ms.localizationpriority: medium
|
||||
ms.author: jaimeo
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Delivery Optimization for Windows 10 updates
|
||||
@ -87,7 +88,7 @@ For complete list of every possible Delivery Optimization setting, see [Delivery
|
||||
|
||||
|
||||
## How Microsoft uses Delivery Optimization
|
||||
At Microsoft, to help ensure that ongoing deployments weren’t affecting our network and taking away bandwidth for other services, Microsoft IT used a couple of different bandwidth management strategies. Delivery Optimization, peer-to-peer caching enabled through Group Policy, was piloted and then deployed to all managed devices using Group Policy. Based on recommendations from the Delivery Optimization team, we used the "group" configuration to limit sharing of content to only the devices that are members of the same Active Directory domain. The content is cached for 24 hours. More than 76 percent of content came from peer devices versus the Internet.
|
||||
At Microsoft, to help ensure that ongoing deployments weren't affecting our network and taking away bandwidth for other services, Microsoft IT used a couple of different bandwidth management strategies. Delivery Optimization, peer-to-peer caching enabled through Group Policy, was piloted and then deployed to all managed devices using Group Policy. Based on recommendations from the Delivery Optimization team, we used the "group" configuration to limit sharing of content to only the devices that are members of the same Active Directory domain. The content is cached for 24 hours. More than 76 percent of content came from peer devices versus the Internet.
|
||||
|
||||
For more details, check out the [Adopting Windows as a Service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) technical case study.
|
||||
|
||||
@ -131,11 +132,11 @@ This section summarizes common problems and some solutions to try.
|
||||
|
||||
### If you don't see any bytes from peers
|
||||
|
||||
If you don’t see any bytes coming from peers the cause might be one of the following issues:
|
||||
If you don't see any bytes coming from peers the cause might be one of the following issues:
|
||||
|
||||
- Clients aren’t able to reach the Delivery Optimization cloud services.
|
||||
- The cloud service doesn’t see other peers on the network.
|
||||
- Clients aren’t able to connect to peers that are offered back from the cloud service.
|
||||
- Clients aren't able to reach the Delivery Optimization cloud services.
|
||||
- The cloud service doesn't see other peers on the network.
|
||||
- Clients aren't able to connect to peers that are offered back from the cloud service.
|
||||
|
||||
|
||||
### Clients aren't able to reach the Delivery Optimization cloud services.
|
||||
@ -155,7 +156,7 @@ If you suspect this is the problem, try these steps:
|
||||
1. Download the same app on two different devices on the same network, waiting 10 – 15 minutes between downloads.
|
||||
2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and ensure that **DownloadMode** is 1 or 2 on both devices.
|
||||
3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated Powershell window on the second device. The **NumberOfPeers** field should be non-zero.
|
||||
4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren’t reporting the same public IP address.
|
||||
4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for "what is my IP". You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices aren't reporting the same public IP address.
|
||||
|
||||
|
||||
### Clients aren't able to connect to peers offered by the cloud service
|
||||
|
||||
@ -2,13 +2,14 @@
|
||||
title: Deploy updates using Windows Update for Business (Windows 10)
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Windows Update for Business lets you manage when devices received updates from Windows Update.
|
||||
description: Learn how Windows Update for Business lets you manage when devices received updates from Windows Update.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
author: jaimeo
|
||||
ms.localizationpriority: medium
|
||||
ms.author: jaimeo
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Deploy updates using Windows Update for Business
|
||||
@ -88,16 +89,16 @@ The branch readiness level enables administrators to specify which channel of fe
|
||||
- Windows Insider Release Preview
|
||||
- Semi-annual Channel for released updates
|
||||
|
||||
Prior to Windows 10, version 1903, there are two channels for released updates: Semi-annual Channel and Semi-annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-annual Channel. All deferral days will be calculated against a release’s Semi-annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
|
||||
Prior to Windows 10, version 1903, there are two channels for released updates: Semi-annual Channel and Semi-annual Channel (Targeted). Deferral days are calculated against the release date of the chosen channel. Starting with Windows 10, version 1903 there is only the one release channel: Semi-annual Channel. All deferral days will be calculated against a release's Semi-annual Channel release date. To see release dates, visit [Windows Release Information](https://docs.microsoft.com/windows/release-information/). You can set the branch readiness level by using the **Select when Preview Builds and Feature Updates are Received** policy. In order to use this to manage pre-release builds, first enable preview builds by using the **Manage preview Builds** policy.
