Microsoft risks IT ire with Windows 10 update push
The decision to not only push updates out, but also ensure that all Windows 10 devices receive them in a timely fashion, fits well with the concept of Windows as a service. The change may even go unnoticed by many consumers. IT departments, however, are keenly aware of this shift -- and many aren't happy about it.
Traditionally, Microsoft has given IT the final word on patches and updates. While most departments do roll out critical patches and major updates, they do so on their own time frame and only after significant testing in their specific environment. This ensures that an update doesn't break an app, a PC configuration or cause other unforeseen issues. If an update is required that could introduce problems, IT can then develop a plan to address the issue in advance of deployment. Some updates might even be judged as unneeded and never get deployed.
With Windows 10, Microsoft is adopting a service-and-update strategy based on a series of tracks known as branches. In this model, both security and feature updates are tested internally and made available to Windows Insiders. When Microsoft feels the updates are ready for primetime, they're pushed to the Current Branch (CB). CB devices, predominantly used by consumers, receive the updates immediately through Windows Update.
Businesses and enterprises typically fall under the Current Branch for Business (CBB). Like CB devices, CBB hardware will be able to receive updates as soon as they are published, but can defer those updates for a longer period of time. The rationale for this extra time is two-fold. First, the updates will have received extra scrutniy because they have been tested internally, by Windows Insiders and by consumers via the CB so any issues will likely be resolved, or at least identified, during that time. Second, it gives IT shops time to test the updates and develop strategies to deal with potential problems before those updates become mandatory.
Complicating the situation: There are still unknowns about how IT departments will handle the CBB update cadence and process. Microsoft has yet to complete Windows Update for Business (WUB), a set of features and tools that will be made available to organizations that have adopted the CBB update pace. There is also the possibility of using other tools, including Windows Server Update Services (WSUS), Microsoft's System Center Configuration Manager (dubbed "Config Manager"), or a third-party patching product that can handle longer postponements.
This marks a massive transition in how Windows is deployed, updated and managed in enterprise environments. Many longtime IT pros won't be comfortable ceding this much control to Microsoft. Susan Bradley, a computer network and security consultant known in Windows circles for her expertise on Microsoft's patching processes, has become a voice for those IT workers.
In August, Bradley kicked off a request on the matter using Microsoft's Windows User Voice site asking for a more detailed explanation of the Windows 10 update process. Last month, she upped the ante by starting a Change.org petition demanding additional information from Microsoft as well as a change to how it will deliver updates. As of this week, the petition has more than 5,000 signatures; some signers have noted that they will refuse to move their organizations to Windows 10 unless changes are implemented.
The impact of the petition remains to be seen. Microsoft has already established that it views its new Windows-as-a-service model, with frequent incremental updates using the branch system, as the future. Windows 10 has already passed the 132-million PC mark and Microsoft appears unapologetic about its plans to pressure users into upgrading to the new OS. All of these factors make it unlikely the company is going reverse course.
The new approach to update management is striking compared to the process for previous Windows releases, but it isn't exactly a new model. iOS, Android and Chrome OS all limit IT's ability to manage the update process to one degree or another.
Apple has always placed the user at the center of the iOS upgrade process. When an update becomes available, users can download and install it on day one. iOS 9 introduced the ability for IT to take some control over the process, but only in the opposite direction -- allowing IT to require that devices be updated, a move designed less to ensure IT management of the overall process and more to ensure that iPhones and iPads are running to latest, and therefore most secure, version of iOS.
Things are a bit murkier with Android because each manufacturer and carrier generally has to approve the updates and make them available to users, though ultimately it remains up to the user to upgrade when an update becomes available. The update challenge for Android in the enterprise is less about preventing an update and more about the uncertainty of when (or if) devices can be updated.
Chrome OS is essentially updated by Google across all of the devices running it. This is the most apt comparison to Microsoft's plans for Windows 10. The big difference is that Chromebooks are little more than the Chrome browser and are designed primarily for working with data in cloud-based services. Although the devices do have local storage and support for some peripherals, they are extremely uniform compared to any other major platform (which makes them easier to manage than rivals).
This isn't to say that IT professionals have always been happy about these platforms or their upgrade processes. iOS and Android were met with skepticism and even hostility by many IT departments. As the platforms have matured into true enterprise tools and it's become clear they are a necessary part of the enterprise computing landscape, IT has had to adapt to the realities associated with supporting, securing, and managing them.
Part of that adaptation is to the way these platforms get updated.
iOS is a great example of how IT departments already deal with being shut out of a platform's update process.
With iOS, IT gets very limited lead time about major updates (typically about the three months between Apple's Worldwide Developers Conference in June and the public release later that same fall). Many IT shops now realize that the next version of iOS will arrive for their organizations the day it's released. As such, it's common practice to download and test the developer preview builds through that period to ensure smooth operation on day one. Similarly, many IT departments keep up to date on the previews of minor iOS releases throughout the year.
Microsoft's update process is going to require a similar adjustment. If Microsoft won't back down on its position that regular cumulative updates of Windows is the future, IT will need to take a similar approach to Windows that it uses with other platforms.
One major difference between iOS and Windows 10 is that Microsoft still allows updates to be deferred by IT. This means that IT departments have greater lead time for testing and developing plans to address potential pitfalls. Even if IT shops rely solely on the CB release, there is expected to be up to eight months to prep before an update becomes mandatory for CBB PCs and devices. Windows Insiders will get an even longer lead time, since they will have access to updates before public release. In effect, Microsoft is striking a middle ground between Apple's approach and the approach used in previous Windows versions.
That longer lead time, of course, isn't a luxury. Windows deployments can be significantly more complicated than those for iOS or Android and almost universally there are more PCs than mobile devices in an organization. Still, using an iOS update strategy as a blueprint is a good starting point for figuring out how to approach Microsoft's planned Windows 10 update process at work.
It's also worth noting that IT departments do have some time to develop that strategy. Although Microsoft is clearly ushering anyone and everyone it can onto Windows 10, there's little need for enterprises to make the switch from Windows 7 immediately -- particularly for those that only recently made the jump from XP to 7. Delaying a transition or focusing only on a proof-of-concept or pilot project allows IT departments to get a handle on everything related to Windows 10 before rolling it out, including how to handle updates.
Although it's possible to delay a Windows 10 transition, perhaps even for years, enterprises are eventually going have to bite the bullet.
Putting off the move is perfectly logical, particularly until the core capabilities to manage Windows 10 and its update process are established. That doesn't mean, however, that this is a time to be complacent and ignore it completely. Sooner or later, virtually every organization will need to reckon with Windows 10 (or perhaps migrate to non-Windows platforms, which would pose an entirely different set of challenges).
Preparing for that reality, even while pushing back against Microsoft's current plans, is critical to eventually making a smooth transition.