Microsoft Suggests IT Pros Must Adapt to Windows 10 Update Process
Microsoft this week reiterated its adapt-or-die message to IT pros responsible for keeping Windows clients and servers updated and patched.
Its latest notice is bringing that point home for the second time. Earlier this month, the company had given notice that its software update delivery system would be switching over to the Windows 10 servicing model for the majority of its supported client and server operating systems, starting in October. Under the Windows 10 model, updates arrive monthly and are "cumulative," which means that they contain all updates "since the last baseline" release of the OS.
This Windows 10 update model change will take effect sometime in October for Windows 7/8.1 clients, as well as Windows Server 2008 R2 plus Windows Server 2012/R2 versions. It'll also apply to Windows Server 2016 when it gets released.
Microsoft's two announcements are signaling an end to traditional IT practices for managing Windows updates, called "KBs" for "Knowledge Base" articles. Under traditional practices overseen by IT pros, individual Microsoft patches that had wrecked functionality in a computing environment could be rolled back. However, that ability will be going away in October.
No Individual Patches
Under the new scheme, if IT pros should experience a problem with an individual Windows patch, then they will have to roll back to the last month's OS baseline. IT pros won't have the ability to roll back an individual patch (KB) when this new "Windows-as-a-service" update approach takes effect in October, Microsoft indicated:
The short answer is "No," you can't control which KB's can be applied, so the complete roll up would need to be backed out. But the answer is more complex than a simple no.
The complexity referred to above has to do with the overall patch fragmentation that occurs in Windows environments when IT pros selectively apply updates, according to Microsoft. While IT pros might see an offending individual patch as Microsoft's problem to fix, Microsoft sees the problem as being a partner issue to address.
"If there is a problem the partner will need to open up a case and provide business justification to drive the discussion with Microsoft," Microsoft's announcement this week explained.
It's not exactly clear what IT pros should do if such a Microsoft-partner dialog doesn't result in a solution for a problematic patch. They will only be able to roll their cumulative patch back to the prior month, it seems. IT pros potentially could get behind on feature update patching, given this approach.
Security updates, though, are another matter. They will be available since they are issued in separate cumulative updates for organizations using Windows Server Update Services or System Center Configuration Manager management systems. Alternatively, cumulative security updates can be obtained from the Microsoft Update Catalog. Microsoft isn't planning to issue cumulative security updates any more through its Windows Update service.
Change Your Thinking
IT pros used to traditional patch management methods are just going to have to change their way of thinking, starting in October, Microsoft suggested:
With Windows 10, a new model is being adopted. This new model, referred to as "Windows as a service," requires organizations to rethink how they deploy and upgrade Windows. It is no longer a project that happens every few years, it is a continual process.
Moreover, Microsoft's update process involves a complex cycle in which IT pros will have to track branch changes ("current branch" and "current branch for business"). Or they have the option of following the "long-term servicing branch" with Enterprise or Education editions of Windows 10, which affords organizations the greatest time delays between updates. It's not too clear if those Windows 10 cycles also apply to older Windows versions as well.
So far, Microsoft's faster monthly update deliveries with Windows 10 haven't been without problems. For instance, a flawed April update to Windows Server Update Services, which was designed to decrypt Windows 10 updates, was patched by Microsoft in May but it still required manual configuration steps by IT pros to make things right.
Likely, many organizations had hoped to avoid the Windows 10 patching treadmill for years by doggedly sticking with Windows 7. However, in October 2016, that safe prospect will go away. Microsoft seems to be telling IT pros to get with the program in a very unsubtle way. Should software get broken in organizations, though, possibly it'll be a two-way conversation.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.