Build deployment rings for Windows 10 updates

Applies to

  • Windows 10
  • Windows 10 Mobile

Looking for consumer information? See Windows Update: FAQ

For Windows as a service, maintenance is ongoing and iterative. Deploying previous versions of Windows required organizations to build sets of users to roll out the changes in phases. Typically, these users ranged (in order) from the most adaptable and least risky to the least adaptable or riskiest. With Windows 10, a similar methodology exists, but construction of the groups is a little different.

Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows 10, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings.

Defining deployment rings is generally a one-time event (or at least infrequent), but IT should revisit these groups to ensure that the sequencing is still correct. Also, there are times in which client computers could move between different deployment rings when necessary.

Table 1 provides an example of the deployment rings you might use.

Table 1

Deployment ring Servicing channel Deferral for feature updates Deferral for quality updates Example
Preview Windows Insider Program None None A few machines to evaluate early builds prior to their arrival to the semi-annual channel
Targeted Semi-annual channel (Targeted) None None Select devices across various teams used to evaluate the major release prior to broad deployment
Broad Semi-annual channel 120 days 7-14 days Broadly deployed to most of the organization and monitored for feedback
Pause updates if there are critical issues
Critical Semi-annual channel 180 days 30 days Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization


In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC servicing channel does not receive feature updates.

Windows Insider PCs must be enrolled manually on each device and serviced based on the Windows Insider level chosen in the Settings app on that particular PC. Feature update servicing for Windows Insider devices is done completely through Windows Update; no servicing tools can manage Windows Insider feature updates.

As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is completely customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense.

Steps to manage updates for Windows 10

done Learn about updates and servicing channels
done Prepare servicing strategy for Windows 10 updates
done Build deployment rings for Windows 10 updates (this topic)
to do Assign devices to servicing channels for Windows 10 updates
to do Optimize update delivery for Windows 10 updates
to do Deploy updates using Windows Update for Business
or Deploy Windows 10 updates using Windows Server Update Services
or Deploy Windows 10 updates using System Center Configuration Manager