Windows 10 Servicing: Or How I Learned to Stop Worrying and Love Windows 10.

How Windows 10 versions should be updated was something I had a ton of trouble understanding from an enterprise perspective. On one level as master of my own machine, I could install every new version when it was released. That would have been the original install in July 2015 (version number 1507), and upgrades in November 2015 (1511) , July 2016 (1607), and March 2017 (1703).

But then we started installing Windows 10 in our user environment. We gave those machines to our Executives, on Surface Pros. Suddenly it became more important to figure out how we were going to upgrade machines when versions of Windows 10 became end of life. Oh yes, versions of Windows 10 become end of life, and after that they won’t be getting any further security updates. No pressure right?

Check with Microsoft?

Microsoft has a lot of information out there on how the different “rings” and “branches” work on their website. Feel free to search for it and take a look. However, when I was done I was still confused how it all worked together and what the different branches of Windows 10 even meant.

Eureka!

The real answer of what to do with Windows 10 servicing came when I officially comprehended (at the Midwest Management Summit of all places) that each of these “Branches” of Windows 10, is really the same version, just at a different place in its support lifespan! No wonder I couldn’t find the Current Branch for Business release anywhere on the Volume Licensing site. Suddenly thinking about how to do Windows 10 Servicing with ConfigMgr became much easier

Background on Windows 10 Branches

Each Windows 10 release has 18 months from street date to end of life. During that time the releases go through different “branches” or their life.

As of today, Windows 10 has four different branches. They are:

1. Preview Release: This is not part of the 18 months of Street Date to EOL. Microsoft would love for you to install this on one or two machines so they can be assured that it’s working correctly. Only ever put it on a machine that is not critical, and can be completely reimaged if necessary.
2. Current Branch: This is what Windows 10 is considered immediately after it is released, and it remains until the day Microsoft removes it from support.
3. Current Branch for Business: After Current Branch has been released for approximately three months or so, Microsoft considers that it is ready for Enterprise customers, and adds the version to what is called Current Branch for Business. There will always be two releases of Windows 10 that are considered Current Branch for Business, and it is possible that there will be three at some times.
4. Long Term Servicing Branch: This branch is for very specific machines, and Microsoft recommends that it is only used for very specific needs. In this branch, the actual features of the OS will never change. Microsoft will provide security updates, but that is the extent of the support. Don’t use this in a real world environment unless you know you need it. Don’t do it. Someone will want to bring a new machine into your environment in a couple of years and it won’t work, because it won’t support new features.

So the real question is how do all of these fit into an actual working user environment?

The User Environment

Here is a run down of how our environment stacks up with each of the releases.

1. I think one of our network guys runs the Preview Release of Windows 10 on one of his machines. Maybe. We largely ignore Preview Releases of Windows 10. Sorry Microsoft.
2. For our company we allow the infrastructure team to install Current Branch on their primary machine. They do not have access to the Service Desk for support (though they also generally do not need it.)
3. We are currently deploying Current Branch for Business to all of our machines that get Windows 10. That number is not very large right now. We moved to Windows 10 on all of our Surface Pros because of the ability to work with multiple resolutions was much more advanced than Windows 8.1. We are also testing a few users with Windows 10 so that we can try to get ahead of the 2020 deadline for the removal of Windows 7.
4. Long Term Servicing Branch doesn’t support our needs at all. We don’t use it. Unless you have mission critical machines that can’t/don’t ever need to change over the next 7 years, you shouldn’t be using it either.

Here’s an outline of how we are doing Windows 10 servicing in our user environment.

Servicing Plan for Windows 10

1. During Operating System Deployment (OSD), the newest version of Current Branch for Business will always be installed. (currently this is the 1607 version.)
2. Monthly patches will be provided through our “normal” monthly patching process.
3. When support expiration is announced for a specific version, two branches of CBB will become available in Software Center for users of the expiring version. (Example, when 1507 expiration is announced, the two active CBB versions (1511 and 1607) will be made available)
4. When support expiration is reached, if the user has not updated their computer they will be required to install the newest of the two CBB Branches. (Example, when 1507 expiration is reached, users will be required to update to 1607 rather than 1511, which is the older version.) Jumping them ahead a version should make it so the user will need to update the computer less frequently.

How we are making it happen

1. We will create device collections in ConfigMgr that include machines with each of the Windows versions. (Example: machines with 1507 Pro and Ent, 1511 Pro and Ent, 1607 Pro and Ent, 1703 Pro and Ent)
2. We will create upgrade task sequences in ConfigMgr for each Windows 10 version as they are released by Microsoft.
3. Those Upgrade task sequences will become available in Software Center for members of the Windows 10 device collections as versions become Current Branch for Business. Example: when 1703 becomes CBB, it will be an available update for members of the 1511 and 1607 device collections.
4. Task sequences will become required as branches reach End Of Life so that computers will not be unpatched in the environment. Example: When 1507 becomes EOL, the 1607 Upgrade Task Sequence will become a required install for computers in the 1507 device collection.

So that’s how I was able to get my head around the servicing of Windows 10 with ConfigMgr… hopefully this helps you think about it as well.