In-Depth
Microsoft Explains Windows 10 Version 1809 Servicing for IT Pros
IT pros got an earful about Windows 10 servicing, plus lots of talk about Windows Autopilot, in a recent Microsoft Web presentation.
A Microsoft product expert blitzed through Windows 10 version 1809 servicing in an online presentation on Wednesday.
The presentation, "What's New in Windows 10 Version 1809 for IT Pros," by Bruno Nowak, a product marketing director for Windows Commercial, was more of an overview of past Microsoft descriptions about Windows 10 servicing, with a few "new" details highlighted in the slides. Participant questions were fielded during the session. When things got somewhat deep, Nowak typically directed his audience of IT pros to review some of Microsoft's past September Ignite sessions, which are recorded and archived here.
Nowak's talk is now available on demand. Links to background details associated with the talk can be found at this page.
A good chunk of the talk focused on Windows Autopilot, which is Microsoft's OEM-partner effort to ease PC setups for end users. Windows Autopilot devices can undergo a self-provisioning process, without hands-on IT pro involvement. Current Windows Autopilot OEM partners include Dell, HP, Lenovo, Microsoft (Surface) and Toshiba. Acer and Panasonic are expected to participate, as well.
For brevity's sake, this article omits the Windows Autopilot details.
Windows 10 Feature Updates
Based on the talk's Q&A portion, it seems that IT pros are still coming to grips with the nomenclature associated with Windows 10 as a Service. For IT pros, the most impactful aspect of Windows 10 servicing is its biannual (spring/fall) "feature update" releases, which add new capabilities to the operating system. Essentially, a feature update is a new OS delivery.
Microsoft hasn't exactly made it easier for most people to understand its servicing process because it has changed the terminology, as well as some of its phases. The names of feature update releases were changed to "channels" (from the previous "branches" descriptor). There are channel types. A "semiannual channel (targeted)" (SAC-T) Windows 10 update is intended for release to so-called "testing rings" (groups of users) within organizations. A "semiannual channel" (SAC) release is actually a later release of Windows 10 that's intended for broad deployment within an organization, according to past Microsoft descriptions, although they may be shifting.
For instance, in June, John Wilcox, a principal program manager at Microsoft, had suggested that Microsoft was planning to drop its SAC-T nomenclature. I asked about this notion last month, and a Microsoft spokesperson said that "we don't have any plans to share at this time" about SAC-T's fate. Nowak's talk on Wednesday didn't add any news on that front, either.
However, Microsoft considers SAC-T releases only relevant for organizations using Windows Update for Business (WUFB). WUFB is a bunch of capabilities associated with Group Policy settings that are used for managing Windows 10 feature updates.
SAC-T releases are not relevant for organizations controlling the arrival of Windows 10 feature updates when they are using tools like Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM), according to Microsoft. Here's the spokesperson's explanation to that effect:
If a customer is using WSUS, SCCM or a third-party solution, they will choose when to deploy. SAC-T is important for WUFB customers as they configure a potential deferral for updating both SAC-T and SAC.
Windows 10 also has a long-term servicing channel (LTSC) option, with new releases expected to appear every three years. The LTSC model, which is intended for things like medical devices, gives organizations the ability to defer new OS features updates for up to 10 years.
Nowak discouraged organizations from using Windows 10 with LTSC, saying that it's not what Microsoft recommends for worker devices. He noted that OEM silicon policies still apply for organizations taking the LTSC route. It's an oblique reference to Windows 10 support being tied to the chip vendor's processor support. LTSC also is not good for organizations that need to connect to the Internet, he added.
"If you have a network not connected to the Internet or in a restricted environment, then LTSC may be the right approach," Nowak said.
Such LTSC discouragement for organizations has been voiced by Microsoft before. While many organizations may prefer the absence of potentially disruptive OS feature updates, that's not Microsoft's direction. Frequent OS updates are needed to address fast-moving security threat scenarios, Microsoft has typically argued in the past. In a Thursday post, Microsoft argued again against LTSC use by organizations.
Nowak offered the following slide on LTSC use cases, which involves licensing a separate edition called "Windows 10 Enterprise LTSC 2019":
Windows 10 Support Cycles
Microsoft also recently changed how long each channel update will be supported before IT pros have to hop over to a newer channel release of Windows 10. Failing to make the hop will result in not getting future monthly OS updates, including security fixes.
The timespan for support between Windows 10 versions can vary for organizations that follow the semiannual channel model. It depends on the edition of Windows 10 used. Enterprise and Education edition users now have 30 months of support (a new extension), but only if they opt to use "September targeted releases" of Windows 10. Everyone else, though, gets just 18 months of support between the major Windows 10 channel releases. The concept is illustrated by the following slide presented during the talk:
Perhaps the nonobvious aspect of this Windows 10 servicing scheme is that organizations that accept a March Windows 10 feature update will get put back onto the 18-month support schedule for that OS release. Here's how a Microsoft spokesperson explained it (via an e-mail exchange last month):
For Windows 10 Enterprise and Education customers who choose to deploy a September targeted release, they get 30 months of servicing. If they deploy a March release, they get 18 months of servicing. If they then take the following September release, they are back to 30 months of servicing again for that release, and so on.
