Microsoft Windows Update

Microsoft Windows Update is a Microsoft service for the Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. There are two types of Windows updates:

  • Feature Updates (deliver new features, equivalent of new versions of Windows)
  • Quality Updates (monthly bug fixes and security patches)

See Windows 10 release information or Windows 11 release information article for a detailed list of Windows releases.

Feature Updates

Microsoft delivers feature updates for Windows 10 and 11 once a year, in a second half of each year. Most recent feature updates are:

To see which version of Windows 10/11 is installed on your computer:

  1. Click the Start button.
  2. Click on the Settings (gear icon).
  3. Click on System.
  4. Scroll down the list on the left and click on About.
  5. Scroll down to Windows specifications section.

To see which version of MS Office is installed on your computer, please see Related Articles section on the right.

Quality Updates

Quality updates are released more frequently since they are intended to address known performance and security issues. On the second Tuesday of each month, Microsoft releases one cumulative monthly update that supersedes the previous month’s update, containing both security and non-security fixes. We then test it internally for two weeks, and if no issues are found, release it to all managed computers on the fourth Tuesday of each month.

Occasionally, Microsoft can also release out-of-band emergency updates.

For more information on compliance and conditional access policies please see Compliance & Conditional Access.

University-owned Devices

University-owned computers with Windows 10 are joined to Azure Active Directory (AAD) are managed by I.T. Services using Microsoft Intune device management platform. Both quality updates and future updates are no longer managed by the on-premise Windows Software Update Servers (WSUS) as it was the case with AD domain joined machines. These updates are delivered directly from Microsoft.

Device Compliance

Corporate devices must have most recent feature update installed, as well as most recent quality update installed in order to be deemed as compliant. Non-compliant devices will be denied access to some systems and resources when conditional access is enabled.

Windows Update Rings

With Windows 10, Microsoft introduced a concept of Update Rings which is a set of configuration policies you that are assigned to groups of devices. These policies control Windows Update settings on individual devices, such as how soon should the update be installed after it is released by Microsoft, or how much control should the user have over how the update is applied. The timing of Windows updates is being determined by which Windows Update Ring the computer belongs to.

Update Ring / 
Security Group		 Description

0 - Preview Testing

zO365 - Devices - Windows Update Ring 0 - Preview Testing

A few selected machines used by I.T. Services staff and departmental computer technicians to evaluate early builds prior to their arrival to the semi-annual channel.

User of the machine has to enroll it in Microsoft Windows Insider programme to receive updates prior to the official release date.

1 - Departmental Testing

zO365 - Devices - Windows Update Ring 1 - Departmental Testing

Designated devices across all departments and teams used to evaluate the major release prior to broad deployment.

Both feature updates and quality updates will be automatically installed as soon as they are released, unless paused by IT administrator.

Following installation, computer will be rebooted automatically during maintenance hours between 10 pm and 8 am.

2 - Org-wide Roll-out

zO365 - Devices - Windows Corporate Devices

Broadly deployed to most of the organization and monitored for feedback. Distribution of updates to this group can be paused if there are critical issues. By default, all corporate devices are included in this ring, unless they are added to one of the other three groups.

Feature updates will be automatically installed four weeks after their release date, unless paused by IT administrator.

Quality updates  will be automatically installed two weeks after their release date, unless paused by IT administrator.

Following installation, computer will reboot automatically during maintenance hours between 10 pm and 8 am.

3 - Deferred Roll-out

zO365 - Devices - Windows Update Ring 3 - Deferred Roll-out

Devices that are critical and will only receive updates once they've been vetted for a period of time by the majority of the organization.

Feature updates will be automatically installed six months after their release date, unless paused by IT administrator.

Quality updates  will be automatically installed one month after their release date (maximum allowed by Microsoft).

Following installation, computer will reboot automatically during maintenance hours between 10 pm and 8 am.
   

If a problem is discovered while deploying a feature or quality update, the IT administrator can pause the update to prevent other devices from installing it until the issue is mitigated.

Vast majority of devices belong to "Roll-out" ring and should not be moved to "Deferred Roll-out" unless there is a specific valid reason for it.

Personal Devices (BYOD)

I.T Services does not manage Windows Update settings on personal Windows 10/11 computers that are being used to access University systems (BYOD). However, such devices must have most recent feature update installed, as well as most recent quality update installed in order to be deemed as compliant. Non-compliant devices will be denied access to some systems and resources when conditional access is enabled.

Benefits of Staying Current

Keeping computers in our organization current with updates and new features helps protect against threats, improves performance, and ensures we’re using the best available features.

Protect against threats

If your computer doesn’t stay current with the latest updates, it could be more vulnerable to threats like:

  • Ransomware: Where an attacker encrypts our organization’s folders and files, and attempts to extort our organization for access to the files and folders.
  • Exploits: An attacker takes advantage of vulnerabilities in any of our applications and devices, infects and gains access to our organization’s wider environment.
  • Supply chain attacks: An attacker gets access to our organization’s source codes, software build processes, and uses our applications to attack our customers and their devices. Security risks and threats could negatively affect our organization, and in some cases, severely impact our organization financially and reputationally. Keeping our organization current with the latest updates from Microsoft helps secure our organization against risks and threats.

Improve performance

If we don’t stay current, our environment’s various endpoints won’t be able to receive updates that can help improve the quality and performance of the underlying operating system. As a result, our overall environment’s performance could be affected adversely. This in turn can have an effect on the productivity of our organization’s internal users and could ultimately impact our organization’s customers. Staying current helps keep our organization’s systems responsive, and decrease or eliminate downtime. This way, we maintain and improve our organization’s productivity. We’re also helping ensure that customers have more positive experiences with our organization’s services.

Take advantage of the latest improvements and features

Windows gets better and smarter over time. Every feature update release comes with enhancements and capabilities. A single update could include a wide range of improvements and features. For example, it could include:

  • Increased performance and reliability of the operating system and its applications – for example, a recent feature update optimized how instructions are processed by the CPU
  • Improvements to assistive technologies in Windows to help with accessibility
  • Improvements to battery life and power efficiency for PCs with certain processors

Make sure to stay current so you don’t miss out on important features and improvements.

Details

Article ID: 60696
Created
Sat 8/18/18 10:43 AM
Modified
Tue 10/17/23 4:22 PM

Related Articles (4)

Device Compliance - Windows
In order for your work computer to be deemed as compliant, it must meet a number of requirements. Non-compliant devices will not be able to access some of the resources and systems starting in Q4 of 2023.
How to configure Windows 10 settings on a University-owned PC
This article provides instructions on how to properly configure Windows 10 on a University-owned PC.
Upgrading Your Workstation to Windows 11
Windows 11 is the new major version of Microsoft Windows operating system that was released on October 5th, 2021. This article explains how users of University of Windows managed Windows 10 computers will be able to upgrade to Windows 11.
Which version of Microsoft Office do I have installed on my PC?
Steps to follow to determine the version of MS Office currently installed don your computer.