Understanding Windows Update for Business
In this Ask the Admin, I will explain what Windows Update for Business (WUfB) is and how it is different from Windows Update, Windows Server Update Services (WSUS), and System Center Configuration Manager (SCCM).
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
Windows pulls updates directly from Microsoft’s Windows Update servers. There are some limited options that users can set to determine when and how updates are downloaded and applied. But if organizations wanted to take control of the update process in Windows 8.1 or earlier, it involves installing some local infrastructure. This would be in the form of WSUS with or without SCCM integration. WSUS allows administrators to create deployment rings, download updates from Microsoft for distribution on a local area network, and decide when updates are applied to devices.
WUfB makes it easier for organizations to manage updates in Windows 10 Pro, Enterprise, and Education SKUs. Unlike the update mechanisms that most organizations are familiar with, WUfB does not require any infrastructure to be installed. Instead, it allows IT to control how updates are applied using Group Policy or Mobile Device Management (MDM). WUfB relies on the peer-to-peer technology in Windows 10 to efficiently distribute updates amongst devices on the local area network. A local server is not required. It is worth noting that WUfB does not include the reporting facilities provided by WSUS.
Configuring Windows Update for Business
To configure WUfB using MDM, a mobile-device management solution such as Microsoft Intune is required. And while Intune could manage updates for Windows 7 devices, it requires a client to be installed on each endpoint. WUfB is a clientless and serverless solution. The best way to configure WUfB using Group Policy is with Active Directory Group Policy. But WUfB can also be configured using local policy.
The Group Policy settings for WUfB can be found under Computer Configuration > Administrative Templates > Windows Components > Windows Update. The available settings are below. They apply to Windows 10 version 1607 or above:
- Select when Feature Updates are received
- Select when Quality Updates are received
- Do not include drivers with Windows Updates
The first two options allow IT to set updates to be deferred or paused. Feature updates can be deferred between 1 and 180 days or paused for up to 60 days. Quality updates can be deferred between 1 and 35 days or paused for up to 35 days.
In this article, I explained what WUfB is and how it can be configured using Group Policy or MDM.