Previous blogs in this series:
Now that we’ve briefly presented Microsoft update types and the update servicing channels, here’s the million-dollar question: How are they sent or deployed to one device, 10 devices, 100, 1000 or 30 000 systems?
Microsoft has provided over the years four tools to help servicing Windows and each one has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. They are:
Important: All servicing tools can deploy the new feature update as an update package. Only with Configuration Manager can you also choose to deploy it as an In-Place Task Sequence. With the latter, you have greater control on what happens to the system since you can configure pre and post upgrade tasks. Additionally, Desktop Analytics (which is discussed in Part 7 of this series) integrates with Configuration Manager and uses In-Place upgrade Task Sequences to deploy the targeted feature update.
Depending on several factors, such as the number and location of the systems, how they are connected, the available on-hand staff and their expertise, how the environment is managed, etc. an organization chooses the servicing tool that is best suited to its need. For example, although you can opt for Configuration Manager, it might be better to use Windows Update for Business if you have a small company of say 40 or 50 systems because you don’t have an on-premises Active Directory infrastructure for instance; you would manage your environment with Microsoft Intune. Windows Update might be easier for a 2 to 10 employee firm if you don’t have an IT pro to set up WUfB for example.
However, for large and complex organizations with tens of thousands of systems scattered geographically, with different branch sizes and various network links, Configuration Manager might be the premium choice as it not only allows you to target specific systems but it also can help with packaging updates together, automating their deployments in terms of date, time, threshold (automatically start another deployment depending on the success percentage threshold of a previous one), caching, bandwidth control, etc.
Additionally, Configuration Manager can work in conjunction with Microsoft Intune to provide a management style called ‘Co-Management’ whereby your systems are managed from Configuration Manager and from Microsoft Intune. When you have co-management enabled, you also get many more additional tools (such as Microsoft Endpoint Defender ATP – Advanced Threat Protection). But this is beyond the scope of this blog.
Stay tuned for my next blog: “Getting current and staying current with WaaS” where I’ll discuss Microsoft’s famous ‘Deployment Rings’ and how they fit with the delivery cadence of the feature and quality updates and, how you can leverage this to your business by mapping the tool to your needs.