Configuration Manager: Windows-as-a-Service, some stuff explained

December 10, 2015 at 6:04 pm in Uncategorized by nsienaert

 

Hi All,

Huge milestones are reached regarding Windows 10 and the new version of Configuration Manager.

CM will be THE tool to make sure you can adopt Windows-as-a-service. I receive quite some questions about this new technology and terminology.
So let’s explain some topics.

CB, CBB & LTSB

On the Net you can find already good explanations about the new Deployment Rings so I’m not gonna repeat that. But let me try to summarize them in two sentences each.

Current Branch (CB): 3-4 monthly Windows upgrade deployed to the Consumer landscape. To win some test time it’s advisable that you deploy this ring within your environment, considering it as pre-pilot.

Current Branch for Business (CBB): Typically 3-4 months released after CB, it’s CB made ready for the enterprise. You are allowed to skip one upgrade, if you skip more you will lose support. Taking into account CB test time you have 12 months to upgrade your CBBs.

Long Term Servicing Branch (LTSB): This is the ring you want for systems that you don’t want to upgrade on a cadence as described earlier. Typically Microsoft will release each 2-3 years an LTSB build which offers you 10 year support ( 5 mainstream + 5 extended support)

Moving between branches

You can in-place upgrade LTSB builds to CB or CBB using an upgrade Task Sequence.

If you are on CB\CBB and you want to go to LTSB, you need re-install the machine using typical Bare Metal \ Refresh Task Sequence scenarios.

Updates or Upgrades

This is important to understand well as this might be confusing.

Talking about Updates, we still talk about Security Updates that you deploy through WSUS, as you know if for years.

Upgrades are the 3-4 monthly upgrades that become available to upgrade Windows 10.

These are located in CM under the new Windows 10 Servicing node, notice that they still call it here Windows 10 Updates which can be confusing.

Microsoft has some reasons for that. To reduce confusion though MSFT created a new “Servicing node” and didn’t add these Servicing \ Upgrade under the “Software Updates” node.

In the right pane you can definitely see we are talking about upgrades.

image

Servicing Plans

Servicing Plans are actually Automatic Deployment Rules (ADRs) that we know from WSUS. Here you determine how your deployment rings will be deployed automatically to your devices. Typically, you will have several Servicing Plans within your environment.

The current situation of your Windows 10 landscape you can monitor through the Deployment Rings.

Important note #1:

Release Ready = Current Branch

Business Ready = Current Branch for Business

 

image

Important note #2:

If you want to skip an upgrade you have to set a GPO to Defer Upgrades for a certain period of time. In the future it will be possible to defer this out of the CM console.

 

image

Important note #3:

The info of the deployment rings is based on the Hardware Inventory, the Product Group will continue to invest into the visuals around your Windows 10 landscape. (remember CM has also a Servicing mechanism in-place to have these improvements much faster in the near future) In meantime it might be interesting that you also have some custom queries next the deployment rings to give you more insights.

OSBranch and Build are probably interesting properties you want to query. Currently these are not visible yet in the interface, so you cannot create an extra column in your viewing pane yet.

ResourceId:OSBranch

0 = CB, 1 = CBB, 2 = LTSB

ResourceId:Build

e.g. “10.0.10240” or “10.0.10586”

Query:

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.Client, SMS_R_System.OSBranch, SMS_G_System_OPERATING_SYSTEM.BuildNumber, SMS_G_System_OPERATING_SYSTEM.Version,from  SMS_R_System inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_R_System.OperatingSystemNameandVersion like "%workstation%" and SMS_R_System.OperatingSystemNameandVersion like "%10%"

Result:

image

Task Sequences or Windows Servicing

Task Sequences are your preferred choice if you want to in-place upgrade existing Windows 7 and above machines to Windows 10.

You will continue to use Task Sequences for your typical Bare Metal, Refresh and Replace scenarios. Important change here is that you need to adapt your image process by replacing a new Windows 10 CBB Build so your new installed machines are at least on the latest ring.

Windows Servicing will be the engine (powered by WSUS) to keep your existing Windows 10 machines up-to-date.

The User Experience

The actual User Experience is more in the hands of the Windows team. Huge investments are done and will be done in the future to make sure that there will be less user impact. Today and also for the upcoming rings the User impact will be still there which means you need to plan your upgrades well by working for instance with Maintenance Windows. So yes, currently users will not able to work during the installation of the first rings that are planned and one or two reboots will be required. In the future it will be hopefully possible to upgrade the systems while users can continue to work and without reboots.

Windows Update for Business (WuFB)

WuFB is a SaaS solution that Microsoft offers for free. It’s leveraging Windows Update to upgrade your CBB systems automatically out of the cloud.

WuFB can aslo be used for your traditional deployment of updates.

You will have some configuration options like “Defer Upgrades”, “Pause upgrades”,… through GPOs and Windows 10 has some built-in peer-to-peer capabilities to make sure your systems are getting their upgrade packages on an economical way. This can also be fine-tuned through GPOs.

image 

How does this cope with CM?

The integration with CM will be improved in the future but it’s clear that you can have both next to each other.

You might want to enable WuFB on satellite branches where CM has difficulties to reach because of lack of local DPs for instance.

Or their might be customers that prefer a lightweight mechanism for these upgrades.

I expect WuFB will be more used by customer that don’t have CM and want to keep their Windows 10 devices up-to-date.

Decent compliancy reporting is something that is not yet added to WuFB but that will be added in the future.

Hope that this was useful!

 

Till next time! (@nsienaert)