Windows 10 and 11 perform system updates differently from previous Windows versions, replacing the major service packs released every few years with semiannual feature updates. The Windows Update process is automated by default for the typical Windows user, but network administrators can still intervene in the process for testing update releases before they are generally deployed.
Microsoft provides the following tools for the administration of updates:
- Windows Update for Business This free cloud-based service enables administrators to defer, schedule, and pause update deployments to specific workstations. Administrators can use the service to allow the installation of updates on designated test systems only and then deploy the updates later if no problems arise. Administrators can pause their deployments indefinitely if there are problems with particular updates.
- Windows Server Update Service (WSUS) This free, downloadable service enables administrators to manage system updates internally by downloading releases to a WSUS server as they become available, testing them as needed, and then deploying them to workstations on a specific schedule. WSUS enables administrators to exercise complete control over the update deployment process. Also, it reduces the update’s Internet bandwidth used by downloading releases only once and then distributing them using the internal network. Administrators can install multiple WSUS servers and distribute update preferences and release schedules among them, making the system highly scalable.
While administrators can use these tools to manage updates on workstations running any version of Windows, there are additional enhancements for Windows 11 Enterprise workstations, including its manageability with the Desktop Analytics tool.
Desktop Analytics is an enhanced service incorporating all the upgrade compatibility and monitoring functionality of Windows Analytics, along with deeper integration into the Microsoft management tools, such as Configuration Manager, and a “single pane of glass” interface that provides administrators with a comprehensive view of the Windows 11 and Microsoft 365 update status.
Some of the update monitoring functions supported by Desktop Analytics are as follows:
- Upgrade Readiness Desktop Analytics collects information about Windows, Microsoft 365, and other applications and drivers and analyzes it to identify any compatibility issues that might interfere with an upgrade.
- Update Compliance Desktop Analytics gathers Windows 11 information about the progress of operating system update deployments, as well as Windows Defender Antivirus signature and result data, Windows Update for Business configuration settings, and Delivery Optimization usage data. After analyzing the information, Desktop Analytics reports any update compliance issues that might need administrative attention.
- Device Health A Desktop Analytics solution that uses the enhanced diagnostic data generated by Windows 11 to identify devices and drivers causing regular crashes. The tool also provides potential remediations, such as alternative driver versions or application replacements.
Note Windows Analytics Becomes Desktop Analytics
Upgrade Readiness, Update Compliance, and Device Health are all part of the Windows Analytics tool in Microsoft Azure, which was retired in 2020. