FAQ: How Microsoft will update Windows 10

Although Microsoft remains tight-lipped about some of the details of how it plans to keep Windows 10 up to date, enough information has surfaced for a fairly clear picture of the process.

Microsoft is just weeks away from pushing customers into a radical overhaul of how they receive security, maintenance and new feature updates.

Windows 10, which Microsoft has promised will be updated more often than past iterations, especially with feature and functionality, user interface (UI) and user experience (UX) changes, will debut July 29. That's only six weeks from now.

And while Microsoft remains closed-mouth about some of the details of how it plans to keep Windows 10 up to date on customers' devices, enough has surfaced for a relatively-clear picture of the process.

Short take: It's confusing and complicated, particularly for long-time Windows veterans, who have dealt with the one-size-fits-all patch policy of the past -- under which Microsoft presented updates to everyone, whether consumers or massive corporations, at or almost at the same time -- for decades.

We've collected all the hints and clues, the company's statements -- straight out and implied -- and tried to stick together the update ball of wax.

Wish us luck.

I use a PC at home. What do I get and when? If you're running Windows 10 Home, the least-expensive retail SKU (stock-keeping unit) on a new device or a PC you upgraded from Windows 7 Starter, Home Basic or Home Premium or from Windows 8.1 via Microsoft's one-year free deal, you don't have much of a choice: You get what Redmond's calling the Current Branch.

(Some of the confusion around Windows 10's new update practice is the terminology: Microsoft has introduced a whole new vocabulary. In its lingo, a "branch" is an update track, a meta track at that. Different groups of customers will be able to adopt different branches. Then there are the "rings" within a branch, but more on that later.)

The Current Branch (CB) will be pushed to users via Windows Update (WU), the update mechanism in play since 1995. Every four months or so, Microsoft will release an update to CB.

That's where things depart from the familiar. Those on CB will not be able to ignore an update, postpone it -- with the exception of registering with a slower ring -- or even selectively install some of its contents and not others, as they can now with WU. A CB update is all-or-nothing, minus the nothing. Think of it as a "service pack," the now-discarded label for large updates: You were never able to take just pieces of a service pack, either.

So Microsoft ships a Current Branch and I have to take it? Can I least delay it to let others be the guinea pigs? Yes, you have to take it. And yes, you can delay it ... to a limited extent.

Microsoft will create rings -- there's that word again -- within CB that deliver updates on varying timetables. The company hasn't said how many rings CB will offer or what they will be named, but the Windows Insider program -- the current preview program that will continue after Windows 10's launch -- has a "fast" ring and a "slow" ring. Expect those two at least.

Customers on the CB fast ring will receive the every-four-months-or-so updates first, probably as soon as Microsoft greenlights the refresh. Those on a slow ring will get it later. It's unclear how much later, but one CB update must be distributed before the next arrives, and since it's likely that updates will arrive every four months, logically a slower ring will deliver the update before that span ends.

Why would I want to delay a CB update? I like new stuff! Good for you. But there is a solid reason why a slow CB ring might be smart.

Whether it's because Microsoft wants to expand feedback (its rationale) or simply wants to shift the testing burden from its engineers to users (the cynic's view), the company will employ customers to shake out bugs more than ever before.

The company hasn't been shy about saying so. "Enterprises will be able to receive feature updates after their quality and application compatibility has been assessed in the consumer market," Jim Alkove, director of program management for Microsoft's enterprise group, said in a January blog post [emphasis added].

If you'd prefer others to put on the lab rat fur, so you receive the update only after Microsoft's identified and fixed some of the bugs, adopt a slower CB ring.

I'll say it again ... I like new stuff. Again, good for you.

If you enjoy the bleeding edge, you can remain in, or register with, the Windows Insider program, which will continue serving changes as soon as Microsoft approves them for the previewing public. Windows Insiders will be the first line of outside testers -- Microsoft says it runs updates internally first -- and get updates before any other customers.

Windows Insider will not be shut down after Windows 10's release -- that's what Microsoft has done in the past with beta programs -- but will continue indefinitely as the OS's fastest update branch.

You can join the program at this website.

So that's it? CB or nothing? No, even if you use a home-based Windows 10 device.

Microsoft's second branch, dubbed Current Branch for Business (CBB) offers more flexibility in update timing, although like CB, it's an automatically-delivered deal that doesn't let you parse updates into take-some-leave-some pieces.

CBB, as the name implies, targets businesses, but anyone with a PC or other device running Windows 10 Pro -- the more expensive and more capable retail and pre-installed SKU -- can adopt this branch. That will include those who take the free upgrade from Windows 7 Professional or Windows 7 Ultimate, or from Windows 8.1 Pro.

(Microsoft's not actually said as much, but unless the company pulls out some magic, a Windows 10 Pro device is a Windows 10 Pro device, no matter where it happens to sit, whether inside a company or on a consumer's dining room table.)

