To keep citizen and constituent services running smoothly, government agencies that use Windows 10 will need to ensure that enabled devices are consistently up to date.
Windows 10, delivered as a service, features monthly quality updates and biannual feature updates that are not voluntary. The new delivery model can cause challenges during and after migration if IT staff aren’t prepared. The twice-yearly updates, in spring and fall, are only supported for 18 and 30 months, respectively.
Here are ways to handle the new cadence.
1. Choose a Windows Update Servicing Tool
Windows Update for Business (WUfB) is configured in Group Policy. Users can receive updates as they are publicly released or wait for the twice-yearly cadence, the Semi-Annual Channel (SAC). Feature updates can be delayed for up to a year.
For more control, use Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM). WUfB pulls updates from Microsoft’s online update servers or neighboring devices; WSUS uses a local repository.
2. Create Deployment Rings to Test Updates
Test updates on a limited group of computers before rolling them out to all devices. Some devices might update on the SAC as soon as a monthly update is released, and others might use the SAC to test updates before wider distribution. Use WUfB settings or SCCM to create deployment rings. Each Group Policy object can contain unique WUfB settings, which are applied to a given ring. SCCM collections can target devices with specific updates.
3. Test Critical Apps in Advance
Applications should be tested before a feature update is installed. New features and other changes can break applications, so develop a test for each app to ensure critical functionality isn’t affected.
Agencies can join the Windows Insider Program to get advance access to builds in active development. The Security Update Validation Program provides access to updates three weeks before release.
4. Use New Tech to Roll Out Windows 10
Consider modern deployment options, such as mobile device management and Windows Autopilot, which makes use of the image installed by the vendor but can be configured with additional software and settings using MDM. Deployments can be cloud- or IT-driven, letting agencies use Windows Configuration Designer to create provisioning packages that can be deployed locally.