Sep 12 2019

4 Ways to Manage the Faster Updates in Windows 10

Keep Windows 10 devices up to date with these notable best practices.

To keep citizen and constituent services running smoothly, government agencies that use Windows 10 will need to ensure that enabled devices are consistently up to date.

Windows 10, delivered as a service, features monthly quality updates and biannual feature updates that are not voluntary. The new delivery model can cause challenges during and after migration if IT staff aren’t prepared. The twice-yearly updates, in spring and fall, are only supported for 18 and 30 months, respectively.

Here are ways to handle the new cadence.

1. Choose a Windows Update Servicing Tool

Windows Update for Business (WUfB) is configured in Group Policy. Users can receive updates as they are publicly released or wait for the twice-yearly cadence, the Semi-Annual Channel (SAC). Feature updates can be delayed for up to a year.

For more control, use Windows Server Update Services (WSUS) or System Center Configuration Manager (SCCM). WUfB pulls updates from Microsoft’s online update servers or neighboring devices; WSUS uses a local repository.

MORE FROM STATETECH: Find out how a Windows 10 migration boosts agencies' cybersecurity.

2. Create Deployment Rings to Test Updates

Test updates on a limited group of computers before rolling them out to all devices. Some devices might update on the SAC as soon as a monthly update is released, and others might use the SAC to test updates before wider distribution. Use WUfB settings or SCCM to create deployment rings. Each Group Policy object can contain unique WUfB settings, which are applied to a given ring. SCCM collections can target devices with specific updates.

3. Test Critical Apps in Advance

Applications should be tested before a feature update is installed. New features and other changes can break applications, so develop a test for each app to ensure critical functionality isn’t affected.

Agencies can join the Windows Insider Program to get advance access to builds in active development. The Security Update Validation Program provides access to updates three weeks before release. 

MORE FROM STATETECH: Find out how Microsoft 365 can help government agencies achieve digital transformation.

4. Use New Tech to Roll Out Windows 10

Consider modern deployment options, such as mobile device management and Windows Autopilot, which makes use of the image installed by the vendor but can be configured with additional software and settings using MDM. Deployments can be cloud- or IT-driven, letting agencies use Windows Configuration Designer to create provisioning packages that can be deployed locally. 

kutaytanir/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.