As indicated in a previous post, we are making changes to WSUS 4.0 and later that will provide a smoother Windows 10 servicing experience. Because WSUS 3.0 SP2 is already in extended support (receiving no support at all after January 2020), and we are not shipping these improvements further down-level, it is a good idea to start planning your WSUS migration now. Here is some guidance on how to respond to the recent changes based on your current situation, with the assumption that you intend to deploy Windows 10 in your environment.
WSUS 3.0 SP2 standalone
For this scenario, Microsoft recommends setting up a new WS12R2 or (depending on when you deploy) WS16 server with WSUS and migrate your existing SUSDB to it. For those unfamiliar, this is supported: TechNet has guidance on how to perform a WSUS migration. Making this investment ensures that your environment will be capable of taking advantage of all the Windows 10 servicing improvements coming to WSUS in future updates.
WSUS 3.0 SP2 with Configuration Manager
The operative question is whether you want to deploy feature upgrades via WSUS instead of using task sequences, MDT, or other media-based deployment tools. If you need this functionality, then Microsoft recommends migrating to a newer WSUS platform, same as for the standalone scenario. If you intend to rely on media-based deployment for your upgrades, then you could continue using your setup as it is today; however, please be aware that any difficulties you experience with using WSUS 3.0 SP2 for Windows 10 servicing might not be addressed, and that hotfixes cannot be requested for this product.
SBS 2008 and SBS 2011 (which uses WSUS 3.0 SP2)
Here the recommendation is slightly different. If you have need of third-party software update management, then investigating your options to migrate your WSUS deployment to a member server running Windows Server 2012 or later will prepare your environment for the best Windows 10 servicing experience. If you do not require third-party software updates to be distributed via WSUS, then you might consider configuring your Group Policy settings to let Windows Update for Business manage your Windows 10 updates instead. This solution is ideal for administrators that want minimal daily complexity because it can provide a mostly hands-off experience after initial configuration, and it makes staying current with the latest Windows 10 builds and cumulative updates significantly easier.
Our story for how we support the new servicing model in existing tools will continue to improve in subsequent releases through additional features that support key scenarios. During this time, WSUS 3.0 SP2 will remain in the old servicing model. Technically, it can provide minimal Windows 10 update support (i.e., sync and distribute security updates), but the experience is less than ideal. As an example, the Windows 10 machines will display as “Windows Vista” for those remaining on WSUS 3.0 SP2.
As we move forward, we will continue to update existing guidance and provide recommended best practices for smoother navigation through our new servicing model.