A couple of weeks ago I went through the history of how the cadence of Windows 10 Feature Updates has changed since Microsoft cooked up their initial cockamamie scheme. You can find that here: You’re getting SAAAAAAAC’d
Last week people started asking me about various Windows 10 updates that weren’t showing up in their WSUS or ConfigMgr consoles. Such things are usually pretty cut-and-dry and while I like to think I keep on top of such things I quickly realized it was … confusing. So let’s dig into this and see if I can’t at least wrap my own head around this and maybe, just maybe, help bring some clarity to others.
You Will Update Cumulatively and YOU WILL LIKE IT!
One of the first details we learned about Windows 10 was that updates were going to be cumulative. I don’t want to re-litigate all of the pros and cons but I’ll admit up front that I’m a cumulative update fan. I celebrate their entire catalog. However, back in 2015 that change was academic to many. Most administrators were just starting to plan for a major OS release and learning that it was going to be out of support before they even finished rolling it out. How they updated it afterwards was a problem for their future selves.
In June 2016 Microsoft released a Convenience Rollup for Windows 7 SP1 that was cumulative to the release of SP1. To be clear this was not a service pack. Sure it was like a service pack in every single way but because of their laser-like focus on the customer they didn’t name it that. In no way, shape, or form was this because naming it a service pack would extend the support life cycle for Windows 7. Sigh. I digress. Regardless of the name, it made life easier so the peasants rejoiced.
Then in August 2016 Microsoft announced that Window 7 updates would be offered in both a cumulative roll-up and a monthly roll-up of just the security updates. Sure, the naming scheme could only be described as sadistic but once you got past that it was easy enough to understand.
The reason I’m laying out the Windows 7 timeline is to get to this announcement in October 2016 that introduced the concept of preview updates. On the third Tuesday of the month Microsoft was going to start releasing a cumulative non-security update to WSUS that included the new quality improvements that would be part of the next month’s Patch Tuesday cumulative roll-up. The intent was to provide companies the ability to start testing these non-security improvements a few weeks early. Let’s be real here, you have to have one heck of a mature patching process to concern yourself with these updates. Which is to say most people didn’t. The key point though is that they were dead simple to recognize and handle because they were named ‘Preview of Monthly Quality Rollup’. Imagine that for a moment; a naming scheme that actually makes sense and immediately and unequivocally conveys the intended meaning. My guess is that a committee was for once not involved.
Wait, Why Are We Talking About Windows 7 Again?
Great question. Glad you asked dear reader. The moral of the story is that most administrators eventually came to understand the Windows 7 update cadence. You had to choose between the cumulative or the security-only release and you may come across this preview thing you didn’t care about. Relatively simple stuff.
Fast forward a year or two and you are hopefully well along your journey to Windows 10. Maybe you’ve already been there for a while. Being a good administrator you start paying attention to the Windows 10 Update History page. This is when things start falling apart. You quickly realize that Microsoft is releasing new Windows 10 builds whenever the heck they feel like it. Quite literally any single day might bring a new cumulative update for Windows 10. The anarchists have taken over and we’re now back to the dark ages of patching. Luckily, it’s not quite that bad. Close maybe … but not all the way there. Yet.
Patch Tuesday is Complete Make Believe
I’ve been saying for a while now that Patch Tuesday is a Lie but what I’m talking about here is slightly different than that or maybe an extension of it. The term Patch Tuesday is not a Microsoft term, it’s something that the administrator community has labelled the second Tuesday of the month. Internally it’s referred to as Update Tuesday. Totally different. Now, if you want to be technically correct, which is of course the best kind of correct, the term is ‘B’ week. However, there are other weeks: A, C, and D. Thinking back to our Windows 7 releases you’ll see that those preview updates you neglect are released on the ‘C’ week. But what of A and D? What is the plan for Windows 10 previews?
Fewer Words. More Charts!
To understand things like this I find you have to dig into what is actually happening versus what you think is happening or what Microsoft says is happening. To that end here is a chart of the Windows 7 and 10 releases since Jan 2018. It lists the day of the week that the update was released with an asterisk indicating that the update was published to WSUS and thus ConfigMgr. I am making an assumption that Microsoft’s release weeks are based on Tuesday. That might not be correct but using Sunday didn’t fix some of the edge cases either.