Feature Update Size
Microsoft seems to be aware that bringing down so many new OS bits every six months can be disruptive for organizations. Nowak noted during the talk that it can take 82 minutes for a feature update to deploy for older versions of Windows 10.
Microsoft's response has been to improve the offline upload time for bringing the new bits to Windows 10 clients. As a consequence of this improvement, it now takes 30 minutes to deploy Windows 10 version 1809 on top of Windows 10 version 1803, Nowak explained. Microsoft is claiming that this offline download process has made Windows 10 updates "up to 63 percent faster."
Nowak cautioned that if a Windows 10 device has less than 16GB of free storage space remaining, then the device will need to be taken offline to complete the feature update. In such cases, the feature update process will be longer, he noted.
The following slide described other scenarios when the offline download improvements with Windows 10 won't be seen, plus a caveat for SCCM users:
Monthly Quality Updates
In addition to releasing semiannual feature updates, Microsoft publishes monthly security and quality patches for Windows 10. Security and quality patches both get labeled with the "quality updates" term by Microsoft. They also get referred to as the "latest cumulative updates" by Microsoft.
Quality updates are described as being "cumulative updates." That is, a quality update contains earlier patches plus the new ones released for that month. However, a quality update will just update the existing OS' capabilities. They don't add new OS features, according to Microsoft.
Quality updates can get bulky for organizations because they contain past fixes all rolled up. In August, Microsoft promised that Windows 10 version 1809, the "October 2018 Update," would get a new kind of update format that will replace the current "express updates" approach, at least for newer Windows 10 releases. Express updates just deliver the changed bits between versions, so they are a less bulky form of quality update. Microsoft also issues "full updates" (that is, they contain all of the bits). In addition, Microsoft has a "delta updates" release format for quality updates, but the company previously announced plans to stop issuing these delta updates starting on Feb. 12, 2019.
During the talk, Nowak said very little about the new quality update format that's in effect for Windows 10 version 1809. We don't even know what name Microsoft is planning to use for them. However, Nowak did offer the following slide that showed the relative size differences between the new quality update format (shown as "1809" in the slide) and the older quality update approaches:
Bandwidth Issues
Microsoft's frequent Windows 10 update deliveries have an effect on a network's bandwidth. Nowak directed IT pros to use centralized caching with WSUS and SCCM, along with distributed caching with Microsoft's Delivery Optimization technology, per this slide:
Nowak also pointed to the possible use of a bandwidth scavenger technology in Windows Server 2016 called "Low Extra Delay Background Transfer" (LEDBAT), which can be used to automatically manage Windows 10 update traffic. LEDBAT is designed to avoid interfering with the network demands of end users during system updates.
Microsoft had previously touted LEDBAT as being one of the top 10 new Windows Server 2019 features. Apparently, it's also part of Windows Server 2016.
App Compatibility and SetupDiag Tool
Nowak touted the Desktop App Assure FastTrack program to address application compatibility issues during Windows 10 upgrades. He said that app compatibility issues will get fixed under this program, although there's no remediation provided if newer apps will work with a Windows 10 release. Although he didn't mention it, using FastTrack programs require that the organization has purchased "at least 150 licenses" based on specific Windows 10 plans (or Office 365 plans). Those details are described in this document.
Nowak also didn't mention anything about the coming Desktop Analytics tool that Microsoft had unveiled back in September. It's supposed to help IT pros assess application compatibility when upgrading to Windows 10 and Office 365 ProPlus versions. The Desktop Analytics tool was a no-show during the talk.
Another tool, the SetupDiag console tool, can be used to diagnose why a Windows 10 upgrade was unsuccessful. It assembles log file information. SetupDiag can be run on the PC where the upgrade failed, or the logs can be exported from the machine. It works with any Windows 10 version but requires the use of .NET Framework 4.6. This tool has a few "known issues." There can be long processing times or there can be issues when opening certain log files, according to a slide in the presentation.
Questions and Answers
Nowak had lots more to say. Much of the Windows 10 servicing basics, though, got addressed in the background during the presentation's Q&A portion. What follows is a partial selection of the answers.
Can we jump directly from Windows 10 version 1703 to version 1809?
Yes, absolutely. You can always jump from an earlier version to the latest. There is no need to go through each of the feature updates. Have in mind that when doing that, your update stack is from 1703, in this case, so not all improvements on speed and offline time will be realized during that update.
Can we upgrade from Windows 10 version 1709 with BitLocker enabled?
Yes, you can. No need for additional steps if you're using BitLocker. If you're using a different disk encryption that we recommend, you confirm support with your vendor for the required steps. Some only need suspending; others need full decryption before the update.
Any announcements on device configuration security baselines?
The final draft of the security baseline is now available here.
When are the ADMX files for Windows 10 version 1809 going to be out of beta?
The complete set of ADMX files for 1809 is available here.
I heard there is a change to how OS language packs are used with Windows 10 version 1809 compared to other releases. Can you elaborate on that?
Here's more info on the evolution of LIPs to LXPs.
Is there definitive documentation available for which features have been moved to Optional Features for each new Windows version, including Windows 10 version 1809?
See this document for the available Features on Demand. The list has been updated for 1809.