Overview of Windows as a service

 

Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. So, if you often find yourself wondering, “Are Windows updates necessary?” Consider this new approach. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before.  Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects.

 

Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features. This scenario doesn’t work well in today’s rapidly changing world. A world in which new security, management, and deployment capabilities are necessary to address challenges. Windows as a service will deliver smaller feature updates two times per year, around March and September, to help address these issues.

 

Deploying

 

Deploying Windows 10 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, an easy in-place upgrade process can be used to automatically preserve all apps, settings, and data. And once running Windows 10, deployment of Windows 10 feature updates will be equally simple.

 

One of the biggest challenges for organizations when it comes to deploying a new version of Windows is compatibility testing. Whereas compatibility was previously a concern for organizations upgrading to a new version of Windows, Windows 10 is compatible with most hardware and software capable of running on Windows 7 or later. Because of this high level of compatibility, the app compatibility testing process can be greatly simplified.

 

Servicing

 

Traditional Windows servicing has included several release types:

 

Major revisions (e.g., the Windows 8.1, Windows 8, and Windows 7 operating systems), service packs, and monthly updates. With Windows 10, there are two release types: feature updates that add new functionality twice per year, and quality updates that provide security and reliability fixes at least once a month. Are Windows updates necessary?

 

Naming changes

 

As part of the alignment with Windows 10 and Office 365 ProPlus, Microsoft is adopting common terminology to make it as easy as possible to understand the servicing process. Going forward, these are the new terms they will be using:

 

• Semi-Annual Channel – They will be referring to Current Branch (CB) as “Semi-Annual Channel (Targeted)”, while Current Branch for Business (CBB) will simply be referred to as “Semi-Annual Channel”.
• Long-Term Servicing Channel – The Long-Term Servicing Branch (LTSB) will be referred to as Long-Term Servicing Channel (LTSC).

 

Servicing tools

 

There are many tools with which IT pros can service Windows as a service. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage Windows as a service updates:

 

• Windows Update (stand-alone) provides limited control over feature updates. IT pros manually configure the device to be in the Semi-Annual Channel. Organizations can target which devices defer updates by selecting the Defer upgrades check box in Start\Settings\Update & Security\Advanced Options on a Windows 10 client.
• Windows Update for Business is the second option for servicing Windows as a service. This servicing tool includes control over update deferment and provides centralized management using Group Policy. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the Semi-Annual Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune.
• Windows Server Update Services (WSUS)provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.
• System Center Configuration Manager provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.

 

 

Using SCCM

 

System Center Configuration Manager provides maximum control over quality and feature updates for Windows 10. Unlike other servicing tools, Configuration Manager has capabilities that extend beyond servicing, such as application deployment, antivirus management, software metering, and reporting. Configuration Manager can effectively control bandwidth usage and content distribution through a combination of BranchCache and distribution points. Microsoft encourages organizations currently using Configuration Manager for Windows update management to continue doing so for Windows 10 client computers.

 

You can use Configuration Manager to service Windows 10 devices in two ways. The first option is to use Windows 10 Servicing Plans to deploy Windows 10 feature updates automatically based on specific criteria, similar to an Automatic Deployment Rule for software updates. The second option is to use a task sequence to deploy feature updates, along with anything else in the installation.

 

Conclusion

 

Windows servicing is changing. For disaster recovery scenarios and bare-metal deployments of Windows 10, you still can use traditional imaging software such as System Center Configuration Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows 10 images is similar to deploying previous versions of Windows. With each release of a new feature update for CB, Microsoft makes available new .iso files for use in updating your custom images. Each Windows 10 build has a finite servicing lifetime, so it’s important that images stay up to date with the latest build.

 

 

 

System Center Configuration Manager (SCCM) provides a unified management console with an automated set of administrative tools to deploy software, monitor health, and enforce compliance across all devices in an organization. With Configuration Manager, IT technicians proactively manage the entire lifecycle of all Windows-powered devices. This includes deploying and maintaining systems and software, responding to security threats, distributing settings, and analyzing inventory data.

 

Capabilities

 

Application Delivery

 

Configuration Manager takes a user-centric approach to application delivery that allows administrators to create one application that can be delivered to all of a user’s devices. It evaluates device and network capabilities and optimizes delivery.

 

Check for running executable files before installing an application. If an executable is running the user must close the running executable file (or it can be closed automatically for deployments with a purpose of required) before the deployment type can be installed.

