IMPORTANT ANNOUNCEMENT FOR OUR READERS!
AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at https://techcommunity.microsoft.com). Please bear with us while we are still under construction!
We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either https://aka.ms/askpfeplat as you do today, or at our new site https://aka.ms/CISTechComm. Please feel free to update your bookmarks accordingly!
Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.
If you have never visited the TechCommunity site, it can be found at https://techcommunity.microsoft.com. On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.
NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at https://aka.ms/PFETechComm!
As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!
Greetings and salutations! Hilde here to chat a bit about Windows as a Service (WaaS) and the “Branch” concept in Windows 10 … and vent windows.
However, before we get into today’s discussion, I have to ask if you are as crazy-excited as I am to be in IT these days?
I realize the rapid pace of change in IT and technology can be a bit dizzying but we are living and working in exciting times! New products, features and functionality are popping off like the end-of-day fireworks show at Epcot in Disneyworld.
A few of my favorite recent fireworks:
- Azure AD Domain Services – many have asked for something like this … and here it is. Hosting full DCs in Azure as a managed service. https://azure.microsoft.com/en-us/services/active-directory-ds/
- Surface Book laptop – many have asked for this, too – http://www.microsoft.com/surface/en-us/devices/surface-book
- As a photo-buff who rarely gets out the big-ol’ DSLR anymore (I shoot Canon), the details about the camera in the new Lumia phones is cool – http://blogs.windows.com/devices/2015/10/15/camera-magic-on-microsoft-lumia-950-and-lumia-950-xl/
Now, on with the show…
Windows as a Service (WaaS)
“Windows as a Service” is a phrase you’ve likely heard but one which may be vague – I know it was for me.
In my mind, Windows as a Service is simply the name for the new model of rolling out steady, predictable updates, features and functionality to the Windows 10 OS instead of monolithic version changes.
The main idea of WaaS is continual, on-going OS innovation on a given device over time.
In order to have on-going improvements rolling out to Windows but still provide control, we introduced the idea of OS branches. These are OS instances at certain points along the Windows as a Service continuum (not to be confused with the awesome transition experience for Windows 10 code named ‘Continuum’ – https://youtu.be/-oi1B9fjVs4). The branch concept allows throttling/testing/piloting the forward-march that is “Windows as a Service.”
Let's explore this from the view of a new feature making its way into Windows. Any given feature starts off with the Windows OS team inside Microsoft. Those folks get to “play in the sand” and turn a cool idea into reality. If a given feature gets enough traction there, it could be added to an internal build that the broader OS team tests out. If things go well there, the feature could see the light of further testing among an even broader group of internal employees at Microsoft who’ve elected to be testers (you may have heard the term ‘dogfooding’? – I’m actually writing this blog post on a future build of Windows 10).
Next up on the “path to enlightenment” for a given feature would be inclusion in a “Windows Insider” build (aka a Windows Insider 'branch'). Windows Insiders is a small club (ok – it’s actually millions of people) that is open to a select few (ok – it’s open to anyone). A feature in the Windows Insider branch gets exposure/testing/feedback at a global scale. If you haven’t already, consider joining the Insider program and providing feedback – the OS team actively looks at that data. https://insider.windows.com/
To this point, the feature is still less-than-fully-baked but it has been vetted quite a bit by a variety of users/devices/scenarios.
If everything lines up for that feature and the decision is made to release it to the world, it will be added to the initial general public “branch” – called the “Current Branch.”
- The Current Branch (also known as CB) is the broadly deployed branch of Windows 10 aimed at consumers.
- Those new features and updates that make the cut for release are rolled out to this branch first.
- For critical security updates and fixes (also known as “Servicing Updates”), the timing of these releases will still be the familiar 2nd Tuesday of each month.
- For new feature hotness, (also known as “Feature Upgrades”) the expected cadence is every few months but that may vary.
- The Current Branch has all the bells and whistles of the given version of Windows such as both IE and Edge browsers, Store apps, etc
Current Branch for Business
- Next up, is the Current Branch for Business (also known as CBB). This is the same OS as the Current Branch but the Feature Upgrade cadence is aimed at – you guessed it – business users.
- The same critical security updates and fixes (also known as “Servicing Updates”) released for CB are applicable to the CBB (which – as mentioned above – are released on the familiar 2nd Tuesday of each month).
- The new feature/functionality upgrades, though, will be deployed to CBB systems on a later schedule, months after Current Branch systems received them.
