with Configuration Manager Windows 10 Servicing with Configuration Manager Aaron Czechowski Senior Program Manager Microsoft Dune Desormeaux Program Manager Microsoft Niall Brady MVP/Blogger windows-noob.com Aaron

Aaron Czechowski Dune Desormeaux Niall Brady @Dune_v1511 @NCBrady Senior Program Manager, Configuration Manager product team Program Manager, Configuration Manager product team 6 year ECM MVP Nine years at Microsoft, four years on product team. 18 years working with SMS/Configuration Manager and Windows deployments 11 long months working on Configuration Manager, more text so that my blurb doesn’t seem smaller than the others Working with SCCM since SMS 2003, started programming in 1985 in ZX80 Assembly Anything coconut, Gin & Tonic Poutine, Beer Whiskey Aaron, Dune, Niall

Windows as a Service Strategy, Goals and Context Aaron

Servicing Strategy and Goals “Stay Current” mentality Current by default Increase security, consistency, stability, and reliability Eliminate fragmentation Flexible timelines, methods and tools Decrease admin overhead Aaron

Windows as a Service: Deployment Guidelines Windows Insider Preview Current Branch (CB) Current Branch for Business (CBB) Long Term Servicing Branch (LTSB) Specific feature and performance feedback Application compatibility validation Deploy to appropriate audiences Test and prepare for broad deployment Information workers General population Specialized systems Early adopters, initial pilots, IT devices Deploy for mission critical systems No need for frequent new features (or any sort of change) Too expensive for general population Benefits from new features Begins broad deployment Test machines, small pilots NUMBER OF DEVICES Aaron STAGE Release

Windows as a Service: Rings Aaron

Windows Fragmentation With Windows 7 and 8, servicing choices added complexity and cost, increased fragmentation, and reduced quality What we are testing What customers are running Y YY Aaron Windows 7 Test Lab PC: Fully Patched Typical Windows 7 PC: Selectively Patched

Windows as a Service: Updates Quality Updates Feature Updates A single cumulative update each month Security fixes, reliability fixes, bug fixes, etc. Supersedes the previous month’s update No new features Targeting twice per year with new capabilities Very reliable, with built-in rollback capabilities Simple deployment using in-place upgrade, driven by existing tools Try them out with Insider Preview Aaron

Windows as a Service: Timelines and Rhythm 2016 2017 2018 July Nov Feb July Nov Feb July Nov Feb 1507 Evaluate Pilot Deploy / Use (done) 4 months 12 months 60 days 1511 Evaluate Pilot Deploy / Use 4 months 4 months ~ 20 months 60 days Summer 2016 (Exact date TBD) Evaluate Pilot Deploy / Use Aaron ~8 months 4 months 60 days

Windows 10 Servicing Configuration Manager Aaron handoff to Niall

Prepare ConfigMgr for WaaS WSUS 4.0 with the hotfix 3095113 Server 2012+ on SUP and Site Server Select Upgrades classification Heartbeat discovery Service connection point online GPO setting, Defer Upgrades and Updates Niall

Identifying WaaS Systems Discovery Properties Operating System Build For example, 10.0.10240 (RTM) or 10.0.10586 (version 1511) Operating System Readiness Branch 0 = CB 1 = CBB 2 = LTSB Can be used in collection queries, reports, etc. Niall

Release Ready & Business Ready Milestones Build is Release Ready Build is Business Ready Build is EOL Windows 10, version 1511 (10.0.10586) 1512 1602 1605 1608 1611 Early Adopter Pilot: Release + 0 Production Pilot: Business + 0 Early Adopter Rollout: Release + 60 Production Rollout: Business + 90 Production Ring 3: Business + 120 Define your rings Keep current, easily Create once, ongoing monitoring Aaron

Servicing Plan Functionality Automatic Deployment Rules, plus Deployment Rings Upgrade filters Currently upgrades only Windows Update Agent launches Windows Setup Troubleshooting Server: same as ADRs Client: same as SUM, plus ccmrepair.log and setupact.log Dune

ConfigMgr Windows 10 Dashboard Information about Windows 10 computers in your environment, active servicing plans, compliance information Usage rings Expiration tiles Timeline Data driven: metadata, discovery data Dune

Win10 Servicing Deep Dive Dune

Windows 10 upgrades not in All Software Updates Improvements in 1602 WSUS hotfix warning Filters Windows 10 upgrades not in All Software Updates Software Center warning Deployment verification Dune

Servicing via Task Sequence OS Upgrade Packages Media-based upgrade for Windows 10 build-to-build Offline servicing for cumulative updates In-place upgrade task sequence As minimal as possible Niall

Servicing via Task Sequence Niall

Task Sequence vs Servicing Plan Upgrade from Windows 7 or Windows 8.1 Yes Upgrade Windows 10 build-to-build User experience Task sequence progress Software updates Administrative effort: Content acquisition Manually import OS upgrade packages, manually distribute Content automatically acquired and distributed based on criteria Administrative effort: Deployment rings Manually per deployment Deployment automatically created based on criteria Include drivers Planned Include language packs Compatibility pre-assessment Third-party disk encryption Yes (custom) Pre- and post-actions (e.g., uninstall apps) Aaron

Mobile Device Servicing Intune Via custom URI On-prem MDM & Hybrid Compliance Settings, Create Setting, type OMA URI ./Vendor/MSFT/Policy/Config/Update/RequireDeferUpgrade https://technet.microsoft.com/en-us/library/mt126215.aspx Dune

Windows Update for Business MS Story 4/28/2017 12:47 PM Windows Update for Business Policy setting example in Windows Update for Business Policies implemented in Windows 10 1511, effective for the next feature upgrade deployment Windows 10 Enterprise SKU is published to Windows Update (MAK only) Capabilities Maintenance windows to align with business rhythm Coming soon Integration with your existing tools like System Center Time to test and validate feature updates Summer ‘15 Ability to create internal deployment groups Fall ‘15 Peer to peer delivery to optimize for bandwidth Access to Current branch and Current branch for Business Dune © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Managing Windows Insider & WUfB Insiders: early access to latest builds WUfB: delegate updates to Microsoft Management issues today: Compliance reporting: “unknown” Conditional access evaluation Endpoint protection compliance and reporting Third-party updates SUM client deployment Identify WUfB clients Dune

Multiple servicing plans for pilot and production Stay Current Guidance Insiders for pilot Multiple servicing plans for pilot and production Consider content management Feature update refresh ADR for CUs TS for specific requirements Plan move to servicing plans over time Don’t deploy TS and SP to same collection WUfB piloting Aaron

References Windows 10 servicing options for updates and upgrades https://technet.microsoft.com/itpro/windows/manage/introduction-to-windows-10-servicing Important update for WSUS 4.0 (KB 3095113) http://blogs.technet.com/b/wsus/archive/2015/12/04/important-update-for-wsus-4-0-kb-3095113.aspx Manage Windows as a service using Configuration Manager https://technet.microsoft.com/en-us/library/mt627931.aspx How can I use the Upgrade Task Sequence in System Center Configuration Manager (current branch)? https://www.windows-noob.com/forums/topic/13917-how-can-i-use-the-upgrade-task-sequence-in- system-center-configuration-manager-current-branch/ How can I use servicing plans in System Center Configuration Manager (Current Branch) to upgrade Windows 10 devices? https://www.windows-noob.com/forums/topic/13968-how-can-i-use-servicing-plans-in-system- center-configuration-manager-current-branch-to-upgrade-windows-10-devices/ Dune / Niall

And Then …