Keeping Current with Windows 10 Jon Anderson Senior Systems Consultant, Now Micro December 5 th, 2018
Device Lifecycle Company Hardware Reseller (Dell, HP, Lenovo, and more) OEM (Digital Signage, Kiosks, Appliances) Professional Services (Systems Management, Cloud Solutions, Automation)
Get Involved Join or Start your local user group Participate in forums Technet MyItForum Microsoft Tech Community Etc Get on Twitter Not just for celebrities and presidents Keep a Blog
Introduction Windows as a Service Quality Updates Feature Updates Windows Update for Business SCCM Automated Servicing In-Place Upgrade Task Sequence Agenda
A new way to build, deploy and service Windows Quality Updates A single cumulative update each month with no new features Security fixes, reliability fixes, bug fixes, etc. Supersedes the previous month s update Feature Updates Twice per year with new capabilities New features and innovation APIs and security capabilities Very reliable, with built-in rollback capabilities Simple deployment using in-place upgrade, driven by existing tools Try them out with Insider Preview
Y YY With Windows 7 and 8, servicing choices added complexity and cost, increased fragmentation, and reduced quality What customers are running What we are testing Typical Windows 7 PC: Selectively Patched Windows 7 Test Lab PC: Fully Patched
Quality Updates (QU): Express with QUs Express Update Files Couple challenges: Full Update Delta+Full Update
Update Size to DPs/WSUS Update Size to PC Download Comparison: Full LCU vs. Express vs. New Model Currently Supported Quality Update types Quality Update for 1809 Currently Supported Quality Update types Quality Update for 1809 Express Update Full Update Delta+Full Update Full Update Delta Update Express Update** **Express update size as depicted is the best-case scenario with the assumption that the device stays up-to-date each month.
How to get started Available in the 1809 Supported with WSUS and ConfigMgr Supported for OEMs/ODMs Extra reading material https://techcommunity.microsoft.com/t5/windows- IT-Pro-Blog/What-s-next-for-Windows-10-and- Windows-Server-quality-updates/bap/229461#M207
A new way to build, deploy and service Windows Quality Updates A single cumulative update each month with no new features Security fixes, reliability fixes, bug fixes, etc. Supersedes the previous month s update Feature Updates Twice per year with new capabilities New features and innovation APIs and security capabilities Very reliable, with built-in rollback capabilities Simple deployment using in-place upgrade, driven by existing tools Try them out with Insider Preview
NUMBER OF DEVICES Windows Insider Preview Semi-Annual Channel Long Term Servicing Channel Early visibility to new innovation, features and functionality via continuous feature updates IT, developers, selected business owners Information workers General population Benefits from new features, monthly quality updates Specialized systems Key attribute of usage scenario: Feature and Functionality Never Changes, receives monthly quality updates System solution based on SW and HW considerations STAGE
Capabilities Recommended Enterprise use scenario Latest features as they are released Support for new hardware & silicon 1 st party browsing choices Semi-Annual Channel General information worker systems; salesforce, etc. Microsoft Edge, IE 11 Long Term Servicing Channel Special systems: Air Traffic Control; MRI, etc. IE 11 Support for Office Pro Plus Support for Surface hardware Support for Win 32 Office & ability to load universal apps Ongoing security updates for the lifetime of the channel version 10 years of servicing support
Continual improvements: New features twice per year, adding value and improving productivity Windows XP Windows 7 Windows 10 Disruption Improvements Minimized end-user disruption by having less change with each release
151 1 160 7 170 3 170 9 180 3 1809 Windows 10 gets Better with each Release With enhanced security, more tools for IT and end user productivity features Mobile Device Management AAD Join Windows Store for Business Windows Update for Business Mail, Calendar, Photos, Maps, Groove, Skype + Windows Defender Antivirus Windows Hello Microsoft Edge Device Guard Credential Guard BitLocker SmartScreen Windows as a service In-place upgrades Continuum Cortana Windows 10 core Windows Information Protection Windows Hello for Business Windows Analytics Upgrade Readiness App-V, UE-V Hybrid Azure Active Directory Join Windows Ink + Mobile Device Management AAD Join Windows Store for Business Windows Update for Business Mail, Calendar, Photos, Maps, Groove, Skype Windows Defender Antivirus Windows Hello Microsoft Edge Device Guard Credential Guard BitLocker SmartScreen Windows as a service In-place upgrades Continuum Cortana Windows 10 core Windows Autopilot Windows Defender ATP Windows Defender Security Center Express update delivery Hyper-V Windows 10 Subscription Activation Windows Insider Program for Business Paint 3D Cortana at work