Understanding Windows Update for Business
In this Ask the Admin, I will explain what Windows Update for Business (WUfB) is and how it is different from Windows Update, Windows Server Update Services (WSUS), and System Center Configuration Manager (SCCM).
What is “Inside Microsoft Teams”?
“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.
Windows pulls updates directly from Microsoft’s Windows Update servers. There are some limited options that users can set to determine when and how updates are downloaded and applied. But if organizations wanted to take control of the update process in Windows 8.1 or earlier, it involves installing some local infrastructure. This would be in the form of WSUS with or without SCCM integration. WSUS allows administrators to create deployment rings, download updates from Microsoft for distribution on a local area network, and decide when updates are applied to devices.
WUfB makes it easier for organizations to manage updates in Windows 10 Pro, Enterprise, and Education SKUs. Unlike the update mechanisms that most organizations are familiar with, WUfB does not require any infrastructure to be installed. Instead, it allows IT to control how updates are applied using Group Policy or Mobile Device Management (MDM). WUfB relies on the peer-to-peer technology in Windows 10 to efficiently distribute updates amongst devices on the local area network. A local server is not required. It is worth noting that WUfB does not include the reporting facilities provided by WSUS.
Configuring Windows Update for Business
To configure WUfB using MDM, a mobile-device management solution such as Microsoft Intune is required. And while Intune could manage updates for Windows 7 devices, it requires a client to be installed on each endpoint. WUfB is a clientless and serverless solution. The best way to configure WUfB using Group Policy is with Active Directory Group Policy. But WUfB can also be configured using local policy.
The Group Policy settings for WUfB can be found under Computer Configuration > Administrative Templates > Windows Components > Windows Update. The available settings are below. They apply to Windows 10 version 1607 or above:
- Select when Feature Updates are received
- Select when Quality Updates are received
- Do not include drivers with Windows Updates
The first two options allow IT to set updates to be deferred or paused. Feature updates can be deferred between 1 and 180 days or paused for up to 60 days. Quality updates can be deferred between 1 and 35 days or paused for up to 35 days.
In this article, I explained what WUfB is and how it can be configured using Group Policy or MDM.