With Microsoft Windows 10, Microsoft introduced Windows as a service, stating it will simplify the lives of IT pros and maintain a consistent Windows experience for its customers who use Windows 10 and later. With these changes come new considerations for managing your Windows updates. To better understand these methodologies, see the Microsoft articles on Deployment Rings and Servicing Channels.
Patch Management does not support any Windows Home editions.
Windows as a Service patching concepts
Beginning in October 2016, Microsoft began releasing cumulative updates, a concept that deploys a single update containing all updates that in the past were delivered as separate KBs. This ensures more consistent patch delivery and system security, as well as feature parity within the Windows 10 and later environments worldwide.
The following patch types are released monthly:
- Security-Only updates, a single patch that includes all security patches for this month. These patches are released via WSUS and the SCCM. They are not available via Windows Update. They provide value to enterprises that require security, but do not wish to adopt new features. These are non-cumulative updates. When leveraging Security-only updates rather than Monthly Rollups, each month’s update must be installed to remain fully patched and secure. These patches are released under the Security classification.
- Monthly Quality Rollup updates, a cumulative monthly patch released to WSUS, SCCMand Windows Update. If a patch is missed, installing the next month’s patch will bring the system fully up to date of all Security and Feature Updates. When installing the Monthly Quality Rollups, Security-Only updates are no longer necessary. We have seen these patches released under Critical, Security or Updates classification.
- Preview Monthly Quality Rollup updates, a cumulative monthly patch released to WSUS, SCCMand Windows Update. This patch includes new non-security fixes and features for the upcoming month’s Monthly Quality Rollup update. These updates are released under the Updates classification.
- Windows Feature upgrades, released twice per year, provide OS upgrades and new features. Unlike previous models of releasing Service Packs, or completely new Operating Systems, Microsoft is now releasing Upgrades directly via WSUS, SCCM and Windows Update. Although these updates are large, this has the benefit of simplifying seamless delivery of new features to devices. These updates are released under the Upgrades classification.
Out-of-band fixes are also released on a need basis for recently-identified issues or vulnerabilities.
N-able N-central leverages Windows Update’s APIs and Windows Update Agent to retrieve lists of necessary Microsoft patches for devices, as well as installation/removal purposes. Relying on these components ensures product stability and robustness by leveraging Microsoft certified applications to complete patch delivery and security. This also ensures compatibility with future OS updates and third party components.
N-able N-central fully supports the approval and scheduled installation of Security-Only, Monthly Quality Rollups, Monthly Preview Rollups and Windows Feature Upgrades.
With Patch Management enabled, N-able N-central will set Windows Update in administration mode, giving you complete control of patches available for your current Windows 10 and later versions during its lifecycle.
Microsoft has not released Security-Only updates via Windows Update, yet N-able is committed to offer the most compelling RMM technology available. N-able N-central has been updated to pull Security-Only information directly from the Microsoft Catalog, to allow our partners full flexibility in their patch and security delivery.
N-able N-central supports patch supersedence. In addition, Microsoft has omitted patch supersedence data from Security-Only updates and Monthly Preview Rollups. N-able has enhanced its engine to create appropriate relationships between these patches to ensure simplified and accurate reporting to your customers.
N-able N-central supports the deployment and installation of Windows Feature Updates, released twice per year. Microsoft having simplified the release of OS Upgrades via Windows Update, puts the IT Pros in the driver’s seat, leveraging simple and efficient, automated scheduled deployments of Windows Feature Updates. N-able N-central enables you to easily control deployment of the latest Windows Feature Update available to your current operating system. It is recommended that Windows Feature Updates be applied before the end of their lifecycle, otherwise Microsoft may eventually install updates depending on the servicing channel and patch deferment options in place.
The ability to defer updates is restricted to Windows 10 and later Pro, Enterprise and Business devices only. Windows Home users will receive updates as they become available via Windows Update and are not supported by N-able N-central Patch Manager.
N-able strives to remain at the forefront of RMM patch management technology, embracing new concepts, delivering functional and efficient patch automation while adopting and adapting to new trends as quickly as possible.