Windows 11 24H2 is slowly starting it’s rollout, and you might be wondering if you should update yet. Here’s some high level information to help you decide, control rollout, and be kept up to date with any issues. For those who haven’t needed to keep across how Windows Updates work, you might be wondering what would be difficult about it. Read on and learn :)
The starting point I’d recommend is https://learn.microsoft.com/en-us/windows/release-health/windows11-release-information which will show you Windows Servicing channels:
This will show you what the current Generally Available (GA) version of Windows is (there’s sections for Windows 11, Windows 10, and Windows Server) along with relevant dates. 24H2 has only been GA for a few weeks, which is quite early in it’s cycle. If you’ve overseen the rollout of Windows Updates before, you want to understand and be across any potential issues before even piloting.
Although this has changed a few times over the last few years, right now we see an annual feature update which upgrades the Windows version released in the second half of the year. Each feature update/version has 3 years of support for Enterprise, and 2 years for Home/Pro as you can see in the table above.
To understand currently known issues in a feature update, you can use the same section of Microsoft Learn to jump to the Version 24H2 > Known issues and notifications which is kept up to date with statuses and details:
You can also see this same information in the Microsoft 365 admin center under Health > Windows release health:
The content is the same on both – but I’d suggest going to the Microsoft 365 admin center version to at least turn on ‘Send me email notifications about Windows release health’ which is under the ‘Preferences’ button in the above screenshot. Once enabling, you can decide which versions of Windows you want to be notified of, and to what email addresses it should be sent to.
This will keep you across any new issues that may arise which is always useful information to know when managing a Windows environment.
Assuming you’re now ready to start testing, the rollout process starts with what tool you’re currently using for update management. You could be using:
Native Windows Update unconfigured – this may make sense for small companies that don’t really have any management in place, and you’re at the mercy of when Microsoft’s services decide your devices should receive the update. Microsoft uses a lot of telemetry and device information to make that call, for example if a driver is detected on the device that has a known issue, Windows Update may block or hold back the install.
Feature update methods:
Windows Server Update Services (WSUS) – which despite getting some news lately, will still be around for probably 10+ years. This is the on-premises way of having a central point to download Windows Updates and has many inbuilt controls that let an administrator decide how they want to roll things out, which can either be automated or manual.
Servicing Channels – These options let you choose which channel a device sits in, which by default the General Availability channel. Unless you have a LTSC edition of Windows, your only other option is the Insider Program which will get feature updates ahead of general availability. Might be good to have a VM around enrolled in the Insider Program to get things early and have a play.
Windows Update for Business / Autopatch – these products have recently been joined together, to provide a cloud based way of controlling what updates go to a device.
- Windows Update for Business uses policies (Group Policy/registry/Intune/third party) to set the rules for updates on a device, but still pulls the updates from the cloud (or from other peer devices using Delivery Optimization if enabled). These rules can include items such as
- Autopatch uses Intune, where a policy can be made around feature updates and pointed at managed devices.
Whichever path you use, you should be incorporating Update Rings to stagger any update rollout and avoid any big bang issues from your entire fleet updating overnight and hitting a business-stopping issue.
To find out how your feature update rollout is going, each method has it’s own way of reporting:
Intune has inbuilt reports for feature updates which is the same way Autopatch does it
Windows Update for Business also has it’s own reports which has a few options on how to present, including via the Microsoft 365 admin center Software Updates > Windows area. Alternatively, you can create an Azure workbook.
WSUS has inbuilt reporting options that can be built based on your requirements and can be exported, and supports using APIs if you want to roll your own solution there.
I’ve tried to give a high level overview of what’s involved and considerations on rolling out Windows versions, there’s a lot to it and many points depend on your approach.
Office365Concepts also has a great video on covering Feature Update Policies in Intune and how it fits in the larger picture of updates generally:
I’d also recommend these two articles on the deprecation of WSUS:
https://oofhours.com/2024/09/24/microsoft-deprecated-wsus-should-you-care/
https://www.theregister.com/2024/09/23/microsoft_wsus_deprecation