|
||||
|
||||
### Recommendations
|
||||
|
||||
For the best experience with Windows Update, follow these guidelines:
|
||||
|
||||
- Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
|
||||
- Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
|
||||
- Make sure that devices have at least 10 GB of free space.
|
||||
- Give devices unobstructed access to the Windows Update service.
|
||||
- Use devices for at least 6 hours per month, including at least 2 hours of continuous use.
|
||||
- Keep devices regularly charged. Plugging in devices overnight enables them to automatically update outside of active hours.
|
||||
- Make sure that devices have at least 10 GB of free space.
|
||||
- Give devices unobstructed access to the Windows Update service.
|
||||
|
||||
|
||||
## Monitor Windows Updates by using Update Compliance
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Servicing differences between Windows 10 and older operating systems
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
description: Learn the differences between servicing Windows 10 and servicing older operating systems.
|
||||
description: In this article, learn the differences between servicing Windows 10 and servicing older operating systems.
|
||||
keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
@ -13,6 +13,7 @@ ms.audience: itpro
|
||||
author: jaimeo
|
||||
ms.topic: article
|
||||
ms.collection: M365-modern-desktop
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
# Understanding the differences between servicing Windows 10-era and legacy Windows operating systems
|
||||
|
||||
@ -32,7 +33,7 @@ Prior to Windows 10, all updates to operating system (OS) components were publis
|
||||
|
||||
As a result, each environment within the global Windows ecosystem that had only a subset of security and non-security fixes installed had a different set of binaries and behaviors than those that consistently installed every available update as tested by Microsoft.
|
||||
|
||||
This resulted in a fragmented ecosystem that created diverse challenges in predictively testing interoperability, resulting in high update failure rates - which were subsequently mitigated by customers removing individual updates that were causing issues. Each customer that selectively removed individual updates amplified this fragmentation by creating more diverse environment permutations across the ecosystem. As an IT Administrator once quipped, "If you’ve seen one Windows 7 PC, you have seen one Windows 7 PC," suggesting no consistency or predictability across more than 250M commercial devices at the time.
|
||||
This resulted in a fragmented ecosystem that created diverse challenges in predictively testing interoperability, resulting in high update failure rates - which were subsequently mitigated by customers removing individual updates that were causing issues. Each customer that selectively removed individual updates amplified this fragmentation by creating more diverse environment permutations across the ecosystem. As an IT Administrator once quipped, "If you've seen one Windows 7 PC, you have seen one Windows 7 PC," suggesting no consistency or predictability across more than 250M commercial devices at the time.
|
||||
|
||||
## Windows 10 – Next generation
|
||||
Windows 10 provided an opportunity to end the era of infinite fragmentation. With Windows 10 and the Windows as a service model, updates came rolled together in the "latest cumulative update" (LCU) packages for both client and server. Every new update published includes all changes from previous updates, as well as new fixes. Since Windows client and server share the same code base, these LCUs allow the same update to be installed on the same client and server OS family, further reducing fragmentation.
|
||||
@ -65,12 +66,12 @@ While Windows 10 updates could have been controlled as cumulative from "Day 1,"
|
||||
|
||||
Customers saw the LCU model used for Windows 10 as having packages that were too large and represented too much of a change for legacy operating systems, so a different model was implemented. Windows instead offered one cumulative package (Monthly Rollup) and one individual package (Security Only) for all legacy operating systems.
|
||||
|
||||
The Monthly Rollup includes new non-security (if appropriate), security updates, Internet Explorer (IE) updates, and all updates from the previous month similar to the Windows 10 model. The Security-only package includes only new security updates for the month. This means that any security updates from any previous month are not included in current month’s Security-Only Package. If a Security-Only update is missed, it is missed. Those updates will not appear in a future Security-Only update. Additionally, a cumulative package is offered for IE, which can be tested and installed separately, reducing the total update package size. The IE cumulative update includes both security and non-security fixes following the same model as Windows 10.
