diff --git a/windows/plan/integration-with-management-solutions-.md b/windows/plan/integration-with-management-solutions-.md index a08986d154..788d1ad4e8 100644 --- a/windows/plan/integration-with-management-solutions-.md +++ b/windows/plan/integration-with-management-solutions-.md @@ -2,35 +2,51 @@ title: Integration with management solutions (Windows 10) description: You can integrate Windows Update for Business deployments with existing management tools such as Windows Server Update Services (WSUS), System Center Configuration Manager, and Microsoft Intune. ms.assetid: E0CB0CD3-4FE1-46BF-BA6F-5A5A8BD14CC9 -ms.pagetype: servicing; devices -keywords: ["update", "upgrade", "deployment", "manage", "tools"] +keywords: update, upgrade, deployment, manage, tools ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library +ms.pagetype: servicing; devices author: TrudyHa --- + # Integration with management solutions + **Applies to** - Windows 10 + You can integrate Windows Update for Business deployments with existing management tools such as Windows Server Update Services (WSUS), System Center Configuration Manager, and Microsoft Intune. + ## System Center Configuration Manager + For Windows 10, version 1511, organizations that already manage their systems with Configuration Manager can also have their devices configured for Windows Update for Business (in other words, set deferral policies on those machines). For Windows 10, version 1511, such devices will be visible in the Configuration Manager console, however they will appear with a detection state of “Unknown”. + ![figure 1](images/wuforbusiness-fig10-sccmconsole.png) + ## WSUS standalone + For Windows 10, version 1511, you cannot configure devices for both Windows Update for Business *and* to receive updates from WSUS. If both group policies are set (for both deferrals as well as WSUS scanning), Windows Update for Business settings will NOT be respected and devices will continue to scan against WSUS. + ## Enterprise Mobility Suite: Intune + You can configure Windows Update for Business by using MDM policy. To configure Windows Update for Business with Intune: 1. Create a new Windows 10 custom policy. (Add a policy, and choose **Custom Configuration for Windows 10 Desktop and phone…**). + ![figure 2](images/wuforbusiness-fig11-intune.png) + 2. Configure the device to Consumer Branch for Business by selecting to defer upgrades (as described in [Setup and deployment](setup-and-deployment.md). + **Note**   As noted, because WSUS and Windows Update for Business are mutually exclusive policies, do not set **UpdateServiceUrl** if you want to configure to defer upgrades.   3. Establish deferral windows for updates and upgrades. + ![figure 3](images/wuforbusiness-fig12a-updates.png) + ![figure 4](images/wuforbusiness-fig13a-upgrades.png) + ## Related topics + [Windows Update for Business](windows-update-for-business.md) + [Setup and deployment](setup-and-deployment.md) -  -  diff --git a/windows/plan/setup-and-deployment.md b/windows/plan/setup-and-deployment.md index fbcf7657bc..590be310dd 100644 --- a/windows/plan/setup-and-deployment.md +++ b/windows/plan/setup-and-deployment.md @@ -2,24 +2,35 @@ title: Setup and deployment (Windows 10) description: This article describes the basic features of a Windows Update for Business deployment. ms.assetid: E176BB36-3B1B-4707-9665-968D80050DD1 -ms.pagetype: servicing; devices -keywords: ["update", "upgrade", "deployment"] +keywords: update, upgrade, deployment ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library +ms.pagetype: servicing; devices author: TrudyHa --- + # Setup and deployment + **Applies to** - Windows 10 + This article describes the basic features of a Windows Update for Business deployment. Use this information to familiarize yourself with a simple deployment with a single group of machines connected to Windows Update, in addition to more complex scenarios such as the creation of Windows Update for Business validation groups that receive updates from Windows Update at different time intervals, as well as Windows Update for Business deployments integrated with existing management tools such as Windows Server Update Services (WSUS), System Center Configuration Manager, or Microsoft Intune. + ## Configure your systems to receive updates on CBB + To use Windows Update for Business, Windows 10-based devices must first be configured for the Current Branch for Business (CBB). You can configure devices manually, by using Group Policy, or by using mobile device management (MDM). + ![figure 1](images/wuforbus-fig1-manuallyset.png) + ![figure 2](images/wuforbusiness-fig2-gp.png) + ![figure 3](images/wuforbusiness-fig3-mdm.png) + ## Defer OS upgrade and update deployments + Windows Update for Business allows administrators to control when upgrades and updates are deployed to their Windows 10 clients by specifying deferral windows from when they are initially made available on the Windows Update service. As mentioned, there are restrictions as to how long you can delay upgrades and updates. The following table details these restrictions, per deployment category type: +
