TL; DR: In an attempt to slow down the pace of the required Windows 10 feature upgrades and to alleviate some of the pain, some enterprises have gone down the slippery slope of skipping every second update release. But while the approach makes sense on paper, unless delivered with great velocity, it potentially exposes a large number of business users in later broad deployment rings to being upgraded only after the to be upgraded version has reached its end-of-life. If this wasn't scary enough, add in the risk of Microsoft delivering the new update later than expected and we have quite a management headache to solve.
(This article is part of an extensive blog series "The Definitive Guide To Windows 10 Servicing".)
Windows 10 is almost three years old, and yet only 13.9% of organizations say they have completed their migration, according to a new Adaptiva study. On the other hand, Gartner's research at the end of 2017 indicated an acceleration in adoption due to the hugely improved security features and advanced cloud capabilities. Now, every organisation that has deployed Windows 10 is facing a new challenge - how to keep the OS updated in line with Microsoft end of life support cycles.
We asked more than 430 IT project managers and executives about the hesitations and the roadblocks they are expecting with Windows 10 Servicing. Unsurprisingly, the second biggest concern was the frequency of updates (29.8%), right after the potential for business disruption (31.6%). The anxiety and apprehension about the fast velocity of change are understandable. In the past, the average Windows OS migration took 18-24 months and now Microsoft expects organizations to do a mini-version of this every six months!
Potential Windows 10 Servicing Strategies
Consequently, a lot of our prospects and customers are rethinking their Windows 10 Servicing strategy at the moment. Basically, they have three options:
- Move the entire estate on every new update as soon as it comes out. This requires a very tightly managed application management and an accelerated rollout process leveraging self-service and automation. We have covered the topic on how to set up an expedited process in a detailed step-by-step description in an earlier post.
- Divide the organization into two segments and upgrade the first segment to version N and the second the N+1, bouncing back and forth. This results in multiple versions to be managed, parallel deployments and requires IT Transformation management tooling that allows you to control numerous projects in a Business-as-Usual environment.
- Skip every second feature update and move the entire organization onto a new version of Windows 10 every 12 months. While this option buys initially more time (18 months), you still end up with multiple versions and parallel deployments most of the time, while having a more extensive migration project to complete in a very short time window.
The advice from Microsoft is to deploy every new release to every machine. But today, I want to take a closer look at these questions: "Can we skip a Windows update?" and "What are the consequences if I only roll out one feature update a year instead of two?".
What Happens If You Skip A Version?
Many organizations will try to opt for skipping one upgrade and structuring their rollout methodology around annual updates rather than running through the process twice a year. In practical terms, this would mean that if, for example, you rolled out 1703, you would skip 1709, and target 1803 for your next upgrade.
Microsoft has responded to the complaints of its customers and recently extended support by 6 months for versions 1511, 1607, 1703, and 1709 for early-adopting enterprise and educational customers. However, don't expect this to become a regular occurrence. Given the significant muscle that Microsoft is putting behind cloud and subscription-based models, I don't expect them to keep extending support on newer versions from 1803.
So what happens if you skip an update on known release dates? Let's assume a regular 18-month support window, there are no delays on the Microsoft side, and that you are following the advised Windows 10 Deployment Ring setup. Your project timeline will look as follows:
(Image Credit: Juriba, Updated February 2018 to reflect new terminology & EOL rules)
Let's assume that you will take seven months in total to test and roll out Version N (in our diagram, version 1803) across your entire organization after its general release into the SAC (Semi-Annual Channel), and this release is first available in April 2018. Remember that your current in-use version (1703) would typically have an end of life in October 2018, so you have 6 months start to finish:
- Windows Insider Preview (prior to the Semi-Annual Channel (SAC) release): Microsoft releases previews of its upcoming new feature release into the Windows Insider Ring. It is a best practice to upgrade a few designated, tech-savvy Windows 10 migration project team resources to evaluate any new functionality and application compatibility issues.
- IT Pilot Ring. After Version N is released into the Semi-Annual Channel (official release date), this release tested as quickly as possible by a few select IT pilot users. This will take about 2 weeks.
- Business User Pilot Ring. In the four weeks after IT pilot testing, feedback and remediation, you broaden your test user base and roll it out to a small group of tech-savvy business users.
- Broader IT Ring. After a successful pilot phase, you are ready to deploy Windows 10 Version N to the friendly wider IT organization. Iron out any wrinkles in your migration process and ensure that your security and privacy is tight enough. Microsoft estimates this should take two weeks. However, for most organizations this would introduce a level of risk and would not be advised. More likely, it will take you about 4 weeks depending on the size of your IT team and your initial pilot phase and the number of applications that will need testing.
- Broader Business User Ring #1, #2, #n. If you are deploying to tens or even hundreds of thousands of end users, you will want to split them into separate deployment rings — each taking usually 2 weeks to complete.
Without the support extension, you will be able to upgrade all business users of the Broad Business User Ring #1 to #4 and some of the second phase (#5 to #8) before regular support for 1703 ends. However, based on our predicted timeline, the majority of your BBU Phase #2 will be upgraded AFTER 1703 has ended its 18-month support timeline (again not taking into account the 6-month extension).
In other words, unless you can deploy very fast and in volume, you could run into significant end-of-support problems for your 1803 upgrade (second upgrade cycle) given a regular 18-month support cycle. Potentially having thousands of users on an unsupported OS is a serious concern for organizations that bought into Windows 10 because of its increased security.
What Happens If Microsoft Runs Late?
Now, if this isn't scary enough, let me add another thought: What if Microsoft runs late?
Since its initial release, Windows 10 versions have seen several delays — some over a month long. For example, the Fall Creators Update (version 1709) wasn't released until mid-October and the April 2018 Update (Version 1803 or "Redstone 4") was supposed to be delivered on April 10th, 2018 but came out on April 30th after a major bug halted its availability.
Now, if you shift this timeline one month back, you are really in hot water to migrate as fast as you can. In this scenario, the second Broad Business User deployment phase would not even have started yet, and this is the model scenario assuming everything on your end goes according to plan and runs smoothly. Of course, we have now seen Microsoft move end-of-life dates back for several versions now — but moving targets are not something we should rely upon!