Monday, May 30, 2016

Defer Windows 10 upgrades in Group Policy and ConfigMgr Current Branch

With Windows 10 in enterprises, it's recommended to devide systems between Current Branch (CB) and Current Branch for Business (CCB). Where few systems will be in CB for testing new functionalities, most systems will be in CBB probably. Difference is a 4 months delay for new Windows 10 builds, which can be extended for another 8 months to have a 12 months delay in total. After 1 year you're out of support, and no security updates will be offered anymore.
To divide systems between CB and CBB, Group Policy and/or ConfigMgr can be used. Within the new group policy templates, the following settings is available: Defer Upgrades and Updates
When this policy is enabled and linked, a 4 months delay is the result. This can be extended for another 8 months on upgrades and 4 weeks on updates. You can pause upgrades and updates too. Nothing wrong with that.

When using ConfigMgr Current Branch things get a bit different. Now you have a Windows 10 Servicing dashboard and CB is called Release Ready (RR). CBB is called Business Ready (BR) here. Why using different terms here is not handy and not logical to me. It's also not easy to move systems from RR to BR. Therefore lot's of prerequisites must be in place.
When looking on: Manage Windows as a service using System Center Configuration Manager you will see the prerequisites:
- Windows 10 computers must use ConfigMgr software updates with WSUS for software update management
- WSUS 4.0 with KB3095113 must be installed on your software update points and site servers
-Enable Heartbeat Discovery (7 days by default)

-The service connection point must be installed and configured for Online, persistent connection mode to see data on the Windows 10 servicing dashboard
-Specify the group policy setting, Defer Upgrades and Updates, to determine whether a computer is CB or CBB
-IE9 or later must be installed on the computer that runs the Configuration Manager console
-Software updates must be configured and synchronized

Strange thing is however, you need to configure group policy and a servicing plan too. Here you can choose between CB or CBB and there's a delay of 120 days possible. This is around 4 months, and not the same as the 8 months which can be configured in group policy. Why the difference here, on days instead of months?

On Manage Windows as a service using System Center Configuration Manager you will see the following on that: "How many days after Microsoft has published a new upgrade would you like to wait before deploying in your environment". Maybe I want to wait 12 months, how to configure that? Hope that someone or Microsoft can clarify something on that.

For now I see most environments with systems in CB/RR without the possibility to move them to CBB/BR easily.

Request: Besides of that I want to click on the dashboard, to see which systems has which build installed and which ring is configured. That will has benefit above off the value displayed.

Will be continued..

No comments:

Post a Comment