CBB will rely on Windows Update for Business (WUB) -- tired of the acronyms yet? -- a new service that Microsoft announced in early May at its inaugural Ignite conference. WUB is the business-grade version of Windows Update, and like the latter, will insure that all users get each update.

Consumers with a Windows 10 Pro-based device will receive each update about four months after it's been issued to consumers on the CB. Microsoft figures that the four months will shake out even more bugs -- consumers as testers, deux -- so that business users, or at least those running Windows 10 Pro or Windows 10 Enterprise -- will see a more stable update with a correspondingly lower risk of something breaking.

That's the theory, anyway.

Anyone who relies strictly on WUB for CBB updates must install said updates within four months -- before the next one appears, in other words -- or be bumped off Microsoft's security patch list.

So, with CBB, consumers with Windows 10 Pro can postpone an update for up to eight months: the four used by CB plus the four for CBB on WUB.

Confused yet?

When do security updates reach me? As part of my CB or CBB updates? No. Security updates are a horse of a different color.

Think of the CB and CBB updates as delivering feature, functionality, UI and UX changes only. Security updates -- the vulnerability fixes that since 2003 have been issued the second Tuesday of each month, or "Patch Tuesday" -- are not associated with these updates.

Instead, Microsoft will issue patches on an ongoing basis, security experts have concluded in the absence of clarity from Redmond. Rather than hold completed fixes until the next Patch Tuesday, Microsoft will release them as work concludes.

Microsoft may not have spelled it out yet, but assume that patches will be automatically downloaded and applied to CB-managed devices immediately, not every four months as will be feature updates. It's unclear whether Current Branch for Business devices will receive them simultaneously through Windows Update for Business -- again, Microsoft has made much of how consumers will be the test group -- but it would be very odd if they were not.

Also unknown: The impact, if any, of the rings in the CB and CBB on patch delivery.

The danger of artificially delaying security updates to fit the constraints of a Current Branch or Current Branch for Business schedule, or even a "fast" or "slow" ring, is that some will get fixes before others. Cyber criminals typically start examining a patch as soon as they get their hands on it, hoping to uncover the underlying vulnerability, then craft a workable exploit. That would let them probe for unpatched systems, say those on the four-month-delayed CBB, as they sniff for potential victims.

That's not terribly different from the situation now: Enterprises often take months to apply a patch. What would be different is if a fix was not available to everyone at the same time.

We'd be very surprised if Microsoft did not simply let each patch loose, available to all at the same time. But you can never be sure.... Microsoft has done stranger things.

I manage hundreds of Windows devices, all running Windows 7 Enterprise. What do I get? Depends. If your organization pays for Software Assurance (SA), the annuity-like plan that gives the company OS upgrade rights, as well as a host of other benefits, you'll be able to use the third track, Long-term Service Branch (LTSB), when you eventually migrate to Windows 10.

LTSB is designed to lock down devices. During an April webinar for partners, a Microsoft product manager said LTSB would be "very similar to Windows 7" in that security and other bug fixes would reach devices, but that those systems would not receive the feature/functionality/UI/UX changes for Windows 10.

So far, LTSB is the only branch that Microsoft has explicitly guaranteed will receive support for the usual decade, five in "Mainstream" support, the following five in "Extended" support.

Every two to three years, Microsoft will create another LTSB build, integrating some or all of the feature changes released to CB and CBB in the intervening time, then offer that to customers. They will have the option to move to that build -- it won't be mandatory -- and have the ability to skip at least one build, passing on LTSB 2 (or whatever Microsoft names it) then years later adopting LSTB 3 with an in-place upgrade.

LTSB seems too old-school for most of our devices. What other choices do we have? Devices running Windows 10 Pro, Windows 10 Education or Windows 10 Enterprise can be on the Current Branch for Business, meaning that corporations running Windows 10 Enterprise have the most choices: CB, CBB and LTSB.

Any device on CBB can -- as outlined earlier -- take updates via Windows Update for Business within the first four months of them being approved by Microsoft.

Alternately, if your organization prefers to use the traditional Windows Server Update Service (WSUS) -- or other patch/update management tools like Microsoft's own System Center and Enterprise Mobility Suite -- to process updates internally, you'll have an option not available to CBB devices served by WUB.

Microsoft will allow CBB devices to postpone any given build by up to eight months after said build was declared "business ready" if, and only if, WSUS is employed.

"If customers are using their infrastructure to deploy feature updates, they actually have a total of eight months to validate and deploy that feature set after it's been declared business ready," Helen Harmetz, a Microsoft senior product marketing manager, said during an April webinar with reseller partners.

So, with CBB, businesses running WSUS can postpone an update for up to 12 months after it was handed out to consumers: the four used by CB plus an additional eight.

Can I skip a CBB build? No.

While you can delay a build reaching devices, eventually you'll have to take it or Microsoft will shut you off from the vulnerability patch spigot.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftoperating systemssoftwareWindowsMicrosoft WindowsWindows 10

More about AssuranceCustomersMicrosoftPremium

Show Comments