|
||||
The Monthly Rollup includes new non-security (if appropriate), security updates, Internet Explorer (IE) updates, and all updates from the previous month similar to the Windows 10 model. The Security-only package includes only new security updates for the month. This means that any security updates from any previous month are not included in current month's Security-Only Package. If a Security-Only update is missed, it is missed. Those updates will not appear in a future Security-Only update. Additionally, a cumulative package is offered for IE, which can be tested and installed separately, reducing the total update package size. The IE cumulative update includes both security and non-security fixes following the same model as Windows 10.
|
||||
|
||||
|
||||
*Figure 2.0 - Legacy OS security-only update model*
|
||||
|
||||
Moving to the cumulative model for legacy OS versions continues to improve predictability of update quality. The Windows legacy environments which have fully updated machines with Monthly Rollups are running the same baseline against which all legacy OS version updates are tested. These include all of the updates (security and non-security) prior to and after October 2016. Many customer environments do not have all updates prior to this change installed, which leaves some continued fragmentation in the ecosystem. Further, customers who are installing Security-Only Updates and potentially doing so inconsistently are also more fragmented than Microsoft’s test environments for legacy OS version. This remaining fragmentation results in issues like those seen when the September 2016 Servicing Stack Update (SSU) was needed for smooth installation of the August 2018 security update. These environments did not have the SSU applied previously.
|
||||
Moving to the cumulative model for legacy OS versions continues to improve predictability of update quality. The Windows legacy environments which have fully updated machines with Monthly Rollups are running the same baseline against which all legacy OS version updates are tested. These include all of the updates (security and non-security) prior to and after October 2016. Many customer environments do not have all updates prior to this change installed, which leaves some continued fragmentation in the ecosystem. Further, customers who are installing Security-Only Updates and potentially doing so inconsistently are also more fragmented than Microsoft's test environments for legacy OS version. This remaining fragmentation results in issues like those seen when the September 2016 Servicing Stack Update (SSU) was needed for smooth installation of the August 2018 security update. These environments did not have the SSU applied previously.
|
||||
|
||||
### Points to consider
|
||||
- Windows 7 and Windows 8 legacy operating system updates [moved from individual to cumulative in October 2016](https://techcommunity.microsoft.com/t5/Windows-Blog-Archive/More-on-Windows-7-and-Windows-8-1-servicing-changes/ba-p/166783). Devices with updates missing prior to that point are still missing those updates, as they were not included in the subsequent cumulative packages.
|
||||
@ -84,7 +85,7 @@ Moving to the cumulative model for legacy OS versions continues to improve predi
|
||||
- For [Windows Server 2008 SP2](https://cloudblogs.microsoft.com/windowsserver/2018/06/12/windows-server-2008-sp2-servicing-changes/), cumulative updates began in October 2018, and follow the same model as Windows 7. Updates for IE9 are included in those packages, as the last supported version of Internet Explorer for that Legacy OS version.
|
||||
|
||||
## Public preview releases
|
||||
Lastly, the cumulative update model directly impacts the public Preview releases offered in the 3rd and/or 4th weeks of the month. Update Tuesday, also referred to as the "B" week release occurs on the second Tuesday of the month. It is always a required security update across all operating systems. In addition to this monthly release, Windows also releases non-security update "previews" targeting the 3rd (C) and the 4th (D) weeks of the month. These preview releases include that month’s B-release plus a set of non-security updates for testing and validation as a cumulative package. We recommend IT Administrators uses the C/D previews to test the update in their environments. Any issues identified with the updates in the C/D releases are identified and then fixed or removed, prior to being rolled up in to the next month’s B release package together with new security updates. Security-only Packages are not part of the C/D preview program.
|
||||
Lastly, the cumulative update model directly impacts the public Preview releases offered in the 3rd and/or 4th weeks of the month. Update Tuesday, also referred to as the "B" week release occurs on the second Tuesday of the month. It is always a required security update across all operating systems. In addition to this monthly release, Windows also releases non-security update "previews" targeting the 3rd (C) and the 4th (D) weeks of the month. These preview releases include that month's B-release plus a set of non-security updates for testing and validation as a cumulative package. We recommend IT Administrators uses the C/D previews to test the update in their environments. Any issues identified with the updates in the C/D releases are identified and then fixed or removed, prior to being rolled up in to the next month's B release package together with new security updates. Security-only Packages are not part of the C/D preview program.
