Microsoft now warns customers of specific bugs and compatibility problems that prevent it - at least temporarily - from offering Windows 10 PCs the latest feature upgrade.
After Microsoft re-released the October 2018 Update - labeled 1809 in the company's yymm format - on Nov. 13, it expanded the section titled "Current status of Windows, version 1809, Windows Server 2019, and Windows Server, version 1809" on the definitive Windows 10 update history support page, adding more information about blockers.
Five blockers currently stymy installation of 1809 to, among others, PCs running a pair of Trend Micro security packages and machines relying on new Intel display drivers. Rather than offer 1809 to such systems, Microsoft simply refuses to give them the upgrade.
Microsoft explains upgrade blocking
Microsoft spelled out upgrade blocking to those who had no inkling of the practice.
"Blocking the availability of a Windows 10 feature update to devices we know will experience issues is a key aspect of our controlled rollout approach to provide users with a great update experience," Microsoft said. "We decide what to block based on user impact from closely monitoring feedback and device diagnostics. If we detect that your device may have an issue, such as an application incompatibility, we will not install the update until that issue is resolved, even if you 'Check for updates' [in Windows 10]. We do this so that you avoid encountering any known problems."
Something not mentioned was that Microsoft practiced upgrade blocking for decades. For example, it required pre-Windows 10 versions to have been dealt very specific updates prior to the OS accepting and installing a service pack or upgrading to an entirely new edition. "Some updates require a prerequisite update before they can be applied to a system," Microsoft explained in a support document. Microsoft had also frequently declared that a just-issued security update wouldn't install sans one or more previous updates being detected in place._
With the launch of Windows 10, Microsoft applied update/upgrade blocking more often, in part simply because its rapid release model resulted in many more upgrades - two a year at this point - and so had more opportunities. Microsoft also blocked more frequently simply because it could.
Windows 10 telemetry is key to blocking
Windows 10's mandated internal data collection and diagnostics, and transmission of the results to Microsoft - the whole described as telemetry - gave the company significantly more, and more detailed, insight into customers' PCs than ever before. Unlike previous versions of Windows, where telemetry, at least originally, was optional, Windows 10 gave users no choice. Admins were allowed to dial down the data collection in Windows 10 Enterprise, however.
Microsoft has used this telemetry for multiple applications, but pertinent for blocking are the insights the data provides for upgrade distribution. Engineers can, and do, monitor the telemetry as an upgrade launches (before that, Microsoft uses telemetry to evaluate previews of the upgrade as they're pushed to volunteers who participated in Windows Insider). When a telemetry-reported issue reaches Microsoft's criticality, and the company has not shared the details of that evaluation process, it blocks the upgrade from systems that match the specifications of those that failed to install the upgrade or worse, crippled PCs, broke workflows or hampered one or more applications.
Upgrades and telemetry
The company has used, and talked about using, telemetry during its upgrade launches since at least mid-2016, when it released the build dubbed both "Anniversary Update" and 1607.
Although Microsoft has described telemetry's usage in only general terms and sometimes merely hinted why it collects data, it's become increasingly clear that one of the primary purposes of harvesting diagnostic information is to improve the chance that an update or upgrade would first, successfully install, and second, wouldn't brick the PC or do lesser harm to the system, applications and user data.
Initially, Microsoft couched telemetry's usefulness as helpful in the opening acts of an upgrade launch, even though one had to read between the lines to know that. Upgrades were rolled out in stages - Microsoft called them "phases" - to produce no-problem installations right off the bat, then build off that success by gradually expanding the pool of PCs to which the code was offered.
"The first phase will target newer devices, especially those we tested together with our OEM hardware partners," said John Cable, director of program management in the Windows servicing and delivery group, in a post to a March 2017 blog, referring to the upcoming 1703 upgrade. "We will then expand the Creators Update release to additional devices based on the feedback we receive during the initial phase [emphasis added]. We'll iterate this process over a period of several months until all compatible devices running Windows 10 worldwide are offered the Creators Update."
By "feedback," Cable meant the diagnostic data, or telemetry, transmitted to Microsoft's engineers.
"Microsoft is finally getting a handle on this because of Windows 10 and its telemetry," said Chris Goettl, product manager with client security and management vendor Ivanti. "They get much more information about systems, without it being an afterthought."
Microsoft calls blocking issues a 'high priority'
A month later, after Windows 10 1709 had been released to and installed by some customers, Cable expanded on the blocking practice.
"Blocking availability of the update to devices we know will experience issues is a key aspect of our controlled rollout approach," he said. "We decide what to block based on user impact, and blocking issues are a high priority for us to address as quickly as possible. During the time it takes to address an issue, we want to limit the number of customers exposed to that issue."
Cable also pointed out that the barriers Microsoft set on the upgrade road could be circumvented by manually downloading the file as a disk image. (The same went for upgrades processed through WSUS (Windows Server Update Services) or other patch management platforms, because IT administrators had complete freedom to shove code to users, blockers be damned.) "Therefore, we continue to recommend (unless you're an advanced user who is prepared to work through some issues) that you wait until the Windows 10 Creators Update is automatically offered to you," he said.
That's increasingly been Microsoft's plea, even though its actions have often contradicted the warning, as when, with the October 2018 Update, aka 1809, it let the over-anxious grab the upgrade immediately by checking for updates within Windows 10. The results were disastrous.
Coming clean on blockers
The 1809 debacle forced Microsoft's hand on identifying blockers, said Goettl, of Ivanti. "[Windows 10] 1809, that was the catalyst that forced Microsoft to finally (publish its block list)," he said in an interview. "But it's telemetry that makes the cost of [identifying blockers] feasible."
Before the list here, Microsoft did not publicize what was preventing some users from receiving a Windows 10 upgrade.
In a long missive published Nov. 13, the day Microsoft re-released 1809 - more than a month after it was yanked from distribution - Michael Fortin, the top Windows executive, laid out his company's quality control case. Much of it was familiar to customers who have kept up with Microsoft's public pronouncements. But he also described upgrade blocking in some detail.
"We do this by watching our telemetry, closely partnering with our customer service team to understand what customers report to us, analyzing feedback logs and screenshots directly through our Feedback Hub, and listening to signals sent through social media channels," Fortin contended. "If we find a combination of factors that results in a bad experience, we create a block that prevents similar devices from receiving an update until a full resolution occurs."
But as 1809 proved, the practice Fortin outlined didn't prevent destruction of user data.
Fortin implicitly acknowledged the screw-up, then promised that Microsoft would do more to communicate with customers. "Our focus until now has been almost exclusively on detecting and fixing issues quickly," he admitted. "[But] we will increase our focus on transparency and communication. We will continue to invest in clear and regular communications with our customers when there are issues."
The blocking list was certainly part of that pledge.
"We will see more of this over time," said Goettl. "They can see things in a bigger picture, and at some point maybe they'll have the ability to prevent bad things from happening."
That, at least, is the hope.