Latest posts by Michael Pietroforte (see all)
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
- PowerShell remoting with SSH public key authentication - Thu, May 3 2018
What we know ^
Let’s first look at the four key features that we know about Windows Update for Business: distribution rings, maintenance windows, peer-to-peer delivery, and integration with existing tools.
The latter feature already makes it clear that WUB is not going to replace other update tools such as WSUS, Configuration Manager, Enterprise Mobility Suite, and Intune because they will support WUB functionality.
Peer-to-peer (P2P) delivery is already available because Windows 10 is able to download updates from nearby Windows 10 computers. However, it is unclear how this technology will relate to WUB in a particular way. Perhaps P2B is supposed to help small organizations update their machines without installing WSUS or another update tool. However, this doesn’t mean that WSUS will be obsolete, as I will outline below.
Maintenance windows will enable IT pros to control when updates will be installed and, even more importantly, when they will not. You can do this today with Group Policy (Computer Configuration > Administrative Templates > Windows Components > Configure Automatic Updates [Option 4]). If WUB will bring something new here, it will probably be related to feature updates because I think that this is what this new service is all about.
Thus, the first key feature I mentioned above, the distribution rings, is the main new thing about WUB. You’ve probably heard about the four distribution rings: Windows Insider program, Current Branch (sometimes also called Consumer Branch [CB]), Current Branch for Business (CBB), and Long-Term Servicing Branch (LTSB). The time when new updates are made available for a Windows 10 machine depends on its distribution ring. Windows Insiders get the updates first, and LTSB machines will only receive new feature updates through new builds.
It is important to note that the distribution rings are only about feature updates and not about security updates or hotfixes. In my view, the most important new feature of Windows 10 is that new features will no longer be made available through service packs but offered continuously whenever Microsoft finishes a new Windows 10 component. Of course, this is a problem for many businesses because changes in functionality can cause compatibility issues and might also require employee training.
What I speculate ^
I believe that Windows Update for Business is only about this problem and nothing else. Admins now need a new tool that allows them to manage feature updates that are essentially upgrades. Hence, a better term for WUB would probably be Windows Upgrade for Business. Of course, businesses will continue to distribute all updates with just one tool. Smaller organizations use WSUS, whereas bigger networks work with Configuration Manager or with one of the myriad third-party patch management tools.
This is why the WUB functionality needs to be integrated in these tools. I somehow doubt that WUB will be a tool that you can install in your network. I believe that it is just a marketing term plus a free cloud service provided by Microsoft that you can configure in WSUS or any of the other update tools. Only small organizations without an update tool will probably configure the service through a web interface provided by Microsoft.
I admit this is all mere speculation because Microsoft didn’t provide any new information after the announcement. However, anything else doesn’t really make sense. Provided that Microsoft already has well-established update tools, new software that has to be installed on premises would only increase the complexity and not solve the problems that admins face because of Microsoft’s new upgrade strategy.
What is already available ^
In fact, the distribution ring functionality of WUB is already available and partly integrated in Windows 10. If you applied for the Windows Insider Program, you can receive feature updates four months earlier than the Consumer Branch by selecting Get Insider builds.
If you select Defer Upgrades in the Windows Update Settings on a Windows 10 Professional, Windows 10 Enterprise, or Windows 10 Education machine, feature updates will be installed “a few months” later, according to the corresponding Group Policy. It appears that this puts the computer from the Current Branch to the Current Branch for Business. It is unclear exactly what the expression “a few months” means. Some sites talk about four months.
Funny is that when you click the Learn more link, your web browser will launch Bing and search for “Defer upgrades in Windows 10.” It seems even the developer didn’t really know what “Defer upgrades” actually means.
With the help of your patch management solution, you can further defer the installation of feature updates. However, if you don’t install a feature update within 12 months after its release for the Current Branch, you won’t receive any new updates—including security updates.
If you don’t want new feature updates to be installed, you have to deploy the Long-Term Servicing Branch (LTSB) edition of Windows 10. I compared an LTSB build with a common Windows 10 Enterprise edition, and a few updates were indeed missing. However, because Microsoft is a bit stingy with information about the updates, it is often not clear what features were actually added. These two updates appear to be upgrades that were not installed on the LTSB build of my test computer: KB3081438 and KB3081436.
Installed updates on Windows 10 Enterprise
Installed updates on Windows 10 Enterprise LTSB
By the way, another difference between Windows 10 Enterprise and Windows 10 Enterprise LTSB is that the latter lacks most of the pre-installed apps. For instance, no Edge and no Mail app are installed.
Windows 10 Enterprise LTSB lacks apps
What I conclude ^
Windows Update for Business will be a free cloud service that allows businesses to centrally control when they deploy feature updates (upgrades) and perhaps also to what machines. I doubt that WUB will replace WSUS or other patch management solutions. However, I wouldn’t rule out that Microsoft will also offer a cloud-based WSUS service in the future. When will WUB be available? My (wild) guess is not in 2015.