Microsoft is changing the way it does Windows 10 feature updates, and that will affect how you schedule update deferrals. Here's what you need to know. Credit: IDG Communications In May, Microsoft is expected to release the next Windows 10 feature update, known as 1903. I’m getting ready for it by making sure I have the downloads and deferrals in place so I can install it when I want to install it. Changes that Microsoft is making regarding feature release dates might mean rethinking how you manage update deferrals.While I’m a fan of Microsoft’s Windows 10 “Windows as a service” process that eliminates waiting for massive service packs, I don’t want to leave it to Microsoft to deem my systems ready for the update release. Microsoft should be commended for making necessary adjustments to deferrals and support windows, but it is confusing to keep track of feature update releases, their issues and what third-party programs they don’t support.Recently, Microsoft has been providing more information about blocking issues that impact the roll out of feature releases. With Windows 10 1809, you can track the blocking issues at KB4464619. You’ll want to review the additional information you can obtain at all the Windows 10 update history pages as noted in this blog.If you’ve been waiting until Microsoft declares a feature release “ready for business,” be aware that with the upcoming 1903 release Microsoft will no longer use the Semi-Annual Channel Targeted (SAC-T) or Semi-Annual Channel (SAC) designations. SAC-T indicated an early-stage feature release. When Microsoft deemed that vendor support was broad enough, they declared the release SAC. If you had set your deferral settings to install feature releases after they were declared SAC, then the Microsoft update offered them to your machines if Windows Server Update Service (WSUS), System Center Configuration Manager (SCCM) or a third-party patching tools did not manage your updates. As recently announced, Microsoft will no longer use the SAC-T and SAC designations. Instead, there will be one release date starting with 1903, and you can set deferrals from that date forward if you use Windows Update for business settings to defer feature releases. Susan BradleyRevised Windows 10 deferral GUI after the 1903 updateI use the deferral settings to push off the update and then install the feature release using a silent scripting process. I find this more efficient as I set the exact date that the feature release will be installed. By that time, I’ve done my testing and ensured my vendor support is valid. It also gives me the ability to set a specific maintenance window for the installation and I can communicate to users that the upgrade will take place. Here’s what I’m doing in anticipation of the imminent release of 1903 for Windows 10 coming up in May.Review feature release deferral settings. I never install feature releases when they initially come out on production machines. I first ensure that I either have a deferral setting in place using WSUS, SCCM or a third-party patching tool that allows me to push off updates to a time when they are efficient for my firm. Ensure that I have an ISO download of the current feature release and the one previous parked on a network location or on a flash drive. Before 1903 comes out, I’ve made sure I have downloaded the 1809 ISO from the Microsoft media site. This is key if you are firm without a volume license agreement. Those with VL agreements can download any version of Windows 10. Those without VLs must make sure they have an ISO from the media download site. Use scripting to silently install the Windows 10 update on machines that are networked. I download and extract the media from the media site, extract the ISO and then use various scripts. For example, you can call Setup.exe with silent switch (/auto upgrade /quiet). You can use H:setup.exe /auto upgrade /quiet. This ensures that the install won’t wait for a user to log in to complete the install. You can even use scripts with product keys to do in-place upgrades from the command line.You may wish to check out new ways to deploy and restore including Windows Autopilot, which is Microsoft’s preferred method to deploy systems. For more information and community guidance, Microsoft has a Reddit subthread on the topic.Bottom line: Take action now before 1903 is released to set the deferral setting in Group Policy or via registry settings. Related content news Okta launches Cybersecurity Workforce Development Initiative New philanthropic and educational grants aim to advance inclusive pathways into cybersecurity and technology careers. By Michael Hill Oct 04, 2023 3 mins IT Skills IT Skills IT Skills news New critical AI vulnerabilities in TorchServe put thousands of AI models at risk The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said. By Shweta Sharma Oct 04, 2023 4 mins Vulnerabilities news ChatGPT “not a reliable” tool for detecting vulnerabilities in developed code NCC Group report claims machine learning models show strong promise in detecting novel zero-day attacks. By Michael Hill Oct 04, 2023 3 mins DevSecOps Generative AI Vulnerabilities news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe