Are you an admin or power user who feels slightly confused by the detail underpinning Microsoft’s Windows 10 updating and patching plans? If so, that’s not surprising. Microsoft has at times been less than clear about the ins and outs of the new Windows 10 updating branches and ‘rings’ which is some respects are similar to the regime pre-dating Windows 10 but dressed up in a new and confusing terminology.
Here we try to piece together what’s what with updating and Windows 10. There are certainly some things to watch out for. What is clear is that this new world is more complex, necessarily so. Today, Windows 10 is still an operating system but at some point it will resemble more of a service. This is the fate for all ‘big’ operating systems.
The mental map to understanding what’s going in are the different updating ‘branches’ and, within each of those, the deployment ‘rings’. A second important issue is to understand the difference between ‘updates’ (additional feature and services) and patches/fixes (security updates). The first of these is described in detail below while the second will happen as and when they deigned necessary by Microsoft.
For a specific primer on Windows 10's main Security features see Windows 10 – the top 7 enterprise security features
Windows 10 updating: Current Branch (CB) – Windows 10 Home
This is plainly just the old Windows Update (WU) that home users have grown used to since its appearance in 2003 with Patch Tuesday but there are some important subtleties. Instead of the current monthly patching cycle, some updates will be applied on an ongoing basis, including Defender updates and what would once have been called ‘out of band’ security patches. Bigger updates covering new features will happen every four months, nudging Windows evolution along more rapidly than in the past.
In short, security fixes might coincide with CB updates but are, at a deeper level, independent of them and can happen on any timescale Microsoft chooses.
Fast and slow rings – This is confusing. In theory Home users get the fast ring by default under which updates, fixes and patches are issued immediately after they have been tested by Microsoft’s employees (118,000) plus insider testers on the fast ring (up to several million perhaps). There is also a slow ring of up to four weeks for anyone on the Insider programme who values stability.
However, it also appears that many Home users will be on a slightly slower track based on where they are in the update queue, so in truth the fact some users think they are in the fast track could be moot. This actually looks more like three rings: fast (for developers and brave Insiders), slow (home users) and slower (for anyone cautious on the Insider programme). It’s not crystal clear yet but it could be that the fast track will apply most particularly to security updates.
One clearer takeaway from the license agreement applied to Windows 10 upgrades under CB is that slow ring or not, updates will have to be applied. There is no option to delay them indefinitely or pick and choose which to accept.
Next: Windows Delivery Optimization
Windows Delivery Optimization
A controversial feature in which Windows updates are distributed using glorified P2P, it is present in all versions of Windows in some form. For Windows 10 Enterprise and Windows 10 Education the LAN distribution is the default (i.e. external PCs are not accessed). Home and Pro, however, have the ‘PCs on your local network and PCs on the Internet’ option enabled unless it is changed to LAN or turned off altogether.
Threshold Wave 2 (th2)
However they are applied, the larger thrice-yearly updates will get names with the first, ‘Threshold Wave 2’ (th2), due in October 2015.
Windows 10 updating: Current Branch for Business (CBB) – Windows 10 Pro, Enterprise and Education
The second track, applying to Pro licenses as well as Enterprise, is CBB. This is philosophically the same updating system as CB but offering the flexibility on timescales that are essential to businesses. Admins will be able to choose which devices go on which ring, be that fast or slow, with a lot of control over precise timing for maintenance windows. It looks as if updates will be able to be delayed for up to a year from Common Branch appearance, with four months the default. Here’s the thing though; the old test regime of running updates through a lab setup is no longer seen as ideal with Microsoft suggesting real users are selected as a test bed.
Distributed using the new Windows Update for Business (WUFB, later renamed plain ‘WUB’) service, CBB will also integrate with Microsoft System Configuration Manager (SCCM), and the Enterprise Mobility Suite although what this will look like still needs clarification. Security updates – Patch Tuesday – will be distributed through WUFB as normal.
Frustratingly, how and when WUB will appear hasn’t been clear although it now appears that important features such as creating test rings to run through updates won’t be available for a while.
The inclusion of Pro in CBB is interesting because that ‘SKU’ is the Microsoft product most often deployed to home and mobile business users, or perhaps as part of a BYOD situation.
What about users on the Insider Program? This will still exist for CBB in the form of the Windows Insider Preview Branch.
Windows 10 updating: Long Term Servicing Branch (LTSB)
A third and final option for those who need it running Software Assurance licensing is LTSB. It offers a huge amount of flexibility which suggests that Microsoft’s desire to keep this track to a minimum possible might be disappointed.
In essence, LTSB will let an organisations adopt all updates bar security and bug fixes on their own slower timetable, upgrading between LTSB builds at intervals of two or possibly three years. However, it will also be possible to fix different sets of users on any one of the three branches, CB, CBB or LTSB, and move users between them. Using LTSB imposes some limitations such as not being able to use the Edge browser and Cortana that were designed as services that must be upgraded on a regular basis.
LTSB guarantees support for 10 years, five in Mainstream" support, the following five in "Extended" support. The big downside of LTSB is simply cost – the alternative CBB is Microsoft’s of delivering updating and patching as a service, which LTSB customers don’t get to access.