 

Beginning in version 1702, for available deployments of task sequences, you can choose to use pre-cache content. Pre-cache content gives you the option to allow the client to only download the applicable content as soon as it receives the deployment. Therefore, when the user clicks Install in Software Center, the content is ready and the installation starts quickly because the content is on the local hard drive.

 

Device Management

 

Integration with Microsoft Intune provides a single administrative console for managing policies and comprehensive asset and compliance reporting across PCs as well as mobile devices, including Windows, iOS, and Android. With new on-premises mobile device management (MDM) capabilities, Windows 10 devices can now be also managed via MDM.

 

Endpoint Protection

 

Configuration Manager serves as the infrastructure for System Center Endpoint Protection. It delivers a single solution for malware protection, identification, and remediation of vulnerabilities, while giving visibility into non-compliant systems.

 

Compliance and Settings Management

 

You can create a baseline for “desired configuration state” and ensure that all devices comply through auto remediation or alerts.

 

Software Update Management

 

Configuration Manager simplifies the complex task of delivering and managing updates to IT systems across the enterprise. IT administrators can deliver updates of Microsoft products, third-party applications, hardware drivers, and system BIOS to a variety of devices, including desktops, laptops, servers, and mobile devices.

 

Operating System Deployment

 

Configuration Manager distributes operating systems to physical desktops and eliminates the inefficiencies and errors associated with manually installing applications. With Windows 10, Configuration Manager can also manage in-place upgrades which significantly reduce the time and complexity of deploying Windows.

 

Inventory

 

Configuration Manager can inventory hardware and software in your organization to help give you a view into what resources you have. With Configuration Manager, you can enable custom hardware inventory more easily and extend the inventory schema.

 

Reporting

 

Reporting in Configuration Manager helps you gather, organize, and present information about users, hardware and software inventory, software updates, applications, site status, and other Configuration Manager operations in your organization.

 

Asset Intelligence

 

Administrators can have continuous visibility into hardware and software assets and usage. Asset Intelligence translates inventory data into information, providing rich reports that help administrators with software purchasing decisions, upgrade plans, and license reporting.

 

Power Management

 

Get more out of your energy-saving hardware with a comprehensive set of centralized client power management tools. Configuration Manager works with the capabilities built into your Windows operating system to help you optimize power settings at a granular level.

 

Windows 10 Management

 

Configuration Manager is designed to keep pace with Windows 10 updates to provide support for new Windows features as they become available. When Configuration Manager is integrated with Microsoft Intune, you can choose between multiple deployment and management options of Windows 10 that work best for your business.

 

In-Console Updates

 

Updates and servicing node in the Configuration Manager console provides more frequent and easier-to-apply updates for new features, cumulative updates.

 

Data Warehouse Service Point

 

Use the Data Warehouse service point to store and report on long-term historical data for your Configuration Manager deployment.

The data warehouse supports up to 2 TB of data, with timestamps for change tracking. Storage of data is accomplished by automated synchronizations from the Configuration Manager site database to the data warehouse database. This information is then accessible from your Reporting Services point.

 

Reporting

 

Reporting in System Center Configuration Manager provides a set of tools and resources that help you use the advanced reporting capabilities of SQL Server Reporting Services (SSRS) and the rich authoring experience that Reporting Services Report Builder provides. Reporting helps you gather, organize, and present information about users, hardware and software inventory, software updates, applications, site status, and other Configuration Manager operations in your organization. Reporting provides you with a number of predefined reports that you can use without changes, or that you can modify to meet your requirements, and you can create custom reports. Use the following sections to help you manage reporting in Configuration Manager.

 

Configuration Manager uses SQL Server Reporting Services as its reporting solution. Integration with Reporting Services provides the following advantages:

• Uses an industry standard reporting system to query the Configuration Manager database.
• Displays reports by using the Configuration Manager Report Viewer or by using Report Manager, which is a web-based connection to the report.
• Provides high performance, availability, and scalability.
• Provides subscriptions to reports that users can subscribe to; for example, a manager could subscribe to automatically receive an emailed report each day that details the status of a software update rollout.
• Exports reports that users can select in a variety of popular formats.

 

If you are utilizing SCCM today, but aren’t completely satisfied with how it is functioning, Zunesis can help with an SCCM Health Check. With this Health Check, we are going to focus on your Server Site and Component health, the health of the client system and the Configuration Manager client itself. We want to make sure the client system is properly configured to install the Configuration Manager client, to get policies, run inventory, and install software and patches. Your current environment will be documented and recommendations will be made to make sure your SCCM environment is delivering the results you intended it to deliver.