Microsoft Tweaks Windows Update Packages to Provide Organizations More Flexibility

In this era of Windows as a Service (WaaS) the pace of updates is relentless and organizations must adapt and figure out the best way to approach not only the major features updates but also the monthly fixes that are issued over Windows Update and other channels for enterprise customers.

Windows 10 introduced a new concept of cumulative updates that meant only one batch of updates needed to be downloaded for a fresh system install to be completely up to date. If you have ever installed Windows 7 clean and then ran the update process you know how frustratingly slow that update process is because everything that has been released since Service Pack 1 was released in February 2011. 

Microsoft addressed this last year when they brought Windows 7, 8.1, and server versions of Windows into the world of cumulative updates and that is slowly starting to address that long term issue.

Windows 7 has just less than three years of extended life cycle support left, it expires in January 2020, so many organizations have begun the migration to Windows 10 or are looking at it very closely for a future move for their organization.

Cumulative Updates for Windows 10 contain both security and non-security fixes in the same package. That means if a package of updates contains just one security related fix then the entire package is labeled as a security update. That is also how they are identified in System Center Configuration Manager (SCCM) and Windows Server Update Services (WSUS).

Well today Microsoft's Michael Niehaus has announced over on the Windows for IT Pros blog that the company is now going to provide monthly non-security updates out into their own cumulative update packages prior to the monthly release of cumulative updates.

According to Neihaus, it is customer feedback that has driven this decision.

"Based on feedback from customers, we are making some adjustments to the updates that we are releasing for Windows 10 version 1703 (also known as the “Creators Update”). With these changes, we will routinely offer one (or sometimes more than one) additional update each month. These additional cumulative updates will contain only new non-security updates, so they will be considered “Updates” in WSUS and Configuration Manager."

He does add that on occasion some non-security patches that address critical issues would be labeled as Critical Updates to help organizations identify them among the routine non-security updates.

The entire idea with this change is to offer IT Pros and administrators more flexibility when choosing what updates to deploy across their end points and when that should happen.

-- Deploy each of them just like the updates on “Update Tuesday.” This enables the organization’s PCs to get the latest fixes more quickly.

-- Deploy each of them to a subset of devices. This enables the organization to ensure that these new non-security fixes work well, prior to those same fixes being included in the next “Update Tuesday” cumulative update which will be deployed throughout the organization.

-- Selectively deploy them, based on whether they address specific issues affecting the organization, ahead of the next “Update Tuesday” cumulative update.

-- Don’t deploy them at all. There is no harm in doing this since the same fixes will be included in the “Update Tuesday” cumulative update (along with all the new security fixes).

This entire change is good on two fronts.

First, it shows that Microsoft is listening and willing to bring the best possible options to customers so updates are easier to manage in their networks.

Second, WaaS is a constantly evolving process and over time should become more reliable and provide the best possible options that also provide greater flexibility to the customer to stay up to date.

----------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!