|
||||
|
||||
> [!NOTE]
|
||||
> Only preview updates for the most recent release of Windows 10 are published to Windows Server Update Services (WSUS). For customers using the WSUS channel, and products such as Microsoft Endpoint Configuration Manager that rely on it, will not see preview updates for older versions of Windows 10.
|
||||
@ -103,9 +104,9 @@ All of these updates are cumulative and build on each other for Windows 10. This
|
||||
*Figure 3.0 - Preview releases within the Windows 10 LCU model*
|
||||
|
||||
## Previews vs. on-demand releases
|
||||
In 2018, we experienced incidents which required urgent remediation that didn’t map to the monthly update release cadence. These incidents were situations that required an immediate fix to an Update Tuesday release. While Windows engineering worked aggressively to respond within a week of the B-release, these "on-demand" releases created confusion with the C Preview releases.
|
||||
In 2018, we experienced incidents which required urgent remediation that didn't map to the monthly update release cadence. These incidents were situations that required an immediate fix to an Update Tuesday release. While Windows engineering worked aggressively to respond within a week of the B-release, these "on-demand" releases created confusion with the C Preview releases.
|
||||
|
||||
As a general policy, if a Security-Only package has a regression, which is defined as an unintentional error in the code of an update, then the fix for that regression will be added to the next month’s Security-Only Update. The fix for that regression may also be offered as part an On-Demand release and will be rolled into the next Monthly Update. (Note: Exceptions do exist to this policy, based on timing.)
|
||||
As a general policy, if a Security-Only package has a regression, which is defined as an unintentional error in the code of an update, then the fix for that regression will be added to the next month's Security-Only Update. The fix for that regression may also be offered as part an On-Demand release and will be rolled into the next Monthly Update. (Note: Exceptions do exist to this policy, based on timing.)
|
||||
|
||||
### Point to consider
|
||||
- When Windows identifies an issue with a Update Tuesday release, engineering teams work to remediate or fix the issue as quickly as possible. The outcome is often a new update which may be released at any time, including during the 3rd or 4th week of the month. Such updates are independent of the regularly scheduled "C" and "D" update previews. These updates are created on-demand to remediate a customer impacting issue. In most cases they are qualified as a "non-security" update, and do not require a system reboot.
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Manage additional Windows Update settings (Windows 10)
|
||||
description: Additional settings to control the behavior of Windows Update (WU) in Windows 10
|
||||
description: In this article, learn about additional settings to control the behavior of Windows Update (WU) in Windows 10.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
|
||||
@ -12,6 +12,7 @@ author: jaimeo
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Manage additional Windows Update settings
|
||||
@ -66,7 +67,7 @@ This setting lets you specify a server on your network to function as an interna
|
||||
|
||||
To use this setting in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify Intranet Microsoft update service location**. You must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update Agent to download updates from an alternate download server instead of the intranet update service.
|
||||
|
||||
If the setting is set to **Enabled**, the Automatic Updates client connects to the specified intranet Microsoft update service (or alternate download server), instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization don’t have to go through a firewall to get updates, and it gives you the opportunity to test updates after deploying them.
|
||||
If the setting is set to **Enabled**, the Automatic Updates client connects to the specified intranet Microsoft update service (or alternate download server), instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organization don't have to go through a firewall to get updates, and it gives you the opportunity to test updates after deploying them.
|
||||
If the setting is set to **Disabled** or **Not Configured**, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
|
||||
|
||||
The alternate download server configures the Windows Update Agent to download files from an alternative download server instead of the intranet update service.
|
||||
@ -91,9 +92,9 @@ If the setting is set to **Enabled**, Windows will check for available updates a
|
||||
If the setting is set to **Disabled** or **Not Configured**, Windows will check for available updates at the default interval of 22 hours.
