[Originally published 21 July 2016; revised 18 January 2017 to clarify frequency and scope of the monthly quality updates]
Starting with Windows 10, Microsoft changed their delivery model for operating system updates. Over the last several months, I’ve received a lot of questions about how ZENworks Patch Management handles “Windows 10 updates.” In response to these questions, here's a short review of Microsoft's new delivery model and how ZENworks supports this model.
Review of Microsoft’s New Update Delivery Model
Microsoft has moved to two types of Windows OS update releases: quality updates and feature updates.
Quality updates are the traditional security and reliability patches we've known over the years. The major change is that Microsoft will no longer release individual patches. Instead, once a month they will release one cumulative update (referred to as the Monthly Rollup) that includes all security and reliability fixes for the Windows OS and supersedes the previous month's update. They release one Monthly Rollup for each active 32-bit and 64-bit Windows 10 version (1511, 1607, etc.). For example, the December 2017 releases were:
Cumulative Update for Windows 10 Version 1607 (KB3201845)
Cumulative Update for Windows 10 Version 1607 x64 (KB3201845)
Cumulative Update for Windows 10 Version 1511 (KB3205386)
Cumulative Update for Windows 10 Version 1511 x64 (KB3205386)
Microsoft is also adopting a similar quality updates model for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Click here to read more about that.
Feature updates add new or enhanced functionality and features. They are intended to reduce the long periods of time between major versions (for example, Windows 8 to Windows 10) but are still essentially an in-place replacement of the entire operating system. Microsoft will release feature updates two to three times per year. Examples of feature updates are the Windows 10 Version 1511 release and the Windows 10 Version 1607 (Anniversary Update) release.
How ZENworks Handles Updates
ZENworks continues to provide the ability to apply both quality updates and feature updates for Windows 10.
Quality updates: Windows 10 quality updates are included in the ZENworks Patch Management content feed and are deployed as normal. You should see no change in applying these security and reliability updates. However, as mentioned above, Microsoft has changed the packaging of the updates from individual patches to a single cumulative monthly update.
Feature updates: Windows 10 feature updates, because of their large file size and installation mechanism, are NOTincluded in the ZENworks Patch Management content feed. However, you can obtain feature updates through your normal Windows OS distribution source and then use ZENworks Patch Management to 1) track which devices have the feature update and 2) distribute the updates to devices. To help with this, I’ve provided details in another article: Deploying Windows 10 Feature Updates via ZENworks Patch Management.
What About Windows 10 Service Branches?
As part of the Windows 10 release, Microsoft also introduced the concept of servicing branches: the Current Branch (CB), the Current Branch for Business (CBB), and the Long-Term Service Branch (LTSB).
These branches basically refer to when a machine receives updates:
Current Branch (CB): Machines configured for the Current Branch service receive both quality and feature updates immediately upon release. This is the common service branch for home machines.
Current Branch for Business (CBB): Machines configured for the Current Branch of Business service receive quality updates immediately upon release and feature updates about 4 months after the release. These are the same quality and feature releases received by machines configured for the Current Branch. In fact, the CBB service is really just a special configuration state of the CB service; a machine is configured for CBB by enabling the Defer Updates and Upgrades flag, either through a Group Policy or manually on the machine. CBB is the common service branch for corporate machines because it allows organizations to test feature updates in a controlled environment before they become available in the production environment.
Long-Term Service Branch (LTSB): Windows 10 LTSB is a completely separate OS release from the ones included in the CB and CBB. Machines configured for the Long-Term Service Branch receive quality updates immediately but never receive feature updates. This is the common service branch for machines that control medical equipment, point-of-sale systems, and ATMs.
Here are the main points to recognize with regards to branches:
Current Branch (CB) and Current Branch for Business (CBB) use the same quality updates. Quality updates for all branches are delivered via the ZENworks Patch Management content feed.
Windows 10 feature updates (versions) will reach end-of-life much sooner than in the past and there is a finite period of time during which quality updates will continue to be released for non-current versions. You should deploy feature updates regularly (see Deploying Windows 10 Feature Updates via ZENworks Patch Management) to continue receiving quality updates for Windows 10.
In terms of updating and applying patches via ZENworks Patch Management, there is no difference between the Windows 10 Enterprise and Windows 10 Pro. The update delivery model is the same (feature and quality updates) and we can deploy feature updates for both (see the referenced article) as well as the monthly quality updates.
In terms of differences in the two editions, Enterprise has a few more features that are designed to increase ease of initial deployment and overall security. Microsoft has a good comparison chart here: www.microsoft.com/.../Compare