@@ -110,27 +121,42 @@ Group Policy does not allow you to set a future "unpause” — administrators m
  ![figure 6](images/wuforbusiness-fig6-pause.png) + ## Create validation groups for deployments + By grouping machines into similar deferral periods, administrators are able to cluster devices into deployment or validation groups which can be used as a quality control measure as updates are deployed in Windows 10. With deferral windows and the ability to pause, administrators can effectively control and measure update deployments by rolling out to a small pool of devices first to verify quality, prior to a broader roll-out to their organization. + Administrators can establish validation groups to maintain a level of control over update/driver deployments which allows them to: - Control the date, time, and frequency updates will be applied and devices rebooted - Deploy a small set of machines to verify quality prior to broad roll-out - Stage broad roll-out in waves to continue quality verification and minimize disruptions - Manage membership of waves based on criteria defined by IT - Halt and roll-back deployment of updates/drivers that may be causing trouble + ![figure 7](images/wuforbusiness-fig7-validationgroup.png) + ## Peer-to-peer networking for deployments + Windows Update Delivery Optimization enables Windows Update for Business enrolled devices to download Windows updates and Windows Store apps from sources other than Microsoft. With multiple devices, Delivery Optimization can reduce the amount of Internet bandwidth that is required to keep all of your Windows Update for Business enrolled systems up to date. It can also help ensure that devices get updates and apps more quickly if they have a limited or unreliable Internet connection. + In addition to downloading updates and apps from Microsoft, Windows will get updates and apps from other PCs that already have them. You can choose which PCs you get these updates from. + ### How Delivery Optimization works + - **PCs on your local network.** When Windows downloads an update or app, it will look for other PCs on your local network that have already downloaded the update or app using Delivery Optimization. Windows then downloads parts of the file from those PCs and parts of the file from Microsoft. Windows doesn’t download the entire file from one place. Instead, the download is broken down into smaller parts. Windows uses the fastest, most reliable download source for each part of the file. - **PCs on your local network and PCs on the Internet.** Windows uses the same process as when getting updates and apps from PCs on your local network, and also looks for PCs on the Internet that can be used as a source to download parts of updates and apps. + ### Delivery Optimization settings + Delivery Optimization is turned on by default for the Enterprise and Education editions of Windows 10, where the default option is that updates will only be pulled and shared from PCs on your LAN and not the Internet. Delivery Optimization configuration settings can be viewed by going to: Settings > Update and Security > Advanced Options > Choose how your updates are delivered + ![figure 8](images/wuforbusiness-fig8a-chooseupdates.png) + ## Use Group Policy to configure Windows Update Delivery Optimization + You can use Group Policy to configure Windows Update Delivery Optimization. To do this, use the following steps: + 1. Download the [Administrative Templates (.admx) file for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=699283) from the Microsoft Download Center. 2. Copy the following files to the SYSVOL central store: - DeliveryOptimization.admx from C:\\Program Files (x86)\\Microsoft Group Policy\\Windows 10\\PolicyDefinitions @@ -139,13 +165,19 @@ You can use Group Policy to configure Windows Update Delivery Optimization. To d 4. Browse to the following location: - Computer Configuration\\Administrative Templates\\Windows Components\\Delivery Optimization 5. Make the following Windows Update Delivery Optimization settings, as appropriate. + ![figure 9](images/wuforbusiness-fig9-dosettings.jpg) + **Virus-scan claim** + Microsoft scanned this file for viruses, using the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to it. + For more information about Windows Update Delivery Optimization in Windows 10, see the [Windows Update Delivery Optimization FAQ](http://go.microsoft.com/fwlink/p/?LinkId=699284). + For additional resources, see [How to use Group Policy to