In the first part of this blog series, we learnt that there are two type of updates, Feature Updates (containing new OS features) and monthly Quality Updates.
If you do nothing, both Feature and Quality updates will be deployed as they become available without allowing time for application or hardware testing.
To recap, you should at this point be thinking:
- “Huh, you‘re saying Feature Updates, or what I now understand to be a new version of Windows 10, will be deployed at least twice a year!?”
- How will this impact our users? Reboots?
- How long will our users be disrupted for?
- Will our applications work in the new OS version?
- Can I skip a feature update?
- “…And Quality Updates will be deployed monthly!?”
- Is bandwidth being used effectively?
- Will this update break any application?
- Are my users OK with all these updates?
Update Channels: Getting Prepared
The first step of gaining control of these pesky but ultimately necessary updates, and to control when and how devices install updates, is by assigning them to the appropriate servicing channel, of which there are three:
- Semi-Annual Channel
The Semi-annual Channel is your standard default channel; all devices (unless they have been configured otherwise) belong to this channel. In this channel, feature updates are available as soon as Microsoft releases them, twice or three times per year. As long as a device isn’t set to defer feature updates, any device using the Semi-annual Channel will install a feature update as soon as it’s released. If you use Windows Update for Business, the Semi-annual Channel provides three months of additional total deployment time before being required to update to the next release.
- Long Term Servicing Channel
The Long-Term Servicing Channel is designed to be used only for specialised devices (which typically don’t run Office), such as ones that control medical equipment or ATMs. Devices on this channel receive new feature releases every two to three years.
- The Windows Insider Channel
The Windows Insider Program allows you to run preview builds of Windows 10 and grants early access to updates before they become widely available. This allows time to explore the latest features, validate devices, drivers and apps. So, get some devices registered on the Insider program, it costs nothing and could help avoid a catastrophic failure! Realistically it probably won’t though, but it may stop an archaic bit of software working… shame.
Assigning devices to an Update Channel
There are many ways to assign devices to a channel, including Microsoft Endpoint Configuration Manager, Windows Server Update Services (WSUS), Intune and of course, the good old favourite, Group Policy. By dividing devices into different groupings/populations (“deployment groups” or “deployment rings”) you can use servicing channel assignment, followed by other management features such as update deferral policies, to create a phased deployment of updates.
There are various strategies for selecting test machines, consider the following when forming yours:
- Choose devices that run a spread of applications used, including key line of business applications.
- Choose at least one device by function or department. Remember, we want to test end user acceptance too, and user interaction with devices can vary drastically across an organisation.
- Desktops and laptops belonging to over keen users are good candidates as they often are a great, if sometimes annoying, source of information, and all feedback is good – as are most people, so don’t call them annoying!
- Have a rollback to ensure a device can be returned to a previously working state should the update cause issues.
- Tell the user, they will be assisting you and providing valuable feedback but the early adoption of updates just may cause an impact, the user needs to know how to escalate these issues.
Have a think about who would be good Insider candidates, have a chat with them, stick ‘em in a group and roll out those settings. It’s almost the least you can do, well in terms of WaaS it is. But seriously, every organisation is different – for your modern “millennium” type organisation this could be enough – however in every company I have been involved with this approach would simply not be good enough.
That’s why I’ll be outlining a better approach for you in my next blog on Windows as a service/Windows 10!