On the future of Windows 10’s feature releases

Over the years, Microsoft has made a lot of changes in how Windows updates work as a result of the feedback from users. However, it has not made changes in the process that affects nearly all of us: the installation of twice-yearly feature releases. It still rolls out a release every six months — whether we want them or not. These feature releases are disruptive; I personally have to fix PDF printers for QuickBooks that get removed by the feature update and keep an eye on my workstations for other side effects. This twice-a-year process is tiring and because many of the security features and enhancements are only available with certain licensing models of Windows 10, such as Enterprise or Microsoft 365 E5, many users (including myself) do not see these new security features rolled out with each release.

All too often, I see people report that “a patch caused my printers to fail.”  After asking for more information, I realize that the “patch” was actually one of the semi-annual feature releases. This blurring of the impact of monthly security updates and semi-annual feature releases prompts many to request information on how to stop the updating process. It’s not good when impactful feature releases cause users to fear the updating process.

The other day, I spotted a post in the Answers forum, that if true, is concerning: “I contacted the Dell customer support and thanks to them that I could restore my system,” the user wrote. “They advised me not to update my laptop till 2021 Feb., as there are serious bug[s] with the latest updates.”

How many times have I seen my own Surface device get a feature release offered up after my Lenovo laptop because of a blocking condition due to a driver. On a regular basis, I am asked whether it’s time to upgrade to Windows 10 2004 or even 20H2 and I look at the pending issues with concern (on top of anecdotal stories from IT admins and consultants who recommend staying on 1909). Microsoft just fixed the Thunderbolt SSD issue that was causing blue screens of death in the Nov. 30 preview update of KB4586853. (Many didn’t expect this would be fixed until next year.) And yet, there are still concerning issues with the 2004 and 20H2 releases.

Often, I see antivirus and security solutions that have not yet certified 20H2 for their platforms. For example, Sophos expects to soon certify its SafeGuard Enterprise as ready to be installed during an in-place upgrade even as Bitlocker is enabled on the device. McAfee also provides a rundown of known issues when upgrading between versions. Generally speaking, my rule of thumb for using antivirus software is to stay with Microsoft Defender if you receive or install feature updates soon after they’re released. If you use any other third-party antivirus, I recommend that you stay on older feature releases for at least several months after the latest version’s release. (FYI: A block is still in place for administrators who normally rename the admin account in their deployment process.)

Microsoft has provided a way to bypass any block it has in place by using a new group-policy setting. In Group Policy, go to Computer configuration>Administrative Templates>Windows Components, then Windows Update, then Windows Update for Business. Find the “Disable safeguards for Feature Updates” setting. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update.

Copyright © 2020 IDG Communications, Inc.

Source link