Aug 23 2016

How to Manage Updates for Windows 10

These five tips can keep updates for the new Microsoft OS from creating havoc in your users’ workday.

In a constantly connected world, organizations face the constant threat of new IT vulnerabilities while also being under pressure to continuously innovate.

This makes keeping operating systems fully up to date a necessity. But updates can cause disruptions, which is why organizations prefer control over when and how they are delivered.

Although Microsoft designed Windows 10 with enterprise users in mind, managing updates still requires thought and planning.

Here are five tips to reduce the impact on day-to-day activities.

1. Get smart about the three types of Windows 10 updates.

  • CBB (current branch for business) updates are typically delivered two or three times a year.
  • General updates come out the second Tuesday of each month.
  • Other updates, which are the most common of all updates, come out sporadically and often cannot be deferred.

When deferral is an option, it’s for either four weeks or eight months, depending upon the upgrade. As an administrator, you need to define deployment and validation groups during the deferral period.

But remember, you cannot defer forever, as you were able to do with previous Windows OSs; the updates will resume automatically, so plan ahead.

2. Establish deployment and validation groups.

Because you can’t defer updates indefinitely, you need a plan to ensure their rollout will not wreak havoc with your employees’ workday (whatever those actual hours might be).

To help, create validation groups using group policies. That way, your systems administrators can monitor deployments and verify quality by starting with a small pool of devices before expanding the update to ever-broader groups.

3. Make use of the delivery optimization feature.

Windows 10 will let you parse downloads into smaller parts, so that multiple systems on the local network (and the internet) can deliver the updates.

Enterprise and Education versions of Windows 10 have delivery optimization turned on, so devices on the local network can provide the updates to reduce loads on the network and to meet specific needs. You can configure your delivery settings using the group policies tool.

4. Consider whether to keep the Windows Store open or closed.

Some unsupported third-party applications available through the store might cause support headaches — or worse, information leaks — so take care when deciding whether to enable or disable access. Windows 10 Enterprise and Education SKUs let you completely turn off the store application if it does not fit your needs.

5. Lock down or closely monitor various other Windows 10 features.

Be judicious about what’s best for your organization and which new features make sense for your users. Some, like the Cortana personal assistant, might be useful but won’t work without sending data to servers outside your company. Many others require connections to an internet server to function. You will need to opt in or out using group policies.


Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.