|
||||
|
||||
>[!NOTE]
|
||||
>The “Specify intranet Microsoft update service location” setting must be enabled for this policy to have effect.
|
||||
>The "Specify intranet Microsoft update service location" setting must be enabled for this policy to have effect.
|
||||
>
|
||||
>If the “Configure Automatic Updates” policy is disabled, this policy has no effect.
|
||||
>If the "Configure Automatic Updates" policy is disabled, this policy has no effect.
|
||||
|
||||
To configure this policy with MDM, use [DetectionFrequency](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#update-detectionfrequency).
|
||||
|
||||
@ -121,7 +122,7 @@ If the setting is set to **Disabled** or **Not Configured**, no target group inf
|
||||
If the intranet Microsoft update service supports multiple target groups, this policy can specify multiple group names separated by semicolons. Otherwise, a single group must be specified.
|
||||
|
||||
>[!NOTE]
|
||||
>This policy applies only when the intranet Microsoft update service the device is directed to is configured to support client-side targeting. If the “Specify intranet Microsoft update service location” policy is disabled or not configured, this policy has no effect.
|
||||
>This policy applies only when the intranet Microsoft update service the device is directed to is configured to support client-side targeting. If the "Specify intranet Microsoft update service location" policy is disabled or not configured, this policy has no effect.
|
||||
|
||||
### Allow signed updates from an intranet Microsoft update service location
|
||||
|
||||
@ -129,7 +130,7 @@ This policy setting allows you to manage whether Automatic Updates accepts updat
|
||||
|
||||
To configure this setting in Group Policy, go to **Computer Configuration\Administrative Templates\Windows Components\Windows update\Allow signed updates from an intranet Microsoft update service location**.
|
||||
|
||||
If you enable this policy setting, Automatic Updates accepts updates received through an intranet Microsoft update service location, as specified by [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location), if they are signed by a certificate found in the “Trusted Publishers” certificate store of the local computer.
|
||||
If you enable this policy setting, Automatic Updates accepts updates received through an intranet Microsoft update service location, as specified by [Specify Intranet Microsoft update service location](#specify-intranet-microsoft-update-service-location), if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
|
||||
If you disable or do not configure this policy setting, updates from an intranet Microsoft update service location must be signed by Microsoft.
|
||||
|
||||
>[!NOTE]
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Walkthrough use Intune to configure Windows Update for Business (Windows 10)
|
||||
description: Configure Windows Update for Business settings using Microsoft Intune.
|
||||
description: In this article, learn how to configure Windows Update for Business settings using Microsoft Intune.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
audience: itpro
|
||||
@ -12,6 +12,7 @@ ms.date: 07/27/2017
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Walkthrough: use Microsoft Intune to configure Windows Update for Business
|
||||
@ -29,7 +30,7 @@ ms.topic: article
|
||||
>
|
||||
>In the following settings CB refers to Semi-Annual Channel (Targeted), while CBB refers to Semi-Annual Channel.
|
||||
|
||||
You can use Intune to configure Windows Update for Business even if you don’t have on-premises infrastructure when you use Intune in conjunction with Azure AD. Before configuring Windows Update for Business, consider a [deployment strategy](waas-servicing-strategy-windows-10-updates.md) for updates and feature updates in your environment.
|
||||
You can use Intune to configure Windows Update for Business even if you don't have on-premises infrastructure when you use Intune in conjunction with Azure AD. Before configuring Windows Update for Business, consider a [deployment strategy](waas-servicing-strategy-windows-10-updates.md) for updates and feature updates in your environment.
|
||||
|
||||
Windows Update for Business in Windows 10 version 1511 allows you to delay quality updates up to 4 weeks and feature updates up to an additional 8 months after Microsoft releases builds to the Current Branch for Business (CBB) servicing branch. In Windows 10 version 1607 and later, you can delay quality updates for up to 30 days and feature updates up to an additional 180 days after the release of either a Current Branch (CB) or CBB build.
|
||||
|
||||
@ -42,7 +43,7 @@ To use Intune to manage quality and feature updates in your environment, you mus
|
||||
|
||||
In this example, you use two security groups to manage your updates: **Ring 4 Broad business users** and **Ring 5 Broad business users #2** from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md).