Night light, mini view + Windows Information Protection Windows Hello for Business Windows Analytics Upgrade Readiness App-V, UE-V Hybrid Azure Active Directory Join Windows Ink Mobile Device Management AAD Join Windows Store for Business Windows Update for Business Mail, Calendar, Photos, Maps, Groove, Skype Windows Defender Antivirus Windows Hello Microsoft Edge Device Guard Credential Guard BitLocker SmartScreen Windows as a service In-place upgrades Continuum Cortana Windows 10 core Windows Defender Exploit Guard, System Guard, Application Guard, Application Control Mobile Device Management Windows Analytics Update Compliance Windows Analytics Device Health Co-management Enterprise search in Windows Continue on PC OneDrive Files On-Demand Narrator Mixed Reality Viewer + Windows Autopilot Windows Defender ATP Windows Defender Security Center Express update delivery Hyper-V Windows 10 Subscription Activation Windows Insider Program for Business Paint 3D Cortana at work Night light, mini view Windows Information Protection Windows Hello for Business Windows Analytics Upgrade Readiness App-V, UE-V Hybrid Azure Active Directory Join Windows Ink Mobile Device Management AAD Join Windows Store for Business Windows Update for Business Mail, Calendar, Photos, Maps, Groove, Skype Windows Defender Antivirus Windows Hello Microsoft Edge Device Guard Credential Guard BitLocker SmartScreen Windows as a service In-place upgrades Continuum Cortana Windows 10 core Windows Analytics Spectre & Meltdown, Delivery Optimization, Application Reliability Logon Health WDATP Automated Remediation Conditional Access based on WDATP device risk Threat Analytics Emergency Outbreak Updates Advanced hunting Cloud Credential Guard Diagnostic data viewer Windows Autopilot enrollment status page Windows 10 Enterprise in S mode Shared Windows Devices Nearby Sharing Dictation Timeline + Windows Defender Exploit Guard, System Guard, Application Guard, Application Control Mobile Device Management Windows Analytics Update Compliance Windows Analytics Device Health Co-management Enterprise search in Windows Continue on PC OneDrive Files On-Demand Narrator Mixed Reality Viewer Windows Autopilot Windows Defender ATP Windows Defender Security Center Express update delivery Hyper-V Windows 10 Subscription Activation Windows Insider Program for Business Paint 3D Cortana at work Night light, mini view Windows Information Protection Windows Hello for Business Windows Analytics Upgrade Readiness App-V, UE-V Hybrid Azure Active Directory Join Windows Ink Mobile Device Management AAD Join Windows Store for Business Windows Update for Business Mail, Calendar, Photos, Maps, Groove, Skype Windows Defender Antivirus Windows Hello Microsoft Edge Device Guard Credential Guard BitLocker SmartScreen Windows as a service In-place upgrades Continuum Cortana Windows 10 core Windows Defender ATP new attack surface area reduction controls Investigation and remediation across Office 365 ATP and Windows Defender ATP Web Authentication in Microsoft Edge Windows Hello with FIDO 2.0 30 months of support for September releases Windows Autopilot Self-deploying mode Windows Autopilot Hybrid Azure AD join S Mode Block Switch Microsoft Edge kiosk mode Desktop Analytics (Preview) Intelligent Pilot Selection and ConfigMgr Integration ReadyforMicrosoft365.com Microsoft Edge experience improvements Accessibility enhancements Access the clipboard across devices + Your Phone Windows Analytics Spectre & Meltdown, Delivery Optimization, Application Reliability Logon Health WDATP Automated Remediation Conditional Access based on WDATP device risk Threat Analytics Emergency Outbreak Updates Advanced hunting Cloud Credential Guard Diagnostic data viewer Windows Autopilot enrollment status page Windows 10 Enterprise in S mode Shared Windows Devices Nearby Sharing Dictation Timeline Windows Defender Exploit Guard, System Guard, Application Guard, Application Control Mobile Device Management Windows Analytics Update Compliance Windows Analytics Device Health Co-management Enterprise search in Windows Continue on PC OneDrive Files On-Demand Narrator Mixed Reality Viewer Windows Autopilot Windows Defender ATP Windows Defender Security Center Express update delivery Hyper-V Windows 10 Subscription Activation Windows Insider Program for Business Paint 3D Cortana at work Night light, mini view Windows Information Protection Windows Hello for Business Windows Analytics Upgrade Readiness App-V, UE-V Hybrid Azure Active Directory Join Windows Ink Mobile Device Management AAD Join Windows Store for Business Windows Update for Business Mail, Calendar, Photos, Maps, Groove, Skype Windows Defender Antivirus Windows Hello Microsoft Edge Device Guard Credential Guard BitLocker SmartScreen Windows as a service In-place upgrades Continuum Cortana Windows 10 core
CAPABILITY Staying Secure with Agile Servicing Attackers take advantage of periods between releases PROTECTION GAP Stay ahead of the attackers with continual software improvements TIME PRODUCT RELEASE THREAT SOPHISTICATION
