Build deployment rings for Windows 10 updates
- Windows 10
- Windows 10 Mobile
Looking for consumer information? See Windows Update: FAQ
For Windows as a service, maintenance is ongoing and iterative. Deploying previous versions of Windows required organizations to build sets of users to roll out the changes in phases. Typically, these users ranged (in order) from the most adaptable and least risky to the least adaptable or riskiest. With Windows 10, a similar methodology exists, but construction of the groups is a little different.
Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows 10, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings.
Defining deployment rings is generally a one-time event (or at least infrequent), but IT should revisit these groups to ensure that the sequencing is still correct. Also, there are times in which client computers could move between different deployment rings when necessary.
Table 1 provides an example of the deployment rings you might use.
|Deployment ring||Servicing channel||Deferral for feature updates||Deferral for quality updates||Example|
|Preview||Windows Insider Program||None||None||A few machines to evaluate early builds prior to their arrival to the semi-annual channel|
|Targeted||Semi-annual channel (Targeted)||None||None||Select devices across various teams used to evaluate the major release prior to broad deployment|
|Broad||Semi-annual channel||120 days||7-14 days||Broadly deployed to most of the organization and monitored for feedback
Pause updates if there are critical issues
|Critical||Semi-annual channel||180 days||30 days||Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization|
In this example, there are no rings made up of the long-term servicing channel (LTSC). The LTSC servicing channel does not receive feature updates.
Windows Insider PCs must be enrolled manually on each device and serviced based on the Windows Insider level chosen in the Settings app on that particular PC. Feature update servicing for Windows Insider devices is done completely through Windows Update; no servicing tools can manage Windows Insider feature updates.
As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is completely customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense.
Steps to manage updates for Windows 10
- Update Windows 10 in the enterprise
- Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile
- Configure Delivery Optimization for Windows 10 updates
- Configure BranchCache for Windows 10 updates
- Configure Windows Update for Business
- Integrate Windows Update for Business with management solutions
- Walkthrough: use Group Policy to configure Windows Update for Business
- Walkthrough: use Intune to configure Windows Update for Business
- Manage device restarts after updates