|Feb Week D||F*|
|Feb Week C||T*||T||T||T|
|Feb Week B||T*||T*||T*||T*||T*|
|Jan Week D||T*|
|Jan Week C||Th*||T||T||T|
|Jan Week B||T*||T*||T*||T*||T*|
|Dec Week D||W*|
|Dec Week C||W*||W*||W*|
|Dec Week B||T*||T*||T*||T*||T*|
|Dec Week A||W*|
|Nov Week D||T*||T||T||T|
|Nov Week C|
|Nov Week B||T*||T*||T*||T*||T*|
|Oct Week D||W*|
|Oct Week C||Th*||Th||Th|
|Oct Week B||T*||T*||T*||T*||T*|
|Sept Week D||W||W||Released|
|Sept Week C||Th*||Th||M*||M*|
|Sept Week B||T*||T*||T*||T*|
|Aug Week D||Th*||Th||Th||Th|
|Aug Week C|
|Aug Week B||T*||T*||T*||T*|
|Jul Week D||T||T||T|
|Jul Week C||W*||M*||M*||M*|
|Jul Week B||T*||T*||T*||T*|
|Jun Week D||T|
|Jun Week C||Th*||Th||Th|
|Jun Week B||T*||T*||T*||T*|
|Jun Week A||M|
|May Week D||M||W*|
|May Week C||Th*||Th|
|May Week B||T*||T*||T*||T*|
|Apr Week D||M||Released|
|Apr Week C||T*||T|
|Apr Week B||T*||T*||T*|
|Mar Week C||F*||Th||Th|
|Mar Week B||T*||T*||T*|
|Mar Week A||Th*||M*|
|Feb Week D||Th|
|Feb Week C||Th*||Th|
|Feb Week B||T*||T*||T*|
|Jan Week E||W|
|Jan Week D|
|Jan Week C||F*||W||Th|
|Jan Week B||T*||T*|
|Jan Week A||Th*|
M’kay … What Does That Mean?
Spending some time with the above data leads me to a couple of conclusions about the preview releases:
- Windows 7 has a reliable WSUS/ConfigMgr cadence.
- Windows 10 doesn’t.
That of course begs the question: does it matter? I think so but not necessarily because of the updates themselves. The problem, and the reason that I had multiple people reach out to me for clarification, is because the preview releases for Windows 10 are unpredictable and are not flagged in any meaningful way that I can determine. That makes them indistinguishable from out-of-band updates. So here you are trying to be a good administrator and keeping tabs on the update history page when on any given a day a new build may appear without any clear indication of what type it is.
The only way I know of to identify an out-of-band update is to look it up in the Windows Catalog and see if it’s classified as a security or maybe critical update or … you know … see if Twitter or Reddit blows up. Unfortunately, that information is not on the update history pages and you have to go look for it. If you see an update listed on the history pages, it’s not in WSUS/ConfigMgr, and it’s not categorized as a security or critical update in the catalog then you can simply assume that it’s a quality-only Week A, C, D, or sometimes E release that has not been published to WSUS.
Isn’t There a Better Way?
Not that I know of. However, you may be able to do something about it. Recently Microsoft released a post called Getting to know the Windows update history pages. At the bottom of that page is a survey to provide feedback on software update communication. I’d like to humbly suggest you take it and ask that update history pages include the following:
- Update Classification (Critical, Update, Security, etc..)
- Date Released to WSUS (No or To Be Determined is acceptable)
- Prominent indication marking any out-of-band updates (ex. red header)
What If I Want to Deploy Preview Updates?
If you want to deploy the preview updates and have been doing so with Windows 7 then with Windows 10 things are going to get a little weird. There’s no way I can see to select just the preview updates. You also have no idea what week, let alone day, they’ll be released. Heck, they may not be released at all. Which isn’t necessarily a show-stopper. If you want to try releasing these preview updates then I’d recommend developing a weekly (or better) sync and ADR schedule for your pilot boxes. In your ADR select the following:
- Date Released or Revised: Last 1 Week (or whatever your frequency is)
- Product: Windows 10
- Superseded: No
- Update Classification: Updates
However, understand that this might be fruitless. In August of 2018 John Wilcox penned a fine post that I highly recommend reading:
Windows 10 update servicing cadence. In this article we read the following about the Win 10 preview (quality only) releases: “[for] the latest version of Windows 10, we typically release … a ‘D’ release” and “For older versions of Windows 10 … we sometimes release updates during the third week with a ‘C’ release.” John was kind enough to elaborate on Twitter that only ‘D’ week releases are published to WSUS. Taken together then the inference is that only the latest version of Windows 10 (currently 1809) receives a D release that will be published to WSUS. The chart above shows this bearing out in January and February but before that it’s less clear. Regardless, if you are an organization that wants to test the preview releases for older versions you may be simply out of luck if you are using WSUS/ConfigMgr. That’s an unfortunate situation but if you’re big enough to care about such things you can probably handle the extra effort involved to import the updates into WSUS manually. You’re probably also big enough to have a TAM that you can communicate with to say that not publishing Win 10 preview updates to WSUS is dumb. For everyone else … long live WUfB?