configure Windows Update Delivery Optimization in Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=699288). + ## Related topics + [Windows Update for Business](windows-update-for-business.md) + [Integration with management solutions](integration-with-management-solutions-.md) -  -  diff --git a/windows/plan/windows-10-guidance-for-education-environments.md b/windows/plan/windows-10-guidance-for-education-environments.md index 0e34d984eb..c40e7da07e 100644 --- a/windows/plan/windows-10-guidance-for-education-environments.md +++ b/windows/plan/windows-10-guidance-for-education-environments.md @@ -2,15 +2,19 @@ title: Guidance for education environments (Windows 10) description: Find resources to help you plan your deployment of Windows 10 to desktops, laptops, tablets, and other devices in educational institutions. ms.assetid: 225C9D6F-9329-4DDF-B447-6CE7804E314E -ms.pagetype: security ms.prod: W10 ms.mktglfcycl: plan ms.sitesec: library +ms.pagetype: security author: craigash --- + # Guidance for education environments + Find resources to help you plan your deployment of Windows 10 to desktops, laptops, tablets, and other devices in educational institutions. + ## In this section + diff --git a/windows/plan/windows-update-for-business.md b/windows/plan/windows-update-for-business.md index 474b33cfb4..7371c01825 100644 --- a/windows/plan/windows-update-for-business.md +++ b/windows/plan/windows-update-for-business.md @@ -2,28 +2,40 @@ title: Windows Update for Business (Windows 10) description: Get an overview of how you can implement and deploy a Windows Update for Business solution and how to maintain enrolled systems. ms.assetid: DF61F8C9-A8A6-4E83-973C-8ABE090DB8C6 -ms.pagetype: servicing; devices -keywords: ["update", "upgrade", "deployment", "WSUS"] +keywords: [update, upgrade, deployment, WSUS ms.prod: w10 ms.mktglfcycl: plan ms.sitesec: library +ms.pagetype: servicing; devices author: TrudyHa --- + # Windows Update for Business + **Applies to** - Windows 10 + Get an overview of how you can implement and deploy a Windows Update for Business solution and how to maintain enrolled systems. + ## Introduction + Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service. By using [Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing: - **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met). - **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient. - **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=699281). + Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](http://go.microsoft.com/fwlink/p/?LinkId=734043) and [System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=734044). + ## Deploy Windows Update for Business in your organization + For Windows 10, version 1511, Windows Update for Business is enabled using a set of client-side configurations, allowing you to manage how and when Windows-based devices receive updates and upgrades. These capabilities use the Windows Update service like any other Windows 10 clients, but provides controls to help businesses validate update quality as well as time their update deployments to machines through the use of Group Policy Objects. Windows Update for Business also incorporates smart peer-to-peer networking for distribution of Windows updates, which will help maintain bandwidth efficiency in the absence of a WSUS solution. + ## Eligible devices + All devices running Windows 10 Pro, Enterprise, and Education on the Current Branch for Business (CBB) are Windows Update for Business eligible. + ## OS upgrades and updates + In Windows 10, Windows Update for Business recognizes three deployment categories that clients receive from Windows Update: - **Upgrades** - Examples: Windows 10 (Build 10240) to Windows 10, version 1511; CBB 1 to CBB 2 @@ -35,6 +47,7 @@ In Windows 10, Windows Update for Business recognizes three deployment categori - **Other/non-deferrable** - Definition updates (these cannot be deferred) Both upgrades and updates can be deferred from deployment to client machines by a Windows Update for Business administrator within a bounded rage of time from when those updates are first made available on the Windows Update service. This deferral capability allows administrators to validate deployments as they are pushed to all their Windows Update for Business enrolled clients. The following table defines maximum deferral periods allowed by deployment type: +
@@ -73,9 +86,11 @@ Both upgrades and updates can be deferred from deployment to client machines by
CategoryE0789628-CE08-4437-BE74-2495B842F43B
+ ## Related topics + [Setup and deployment](setup-and-deployment.md) + [Integration with management solutions](integration-with-management-solutions-.md) + [Windows 10 servicing options for updates and upgrades](../manage/introduction-to-windows-10-servicing.md) -  -