|
||||
|
||||
- The **Ring 4 Broad business users** group contains PCs of IT members who test the updates as soon as they’re released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices.
|
||||
- The **Ring 4 Broad business users** group contains PCs of IT members who test the updates as soon as they're released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices.
|
||||
- The **Ring 5 Broad business users #2** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release.
|
||||
|
||||
>[!NOTE]
|
||||
@ -71,7 +72,7 @@ In this example, you use two security groups to manage your updates: **Ring 4 Br
|
||||
|
||||
|
||||
|
||||
8. For this deployment ring, you’re required to enable only CBB, so click **Save Policy**.
|
||||
8. For this deployment ring, you're required to enable only CBB, so click **Save Policy**.
|
||||
|
||||
9. In the **Deploy Policy: Windows Update for Business – CBB1** dialog box, click **Yes**.
|
||||
|
||||
@ -175,7 +176,7 @@ In this example, you use three security groups from Table 1 in [Build deployment
|
||||
|
||||
10. In the **Manage Deployment: Windows Update for Business – CB2** dialog box, select the **Ring 2 Pilot Business Users** group, click **Add**, and then click **OK**.
|
||||
|
||||
You have now configured the **Ring 2 Pilot Business Users** deployment ring to enable CB feature update deferment for 14 days. Now, you must configure **Ring 4 Broad business users** to receive CBB features updates as soon as they’re available.
|
||||
You have now configured the **Ring 2 Pilot Business Users** deployment ring to enable CB feature update deferment for 14 days. Now, you must configure **Ring 4 Broad business users** to receive CBB features updates as soon as they're available.
|
||||
|
||||
### Configure Ring 4 Broad business users policy
|
||||
|
||||
@ -216,7 +217,7 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e
|
||||
|
||||
14. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**.
|
||||
|
||||
You have now configured the **Ring 4 Broad business users** deployment ring to receive CBB feature updates as soon as they’re available. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates.
|
||||
You have now configured the **Ring 4 Broad business users** deployment ring to receive CBB feature updates as soon as they're available. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates.
|
||||
|
||||
|
||||
### Configure Ring 5 Broad business users \#2 policy
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Windows Update error code list by component
|
||||
description: Reference information for Windows Update error codes
|
||||
description: In this article, you can find reference information for Windows Update error codes, such as Automatic Update and UI errors.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl:
|
||||
audience: itpro
|
||||
@ -13,6 +13,7 @@ ms.date: 09/18/2018
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Windows Update error codes by component
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Windows Update common errors and mitigation
|
||||
description: Learn about some common issues you might experience with Windows Update
|
||||
description: In this article, learn about some common issues you might experience with Windows Update, as well as steps to resolve them.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl:
|
||||
audience: itpro
|
||||
@ -13,6 +13,7 @@ ms.date: 09/18/2018
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Windows Update common errors and mitigation
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Windows Update log files
|
||||
description: Learn about the Windows Update log files
|
||||
description: In this article, learn about the Windows Update log files, including file generation, components, and structure.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl:
|
||||
audience: itpro
|
||||
@ -13,6 +13,7 @@ ms.date: 09/18/2018
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Windows Update log files
|
||||
@ -66,7 +67,7 @@ The WU engine has different component names. The following are some of the most
|
||||
- IdleTimer - Tracking active calls, stopping a service
|
||||
|
||||
>[!NOTE]
|
||||
>Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don't filter to exclude irrelevant components so that you can focus on what’s important.
|
||||
>Many component log messages are invaluable if you are looking for problems in that specific area. However, they can be useless if you don't filter to exclude irrelevant components so that you can focus on what's important.
|
||||
|
||||
### Windows Update log structure
|
||||
The Windows update log structure is separated into four main identities:
|
||||
@ -114,7 +115,7 @@ Search for and identify the components that are associated with the IDs. Differe
|
||||
#### Update identifiers
|
||||
|
||||
##### Update ID and revision number
|
||||
There are different identifiers for the same update in different contexts. It’s important to know the identifier schemes.
|
||||
There are different identifiers for the same update in different contexts. It's important to know the identifier schemes.
