List

Patch management is more important than ever and sometimes you might end up with questions like “what is the difference between CB and CBB – and how many days should I defer?”

Together with questions like “what is the current best practice for DHCP servers” (which have changed twice the last ten years) you might stumble upon the update regime for Windows.
Those questions arise around people who still have the mindset of the traditional on-prem AD, Windows 7 and SCCM patch management. Let me tell you, Windows as a Service (WaaS) is something completely different.

Windows as a Service

As a general guideline, it is recommended that business customers follow the Current Branch for Business in favor of the consumer- oriented Current Branch. This way, all patches, security updates and feture upgrades are tested on a broader audience before hitting your organization a few weeks or months later. However, it is also recommended not to defer updates (set to 0 days). This will allow the business users to defer from some of the bugs that might occur in the earlier versions of a build or patch, but still get the zero- day hotfixes.

When Microsoft describes Windows as a Service, Windows servicing model is usually illustrated as having thousands of internal testers, before millions of Windows Insiders receive the same insight. The CB and hundreds of millions og users then gets the latest updates. Current Branch for Business will then wait for in-the-field feedback and experiences before shipping the same updates to CBB, ensuring high quality of service and stability to the business users (figure 1).

Figure 1 – 4/25/2017. Windows as a Service – rings. Picture illustraton: Microsoft

How?

For business customers who utilize Microsoft Intune, this might be configured with ease in the Azure portal

  • Navigate to http://portal.azure.com and log in to the tenant where the policy should be applied
  • Search for Microsoft Intune under “more services
  • In Microsoft Intune, select “Software updates“, this will open the “Software updates – Windows 10 Update Rings” pane
  • In the “Software updates – Windows 10 Update Rings” pane, click “Windows 10 Update Rings“, click “Create
  • Enter a name, and preferably a description before you click “Configure
  • Select CBB as Servicing branch, and edit the rest of the configuration settings acording to your flavor. Click OK
  • Click Create
  • When created, click “Assignments” and assign to “App deploy” by clicking “Select groups“, select the desired group and click Save

More info

Like mentioned above, please leave the deferral period to zero days, this way you will get the best of both worlds as most patches and updates are tested in-depth by millions of CB users before your organization hits the fan and issues gets spread all over. Microsoft have some resources that might be worth digging into – personally I find this one helpful when talking to peers and customers and one line is worth copy-paste:

Organizations are expected to initiate targeted deployment on Semi-Annual Channel releases, while after about 4 months, we will announce broad deployment readiness, indicating that Microsoft, independent software vendors (ISVs), partners, and customers believe that the release is ready for broad deployment. Each feature update release will be supported and updated for 18 months from the time of its release

Microsoft WaaS blog

Thank you!

  • Alex

Leave a Reply

  Posts

1 2 3 4 5
May 22nd, 2016

Meet Andy, Wally and Marius and their take as MVP’s

Becoming and being a MVP is like nothing I’ve ever imagined. So why take my word for it?

February 17th, 2016

Surface Book released in major european markets

It’s a little more than four months since the Windows 10 device launch event in NYC witch revealed the Surface Book. By the 18th of february the populear device is shipped in several major european countries.

February 5th, 2016

Guide: Windows Hello with two accounts

Any ITpro in the industry is used to a high number of user accounts, either it is admin- user, limited rights or ad-hoc user accounts.

February 5th, 2016

Download slide deck: Surface Pro&Book explained

For those of you who enjoyed our session Surface Pro&Book explained, or for some reason could not join the session […]

February 4th, 2016

A guide for Surface Data Eraser

Either it’s Repair, repurpose or decomission – secure wipe of your device should allways be a part of your device management lifecycle

February 1st, 2016

Microsoft Surface Deployment Accelerator now supporting Windows 10

A new version of Microsoft Surface Deployment Accelerator is now released from Microsoft. Version 1.9 now supports Window 10

January 1st, 2016

Congratulations 2016 Microsoft MVP!

Congratulations, you’re an Windows and Devices for IT MVP

November 30th, 2015

Interview: Ben Armstrong

What is distributed software engeneering, and what makes them work?
Of course, one may argue that the right toolset – witch is the mind – is all you need to get a good product. But don’t forget the leader!

October 18th, 2015

Speaking at TechDays Stockholm – Microsoft Surface is Commitment, Excellence, Intelligence and Focus

TechDays is a must-attend-to for every ITpro who works with Microsoft’s products, platforms and solutions. The theme of TechDays 2015 is […]

March 26th, 2015

New firmware for Surface – Disable components in UEFI

It’s not often I write about newly released firmwares for the Surface platforms, However, todays release is somewhat special.