FAQ: How Microsoft will update Windows 10

It's a complicated process, different than past decades, but offers more options for some customers

1 2 Page 2
Page 2 of 2

Microsoft may not have spelled it out yet, but assume that patches will be automatically downloaded and applied to CB-managed devices immediately, not every four months as will be feature updates. It's unclear whether Current Branch for Business devices will receive them simultaneously through Windows Update for Business -- again, Microsoft has made much of how consumers will be the test group -- but it would be very odd if they were not.

Also unknown: The impact, if any, of the rings in the CB and CBB on patch delivery.

The danger of artificially delaying security updates to fit the constraints of a Current Branch or Current Branch for Business schedule, or even a "fast" or "slow" ring, is that some will get fixes before others. Cyber criminals typically start examining a patch as soon as they get their hands on it, hoping to uncover the underlying vulnerability, then craft a workable exploit. That would let them probe for unpatched systems, say those on the four-month-delayed CBB, as they sniff for potential victims.

That's not terribly different from the situation now: Enterprises often take months to apply a patch. What would be different is if a fix was not available to everyone at the same time.

We'd be very surprised if Microsoft did not simply let each patch loose, available to all at the same time. But you can never be sure.... Microsoft has done stranger things.

I manage hundreds of Windows devices, all running Windows 7 Enterprise. What do I get? Depends. If your organization pays for Software Assurance (SA), the annuity-like plan that gives the company OS upgrade rights, as well as a host of other benefits, you'll be able to use the third track, Long-term Service Branch (LTSB), when you eventually migrate to Windows 10.

LTSB is designed to lock down devices. During an April webinar for partners, a Microsoft product manager said LTSB would be "very similar to Windows 7" in that security and other bug fixes would reach devices, but that those systems would not receive the feature/functionality/UI/UX changes for Windows 10.

So far, LTSB is the only branch that Microsoft has explicitly guaranteed will receive support for the usual decade, five in "Mainstream" support, the following five in "Extended" support.

Every two to three years, Microsoft will create another LTSB build, integrating some or all of the feature changes released to CB and CBB in the intervening time, then offer that to customers. They will have the option to move to that build -- it won't be mandatory -- and have the ability to skip at least one build, passing on LTSB 2 (or whatever Microsoft names it) then years later adopting LSTB 3 with an in-place upgrade.

LTSB seems too old-school for most of our devices. What other choices do we have? Devices running Windows 10 Pro, Windows 10 Education or Windows 10 Enterprise can be on the Current Branch for Business, meaning that corporations running Windows 10 Enterprise have the most choices: CB, CBB and LTSB.

Any device on CBB can -- as outlined earlier -- take updates via Windows Update for Business within the first four months of them being approved by Microsoft.

Alternately, if your organization prefers to use the traditional Windows Server Update Service (WSUS) -- or other patch/update management tools like Microsoft's own System Center and Enterprise Mobility Suite -- to process updates internally, you'll have an option not available to CBB devices served by WUB.

Microsoft will allow CBB devices to postpone any given build by up to eight months after said build was declared "business ready" if, and only if, WSUS is employed.

"If customers are using their infrastructure to deploy feature updates, they actually have a total of eight months to validate and deploy that feature set after it's been declared business ready," Helen Harmetz, a Microsoft senior product marketing manager, said during an April webinar with reseller partners.

So, with CBB, businesses running WSUS can postpone an update for up to 12 months after it was handed out to consumers: the four used by CB plus an additional eight.

Can I skip a CBB build? No.

While you can delay a build reaching devices, eventually you'll have to take it or Microsoft will shut you off from the vulnerability patch spigot.

Copyright © 2015 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon