评估基础结构和工具Evaluate infrastructure and tools

在部署更新之前,最好评估部署基础结构 (即配置管理器、Microsoft Intune 或类似) 和当前配置 (例如安全基准、管理模板和影响更新) 的策略。Before you deploy an update, it's best to assess your deployment infrastructure (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). 然后,设置一些条件以定义操作准备情况。Then, set some criteria to define your operational readiness.

基础结构Infrastructure

部署工具是否需要更新?Do your deployment tools need updates?

  • 如果使用配置管理器,则在安装了最新版本的当前分支上是它。If you use Configuration Manager, is it on the Current Branch with the latest release installed. 在此分支上,可确保它支持下一个 Windows 10 功能更新。Being on this branch ensures that it supports the next Windows 10 feature update. 配置管理器版本支持18个月。Configuration Manager releases are supported for 18 months.
  • 使用基于云的管理工具(如 Microsoft Intune)减少了支持挑战,因为没有需要更新的相关产品。Using a cloud-based management tool like Microsoft Intune reduces support challenges, since no related products need to be updated.
  • 如果你使用的是非 Microsoft 工具,请检查其产品支持,确保你使用的是当前版本,并且它支持下一个 Windows 10 功能更新。If you use a non-Microsoft tool, check with its product support to make sure you're using the current version and that it supports the next Windows 10 feature update.

依赖于以前部署中的体验和数据,以帮助你判断基础结构更改需要多长时间并确定你在执行此操作时遇到的任何问题。Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered while doing so.

设备设置Device settings

安装新的 Windows 10 更新后,请确保你的安全基准、管理模板和策略具有支持设备的正确设置。Make sure your security baseline, administrative templates, and policies have the right settings to support your devices once the new Windows 10 update is installed.

安全基线Security baseline

使安全基线保持最新,以帮助确保你的环境安全,并且所推出的 Windows 10 更新中的新安全功能已正确设置。Keep security baselines current to help ensure that your environment is secure and that new security feature in the coming Windows 10 update are set properly.

  • Microsoft 安全基准:应从 microsoft 实施安全基准。Microsoft security baselines: You should implement security baselines from Microsoft. 它们包含在 安全合规性工具包中,以及用于管理它们的工具。They are included in the Security Compliance Toolkit, along with tools for managing them.
  • 特定于行业或区域的基线:特定的行业或地区可能具有您必须遵循每个法规的特定基准。Industry- or region-specific baselines: Your specific industry or region might have particular baselines that you must follow per regulations. 确保任何新的基线都支持你准备部署的 Windows 10 版本。Ensure that any new baselines support the version of Windows 10 you are about to deploy.

配置更新Configuration updates

有许多 Windows 策略 (由组策略、Intune 或其他方法设置,这些) 方法会影响 Windows 更新的安装时间、延迟、最终用户体验以及其他许多方面。There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. 检查这些策略以确保它们已正确设置。Check these policies to make sure they are set appropriately.

  • Windows 10 管理模板:每个 windows 10 功能更新都具有支持的管理模板 ( admx) 文件。Windows 10 Administrative templates: Each Windows 10 feature update has a supporting Administrative template (.admx) file. 组策略工具使用管理模板文件填充用户界面中的策略设置。Group Policy tools use Administrative template files to populate policy settings in the user interface. 模板在下载中心可用,例如,此模板适用于 Windows 10 版本 1909The templates are available in the Download Center, for example, this one for Windows 10, version 1909.
  • 适用于更新合规性和最终用户体验的策略:当设备安装更新时,无论用户在多长时间内延迟更新、在安装后重启行为以及更新行为的其他方面,都有一些设置影响。Policies for update compliance and end-user experience: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. 尤其重要的是查找已过期或可能与新策略冲突的现有策略。It's especially important to look for existing policies that are out of date or could conflict with new ones.

定义操作准备情况条件Define operational readiness criteria

部署更新后,你需要确保更新未引入新的操作问题。When you’ve deployed an update, you’ll need to make sure the update isn’t introducing new operational issues. 此外,您还可以确保在发生事件时,提供所需的文档和流程。And you’ll also ensure that if incidents arise, the needed documentation and processes are available. 与您的运营和支持团队协作,定义可接受的趋势以及需要更新的文档或流程:Work with your operations and support team to define acceptable trends and what documents or processes require updating:

  • 通话趋势:定义与 Windows 10 功能更新相关的调用的增加百分比,或者可以支持。Call trend: Define what percentage increase in calls relating to Windows 10 feature updates are acceptable or can be supported.
  • 事件趋势:定义要求与 Windows 10 相关的支持(可接受或受支持)的增加的通话百分比。Incident trend: Define what percentage of increase in calls asking for support relating to Windows 10 feature updates are acceptable or can be supported.
  • 支持文档:查看需要更新的支持文档,以支持新的基础结构工具或配置,作为 Windows 10 功能更新的一部分。Support documentation: Review supporting documentation that requires an update to support new infrastructure tooling or configuration as part of the Windows 10 feature update.
  • 流程更改: 定义和更新将因 Windows 10 功能更新而更改的任何进程。Process changes: Define and update any processes that will change as a result of the Windows 10 feature update.

您的运营和支持人员可以帮助您确定当时是否正在跟踪相应信息。Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. 如果不是,请介绍如何获取此信息,以便你可以获得正确的洞察力。If it isn't, work out how to get this information so you can gain the right insight.

任务Tasks

最后,你可以开始执行所需的工作,以确保你的基础结构和配置支持此更新。Finally, you can begin to carry out the work needed to ensure your infrastructure and configuration can support the update. 为了帮助您保持跟踪,您可以将工作分类为以下最适合的任务:To help you keep track, you can classify the work into the following overarching tasks:

  • 查看基础结构要求:了解支持更新的要求的详细信息,并确保它们均已定义。Review infrastructure requirements: Go over the details of requirements to support the update, and ensure they’ve all been defined.
  • 根据要求验证基础结构:将基础结构与已针对更新标识的要求进行比较。Validate infrastructure against requirements: Compare your infrastructure against the requirements that have been identified for the update.
  • 定义基础结构更新计划:详细说明基础结构必须如何更改以支持更新。Define infrastructure update plan: Detail how your infrastructure must change to support the update.
  • 查看当前的支持数量:了解当前的支持量,以了解在部署更新时更新有多少影响。Review current support volume: Understand the current support volume to understand how much of an effect the update has when it’s been deployed.
  • 确定需要注意的间隙:确定成功部署更新时需要解决的问题。Identify gaps that require attention: Identify issues that will need to be addressed to successfully deploy the update. 例如,您的基础结构工程师是否必须研究更新带来的新功能可能会对基础结构有何影响?For example, will your infrastructure engineer have to research how a new feature that comes with the update might affect the infrastructure?
  • 定义操作更新计划:详细介绍操作服务和进程必须如何更改才能支持更新。Define operational update plan: Detail how your operational services and processes must change to support the update.