It’s a classic anxiety dream: You’re in math class. You didn’t study for the test. You watch as the professor scratches out what appear to be hieroglyphics on the chalkboard, and you have absolutely no idea how all those symbols and variables fit together. And then she calls on you.
That’s how I felt last week as I tried to make sense of what’s going on with Microsoft’s rules for deferring updates in Windows 10.
The procedures for deferring updates used to be simple arithmetic (defer all feature updates x days, and defer all quality updates y days). That’s still true of the monthly quality updates that arrive on Patch Tuesday, but unfortunately the formula for feature updates now feels more like differential calculus.
When will you get a new feature update? Before you can solve that problem, you need to calculate several variables. Let’s go through the list.
WHICH EDITION OF WINDOWS 10 ARE YOU RUNNING?
This is the most important variable of all.
As it has since the dawn of the Windows 10 era, Microsoft reserves its full set of update management features for business editions. And in a relatively new wrinkle, the end-of-service date (the date when Microsoft stops supplying updates for a version) has a major impact on when feature updates are automatically installed.
- Home You can’t automatically defer any updates, but you can pause all updates for up to 35 days. On versions that have not yet reached their end-of-service date, feature updates are offered but are not installed automatically.
- Pro Paying for the upgrade to Pro edition (and the relatively new and extremely rare Pro for Workstations edition) unlocks a handful of business-related features, including the ability to set deferral policies for both quality updates and feature updates. You can set these Windows Update for Business policies using the Windows 10 Settings app or by applying Group Policy.
- Enterprise or Education These editions offer the same tools for managing updates as Windows 10 Pro. The major difference that’s relevant to this discussion is a longer servicing support schedule: up to 36 months for some versions, compared to a fixed 18-month servicing support period for Home and Pro editions.
To check which edition is running on the current system, click Start, type settings:about in the search box, and press Enter. That opens the Settings > System > About page, where you’ll find your Windows edition and version number under the Windows Specifications heading. Make a note of that version information; you’ll need it in the next section.
WHICH VERSION OF WINDOWS 10 ARE YOU RUNNING?
In the “Windows as a Service” era, Microsoft releases a new version of Windows 10 every six months. The major version, corresponding to each one of those semi-annual feature updates, is expressed as a four-digit number in the format yymm. That number indicates the year and month in which the current version was finalized.
The version number is important because it allows you to look up the end-of-service date using the table on the Windows 10 Release Information dashboard.
If you’re running version 1709 or earlier on Windows 10 Home or Pro, your version has reached its End of Service date. Version 1803 (the April 2018 Update) will reach its end of service date on November 12, 2019.
Starting in June 2019, Microsoft says, it will begin automatically updating PCs running versions 1803 or earlier to the new version. The company has not supplied any details about how it will determine which devices get updated except to say that it will use a “machine learning (ML)-based rollout process several months in advance of the end of service date.”
Enterprise and Education editions use a different servicing schedule, with support for some versions lasting 30 months instead of 18. Because of these longer servicing periods, versions as old as 1703 are still supported with updates. Administrators can use Windows Update for Business and Group Policy to defer feature updates for up to 365 days; to defer feature updates longer than that, you’ll need enterprise management tools like Windows Server Update Services.
WHAT SERVICING CHANNEL IS YOUR MACHINE CONFIGURED FOR?
Ha! This one’s a trick question. As of version 1903, Windows 10 has one and only one servicing channel, called the Semi-Annual Channel. That change was announced in February 2019 in a post on the Windows IT Pro Blog: “Windows Update for Business and the retirement of SAC-T.”
Previously, Windows 10 was delivered in two phases, one for consumers and small businesses and the second, a few months later, for wide deployment by businesses. In the beginning, these two phases were called the Current Branch and the Current Branch for Business. Those names were later changed to the confusing Semi-Annual Channel (Targeted), followed by the Semi-Annual Channel.
If you used Windows Update for Business to assign a machine to the second branch/channel and you assigned deferral dates to those updates, the deferral period didn’t begin until Microsoft declared a release ready for widespread deployment by businesses.
That setting will no longer be available as of version 1903. On PCs running earlier versions, Microsoft is automatically adding 60 days to the deferral period for devices that were assigned to the Semi-Annual Channel. But that’s a one-time exception.
CONFUSED YET? LET’S REVIEW…
On a PC running Windows 10 Home or Pro, version 1803 or earlier, the version 1903 update will arrive sometime soon, and you won’t be able to delay it.
If you’re currently running version 1809, any edition, you can skip version 1903 by ignoring its entry in Windows Update.
On a PC running the Pro, Enterprise, or Education editions of Windows 10 version 1809, you can prevent the version 1903 Update from being offered by using Windows Update for Business to assign a deferral period of up to 365 days. That clock started ticking on May 21, 2019, with the public release of Windows 10 version 1903. If you also assigned the device to the Semi-Annual Channel, the start date is July 20, 2019.
WHAT HAPPENS WHEN UPDATE DEFERRAL POLICIES COLLIDE WITH END-OF-SERVICE DATES?
Well, that’s the billion-dollar question, isn’t it?
Microsoft has made major revisions to its update policies for enterprise customers, and the company is being characteristically opaque with the details of those policies, scattering clues throughout various blog posts. After meditating deeply on those blog posts and then engaging in several rounds of Q&A with Microsoft managers responsible for those policies, I think I finally have it figured out.
The big takeaway is that end-of-service dates trump deferral policies. If you configure PCs in your organization for the maximum deferral period of 365 days, you run the very real risk that those devices will reach end of service before the deferral period ends.
That situation gets worse for PCs running Windows 10 versions 1803 and 1809 that are configured for the Semi-Annual Channel with a deferral period of 365 days for feature updates. In both cases, those devices would reach the end-of-service date (and be forcibly updated) months before the deferral period ended.
In an obscure recent blog post, Microsoft has acknowledged that this is an issue for administrators to be concerned about:
For devices with branch readiness set to SAC, we recommend a feature update deferral be configured to no more than 180 days, which would ensure that devices under your management will always be in service. In the future, we will make changes to Windows Update for Business to safeguard against the condition where an extended deferral can result in devices reaching end of service.
Of course, that’s not a problem for administrators who’ve standardized on the Enterprise or Education editions of Windows 10 and who have deployed the H2 (second half of the year) releases. Because those releases have a 30-month servicing lifecycle, admins can safely defer updates for up to two years.
What’s maddening about all these changes is that there’s no central hub of information accessible from an easy to find link. If you’re too busy to read every post on the Windows IT Pro Blog, you probably missed the flashing red signals that a change in update policy is afoot.
And, of course, there’s absolutely no way to determine when Microsoft’s update servers will target your specific device. All you know is that once the deferral period has ended or the end-of-service date is near, you’re at risk of receiving a feature update when you least expect it.
But at least you don’t have to worry that you’re going to be called to the front of the class to solve that problem you totally forgot to study for.