|
||||
- Update ID: A GUID (indicated in the previous screen shot) that's assigned to a given update at publication time
|
||||
- Revision number: A number incremented every time that a given update (that has a given update ID) is modified and republished on a service
|
||||
- Revision numbers are reused from one update to another (not a unique identifier).
|
||||
@ -123,8 +124,8 @@ There are different identifiers for the same update in different contexts. It’
|
||||
|
||||
|
||||
##### Revision ID
|
||||
- A Revision ID (do no confuse this with “revision number”) is a serial number that's issued when an update is initially published or revised on a given service.
|
||||
- An existing update that’s revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a completely new revision ID that is not related to the previous ID.
|
||||
- A Revision ID (do no confuse this with "revision number") is a serial number that's issued when an update is initially published or revised on a given service.
|
||||
- An existing update that's revised keeps the same update ID (GUID), has its revision number incremented (for example, from 100 to 101), but gets a completely new revision ID that is not related to the previous ID.
|
||||
- Revision IDs are unique on a given update source, but not across multiple sources.
|
||||
- The same update revision may have completely different revision IDs on WU and WSUS.
|
||||
- The same revision ID may represent different updates on WU and WSUS.
|
||||
@ -133,7 +134,7 @@ There are different identifiers for the same update in different contexts. It’
|
||||
- Local ID is a serial number issued when an update is received from a service by a given WU client
|
||||
- Usually seen in debug logs, especially involving the local cache for update info (Datastore)
|
||||
- Different client PCs will assign different Local IDs to the same update
|
||||
- You can find the local IDs that a client is using by getting the client’s %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file
|
||||
- You can find the local IDs that a client is using by getting the client's %WINDIR%\SoftwareDistribution\Datastore\Datastore.edb file
|
||||
|
||||
##### Inconsistent terminology
|
||||
- Sometimes the logs use terms inconsistently. For example, the InstalledNonLeafUpdateIDs list actually contains revision IDs, not update IDs.
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Windows Update - Additional resources
|
||||
description: Additional resources for Windows Update
|
||||
description: In this article, you can find additional resources for Windows Update, such as WSUS troubleshooting.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl:
|
||||
|
||||
@ -13,6 +13,7 @@ ms.date: 09/18/2018
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Windows Update - additional resources
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
---
|
||||
title: Windows Update troubleshooting
|
||||
description: Learn how to troubleshoot Windows Update
|
||||
description: In this article, learn how to troubleshoot issues with Windows Update, such as why a device is frozen at scan.
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl:
|
||||
audience: itpro
|
||||
@ -12,6 +12,7 @@ author: jaimeo
|
||||
ms.reviewer:
|
||||
manager: laurawi
|
||||
ms.topic: article
|
||||
ms.custom: seo-marvel-apr2020
|
||||
---
|
||||
|
||||
# Windows Update troubleshooting
|
||||
@ -204,7 +205,7 @@ From the WU logs:
|
||||
|
||||
In the above log snippet, we see that the Criteria = "IsHidden = 0 AND DeploymentAction=*". "*" means there is nothing specified from the server. So, the scan happens but there is no direction to download or install to the agent. So it just scans the update and provides the results.
|
||||
|
||||
Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are 0 updates to install or download. This is due to bad setup or configuration in the environment. The WSUS side should approve the patches for WU so that it fetches the updates and installs it on the specified time according to the policy. Since this scenario doesn't include SCCM, there's no way to install unapproved updates. And that is the problem you are facing. You expect that the scan should be done by the operational insight agent and automatically trigger download and install but that won’t happen here.
|
||||
Now if you look at the below logs, the Automatic update runs the scan and finds no update approved for it. So it reports there are 0 updates to install or download. This is due to bad setup or configuration in the environment. The WSUS side should approve the patches for WU so that it fetches the updates and installs it on the specified time according to the policy. Since this scenario doesn't include SCCM, there's no way to install unapproved updates. And that is the problem you are facing. You expect that the scan should be done by the operational insight agent and automatically trigger download and install but that won't happen here.
|
||||
|
||||
```console
|
||||
2018-08-06 10:58:45:992 480 5d8 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 57]
|
||||
|
||||
Reference in New Issue
Block a user