In new guidance first outlined during a session at the company's Ignite conference three weeks ago, Thierry Paquay, a principal group program manager on the Windows Update team, told corporate IT administrators they should transform their update practice -- a process that if adopted would shift older OSes, including Windows 7, to a model very much like the one that Windows 10 will use.
Rather than deploy only security updates, Paquay urged enterprises to also roll out optional updates -- typically one-shot fixes to specific bugs -- as they are released, then back fill with the "rollup" updates Microsoft will regularly issue. Those rollups are collections of dozens or even scores of bug fixes that Microsoft will deliver for older OSes.
"Our recommendation is that you deploy [the optional] hotfixes proactively," said Paquay during a 70-minute talk. He also asked corporations to install the cumulative rollups.
Paquay cited two reasons in asking enterprise IT staffs to change their habits: To help Microsoft, and to help themselves.
Help us..., please
Microsoft already has roped consumers into testing non-security updates by marking them "optional." About 4% of consumer Windows customers -- he characterized them as "experts of some kind" -- manually apply optional updates, resulting in millions of monthly installations that give Microsoft an idea of patch quality and help it resolve problems. (The other 96% rely on a completely-automated Windows Update, which doesn't include optional updates.)
Typically, an update pegged optional is relabeled "recommended" -- meaning it is automatically installed by Windows Update -- a month or so later, once Microsoft has evaluated feedback, made corrections, and given it the green light.
But Microsoft is getting little information on those optional updates from enterprises, which usually ignore them unless they apply to specific problems encountered by the company's PCs or servers. That's what Microsoft has told update managers to do for years: Until recently, the Redmond, Wash. firm has religiously suggested, "Don't apply this hotfix unless you experience this particular problem," in each patch's accompanying advisory.
Paquay wants businesses to "validate" all optional updates -- conduct their normal internal testing, in other words -- then deploy every last one. The reason: To give Microsoft more information, particularly from business-grade machines, about the patch quality so that it can make necessary changes and promote the optional to recommended.
Microsoft will change the language in optional hotfix update advisories to read, "Deploy Hotfixes Proactively," to align with Paquay's plea.
[Note: Paquay did not touch on another tactic Microsoft has used to test patches. That stratagem renames some optional updates as recommended for a subset of its consumer audience. Computerworld experienced that in March when some of its Windows 7 PCs automatically received the then-optional guts of an update-to-Windows-10 "nag" mechanism; the ad campaign update only officially shifted to "recommended" on May 14.]
"We need enterprise feedback," Paquay said. "We don't know what's happening in the IT pro world with those updates, and we need to know. We want feedback to know whether those [updates] are enterprise ready, enterprise quality before we put them 'recommended' in the future."
Help yourselves.... Really, its for you
Microsoft is using two arguments to make its case that rely on self-interest on the part of IT administrators: Optional updates applied proactively can stymie problems before they appear, and piecemeal patching results in a heterogeneous environment that in the end is harder to manage.
"What's bad around [not applying optional updates] is if the problem is data corruption in a database or the file system on the file server, or the problem is a blue screen, or a system hang and happens on a server on a cluster, it's really bad to wait for this to happen," said Paquay. "Then your business suffers."
However, he spent much more time beating the Windows 10-style drum, telling his IT audience that contrary to decades of enterprise practices, they would benefit from having all devices always up to date. That, of course, is the Windows 10 model Microsoft has pushed.
"To simplify your IT process and policy, and make it look very much like Windows 10 will look when it releases into your environment ... having your devices always up to date is the best policy," argued Paquay. "It's the easiest for troubleshooting, it's the easiest when you call us for support."
Rollups, those collections of numerous hotfixes, should also be routinely deployed, urged Paquay, so that the enterprise has a "clean baseline" for a specific OS, such as Windows 7.
Microsoft has even taken to labeling major Windows 8.1 rollups with the same "long-term service branch" (LTSB) name it has used to define Windows 10's most restrictive update channel, one limited to companies running Windows Enterprise, the SKU available only to volume licensing customers who also pay for the Software Assurance (SA) upgrade annuity program. Microsoft applied the LTSB moniker to a November 2014 rollup for Windows 8.1, for instance.
This summer, Microsoft will also issue a Windows 7 rollup, "To get [you] up to speed in one shot," said Paquay, who called it a "convenience rollup" for the post-Service Pack 1 (SP1) world. (Microsoft shipped Windows 7 SP1 back in 2011.) Paquay said he didn't have a firm date for the Windows 7 rollup's release, but his summer timetable was a clue that it will probably appear either before or simultaneously with the launch of Windows 10.
What's in it for us?
Although none of the questions asked in the Ignite session contested the advice -- several people said they were already doing what Paquay asked -- a few comments appended to a blogged summary of the presentation wondered what's in it for them.
"If Microsoft wants IT pros to help you, you need to help us," wrote someone identified as "save patch tuesday" in a comment. "We need fewer patches that require a reboot. When Windows can install patches without rebooting, then you can abandon Patch Tuesday. The strategy to release updates whenever they are available may fly with consumers, but it won't benefit my business desktops and servers!"
Another commenter wanted clearer descriptions of what the optional updates do. "Customers would like Microsoft to fully document all available updates offered. Right now there are too many optional updates that are vague in their descriptions and impact," said "Customers of Microsoft."
Paquay, at least, recognized he's demanding a lot from IT, but defended the new guidance. "I know this is a big ask," he said several times in his talk. "But if you do these things, you will be, in many ways, managing devices and servers in the same way you will when Windows 10 comes to your environment."