It s not just Windows
W10 Servicing Timeline (Semi-Annual Channel) 2017 2018 2019 2020 2021 2022 2023 Windows 10 1607 18 months 12 months Windows 10 1703 6 months 18 months 12 months Windows 10 1709 6 months 18 months 12 months Windows 10 1803 6 months 18 months 12 months Windows 10 1809 6 months 18 months 12 months Windows 10 1903 6 months 18 months Windows Insider Program Additional Servicing (ENT/EDU Only) Windows 10 1909 6 months 18 months 12 months
Deploy and Use Plan and Prepare Targeted Pilot Validation IT/Developer Canary Self Select Sample Production *Conceptual illustration only
Ready for Windows Get links to Windows 10 ISV support statements Get usage information for every app version, and use that to target testing http://www.readyforwindows.com We are actively engaged with ISVs, to ensure full support for Windows as a service
Windows Analytics A suite of tools to reduce deployment and support costs Upgrade Readiness Update Compliance Device Health* Plan upgrades by identifying devices that are ready and identify and resolve top app/driver compatibility blockers Ensure update and antimalware compliance with timely reports for all your devices (even those on the road) Reduce support costs by proactively identifying and remediating top end-user impacting issues *Only available with Windows 10 Enterprise edition
Optimizing bandwidth usage Challenges Payload Packaging Diff technology Caching - Shift network traffic to edges Distributed Caching Peer to Peer (DO) Centralized Caching WSUS ConfigMgr DPs Downloaders (BITS, DO) Optimize the Network Networking Layer (LEDBAT)
LEDBAT: Low Extra Delay Background Transport
LEDBAT: How to get started https://blogs.technet.microsoft.com/netwo rking/2016/07/18/announcing-newtransport-advancements-in-theanniversary-update-for-windows-10-andwindows-server-2016/
Updates up to 63% faster by reducing the amount of time your device is offline Downlevel Compat Checks Gather Operations Mount/extract SafeOS Apply NewOS User settings and data migration occurs Run offline sysprep specialize plugins Run offline migration plugins Reboot SafeOS (WinRE) Prepare new boot environment Reboot First Boot OOBE Boot Run sysprep specialize plugins Run remaining provider operations Run migration plugins User settings and data migration Configure/install devices Provisioning migration Reboot Online Offline Moved Online OOBE Login FISA screens (Enterprise) APPX registration Desktop
Progress over Win10 Releases 90 80 Pre 1703, 82.24 mins 70 60 50th Percentile 51.7 mins 50 40 50th Percentile 33.7 mins 30 50th Percentile 30.2 mins 20 10 0 Fastest, 3.05 mins Fastest, 2.44 mins 1703 1709 1803 1809
0xC1900101 0x30018
How to get started & Future Plans https://docs.microsoft.com/enus/windows/deployment/upgrade/setupdiag
Windows Update for Business
Servicing from the cloud Built on top of Windows Update for global scale Implemented through additional policies configurable via Group Policy, Intune (or other MDM services), Configuration Manager Controls for deferring feature updates, quality updates Active Hours to specify when users are likely away Windows Analytics for compliance reporting
Use Microsoft defined folder structure for adding enterprise scripts Scripts in run folder gets migrated every update Preinstall scripts will be synchronously executed before setup starts Precommit scripts will be synchronously executed before setup commits/finalize Post OOBE switch to run scripts after install Here is a sample listing of the files and directories Run (Migrate) C:\Windows\System32\update\run\GUID\preinstall.cmd C:\Windows\System32\update\run\GUID\precommit.cmd C:\Windows\System32\update\run\GUID\failure.cmd C:\Windows\System32\update\run\GUID\reflectdrivers\foo.inf C:\Windows\System32\update\run\GUID\reflectdrivers\foo.sys Run Once (Do not migrate) C:\Windows\System32\update\runonce\GUID\preinstall.cmd C:\Windows\System32\update\runonce\GUID\precommit.cmd C:\Windows\System32\update\runonce\GUID\failure.cmd C:\Windows\System32\update\runonce\GUID\reflectdrivers\bar.inf C:\Windows\System32\update\runonce\GUID\reflectdrivers\bar.sys
Demo
Windows 10 Servicing with SCCM
System Center Configuration Manager Servicing Plans Best support in System Center Configuration Manager Current Branch 1602+ Requires WSUS 4.0 (Windows Server 2012 or above) with KB3095113 Existing versions (2012, 2012 R2), as well as SCCM Current Branch, can still use task sequences to perform Windows 10 upgrades (much easier in SCCM Current Branch)
Windows 10 Servicing with SCCM Windows 10 Servicing Node Automated process Additional network bandwidth management options Reporting In-Place Upgrade Task Sequence Offers the most control over the process Customization Scheduling and deployment Reporting
Demo
Questions? Jon Anderson Senior Systems Consultant, Now Micro December 5 th, 2018
Thank you for attending Keeping Current with Windows 10 Jon Anderson Senior Systems Consultant, Now Micro December 5 th, 2018