- This can be from 4-12 months after they were released to the CB, depending on how they are deployed
- Windows Update-connected CBB systems will defer the updates for 4 months
- SCCM or other managed CBB systems can defer up to 12 months
- The Current Branch for Business has all the bells and whistles of the given version of Windows such as both IE and Edge browsers, Store apps, etc
How to Set Current Branch or Current Branch for Business
- It is a simple affair to move from CB > CBB via Windows Update settings (managed via direct UI, registry, GPO, MDM):
Now, I can hear some IT admins wondering out loud … “We don’t want to be adding features to our client OS every few months. Can we ‘opt out’ of the new hotness?”
Without delay, I will tell you that Microsoft does indeed provide the flexibility for you to opt out of the new hotness. Read on, though, as I’ll ask you to (re)consider how you’ve always done things and some of the pros/cons to opting out.
Long Term Servicing Branch
- The Long Term Servicing Branch version of Windows 10 (also known as the LTSB) is actually a different OS SKU than the CB/CBB and it is intended for mission-critical systems (i.e. cash registers, health care systems, air traffic control, etc) where “set it and forget it” is a requirement.
- The critical security updates and fixes (also known as “Servicing Updates”) which release on the familiar 2nd Tuesday of each month are applicable to the LTSB, just as they are to the CB and CBB.
- The new feature/functionality upgrades, though, will not be deployable to an LTSB OS until the next version of an LTSB is released (anywhere from 3-5+ years is the current expectation, which may vary).
- The LTSB version of Windows 10 does NOT have all the bells and whistles of the given version of Windows – it only has IE (no Edge); it doesn’t have the Store apps/support; etc.
Again, I can hear some IT admins saying “This LTSB thing sounds like precisely what I want for my end-users!”
To that, I ask "does anyone remember vent windows on cars?" The triangle wedge windows you could open/flip to let in the cool breeze as you cruised down Route 66? As you all may know from reading my posts, I tend to reminisce. The funny thing about reminiscing, though, is it’s not always accurate. It’s not hot in my memory. It’s not humid as I recall the cruising. I don’t remember almost swerving off the road (or into on-coming traffic) as I leaned over, reaching to open the passenger-side vent window while driving. Bugs aren’t in my remembrance. Rain? Hm … I don’t recall the rainy days. Or the foggy windshields. Or the frigid nights with the vent windows open, making my nose run, while the heater melted my shoes.
Enter AC. I am a HUGE fan of AC and I feel that whoever invented it should be granted a Nobel Peace Prize or a star on the Hollywood Walk of Fame. In hindsight, I really don’t miss those vent windows and I really love AC.
My point is that even I – sometimes the staunchest curmudgeon – can see the benefits of new choices, options and flexibility.
As I said, I am going to ask you to consider a few pros/cons of CBB and LTSB and I think you may come to the same conclusion I reached: That the CBB is actually the better choice for most end-user systems in business.
- LTSB is available to customers who have purchased a collection of benefits, services and features from Microsoft called “Software Assurance.”
- LTSB is a separate Windows 10 Enterprise OS SKU – it is different source media, WIM file, etc from CB/CBB. You’ll need to create and manage an LTSB-specific build.
- LTSB is somewhat feature-restricted out of the box and will remain so until the next LTSB is updated/released (which will likely be multiple years).
- This may sound attractive but if you think about how quickly expectations of business users change and how quickly the feature-set of Windows will expand given the Windows as a Service model, I would caution you against painting yourself (and your business users) into a corner – the only way from LTSB back to CB/CBB is a re-install of Windows
- On a good note, though, you can do in-place upgrades from one LTSB to the next. For example, you can go from LTSB 6 > LTSB 7 or to 8 (skipping 7). Recall, though, the interval between LTSBs will likely be years apart.
- As mentioned before, with CBB, you can delay or ‘defer’ the Feature Upgrades for up to 12 months if you’re using SCCM or another 3rd party tool to manage and deploy updates in your environment.
- This option provides the most flexibility – you can continue to choose when to deploy the Servicing Updates, as well as separately decide when to deploy the Feature Upgrades.
- With LTSB, you are constrained from any new features until the next LTSB (certainly appropriate for some systems, but I’d argue, not most).
- With CB/CBB, if a certain feature is released that your business users want or key applications require, you’ll have the flexibility to deploy it – when you’re ready.
Don’t get me wrong – I really like the flexibility we provide and I totally see the need for LTSB (which is why we made it) but for business end-users, in my mind, CBB is where you want to be.
See this excellent TechNet link for much more detail – https://technet.microsoft.com/en-us/library/mt598226%28v=vs.85%29.aspx
In the meantime, see ya out on Route 66 … look out for the swerving car with the vent windows open, and the bald guy inside, coughing on bugs and sweating profusely.