If you are tasked with keeping your Windows computers up-to-date with security patches each month, Microsoft is bringing a new product to market to, hopefully, ease the burden of securing PCs.
I had a chance to sit down with Stella Chernyak, Senior Director at Microsoft, on Tuesday during Microsoft Ignite. Our conversation topic was scheduled as a general Windows 10 discussion, but you can find Windows 10 feature news anywhere. I felt it was more important, particularly for IT Pros, to hear what Microsoft is doing to improve its patching problems, particularly for Windows 10. Over the last few years, a month hasn’t gone by without updating problems. From blue screens to failed boots, Microsoft’s patch quality has degraded to the point of instilling fear into customers.
Stella believes that Microsoft can solve the patching problem with better telemetry, as it will be used to detect issues that people are having while using the software on an ongoing basis. Later this year, the company will release a new product called Windows Update for Business, and while it will provide many new features, Stella is most proud of the telemetry gathering feature to help solve problems for customers using Windows. In essence, WUFB will collect and transmit updating data back to Microsoft where it can be alerted more quickly to problems and provide smaller, less bulky updates to deliver higher quality and mores seamless updating. It’s interesting to me, though, that just watching Twitter each month, I can pretty much figure out where problems exist almost instantaneously.
Windows Update for Business is another layer of insulation Microsoft is providing to enterprise customers to ensure they are getting the most tested and proven updates of Windows 10 possible.
WUB also delivers a new, customizable mechanism for delivering patches in the organization that takes advantage of more granular policies. Adopting the Windows Insider program for Windows 10 as a model, WUFB will allow companies to choose “rings” of update delivery. Businesses can define their own rings, giving them the ability to define how quickly patches are pulled and delivered from Microsoft. This is really not much different than it is today with WSUS and SCCM, but now updates will be delivered directly to the client from Microsoft servers based on the personalized ring.
Selecting the right ring for delivery will be extremely important as Microsoft will end Patch Tuesday and begin to deliver smaller, more frequent updates in an attempt to better secure its operating system. Customers that choose slower rollouts of updates will quickly be left behind, not just from a security standpoint, exposing the company to rampant exploits, but also for new features. WUB is the mechanism planned to deliver Windows 10 feature enhancements for businesses.
Microsoft isn’t replacing WSUS or SCCM, only providing an additional mechanism that the company believes will be better. Stella suggested that Windows Update for Business is like WSUS Lite. It’s Windows Update with some of the controls of WSUS, particularly different is where the updates are delivered from and where they are stored.
Additionally, WUFB is being designed to work with Microsoft Intune and WSUS and SCCM will still exist as standalone offerings. To help eliminate confusion about which patching mechanism customers should choose, Brad Anderson and Andrew Conway had this to say...
Microsoft is committed to ensuring IT pros will be able to continue to use WSUS and System Center Configuration Manager now and in the future. In fact, the company is putting additional investment into the two solutions, ensuring they’re updated on a regular cadence to ensure compatibility with Windows 10. We know it’s important to our customers and with Windows Update, WSUS, and System Center Configuration Manager, Windows 10 is exactly what customers are used to. In addition, Microsoft is just as invested on integration of SCCM & WSUS for Windows 10 management as it is with Microsoft Intune. SCCM continues to be used as the single point of control for all updates - Windows, Office, Visual Studio, as well as 3rd party updates and updates for the apps companies have built internally.
The hope though, per Stella, is that Microsoft can convince customers to move to WUB, since it will help improve the Windows experience through customer-supplied telemetry delivered directly from each desktop.
So, there is a bit of conflicting communication, but I'm sure Microsoft will get it all worked out by the time WUFB releases. A customer preview is planned later this year. In reality, as someone at Microsoft mentioned to me, even just the idea of WUFB is only weeks old, so there's seems not to be any available communication yet about how WUFB will even tie into WSUS and SCCM.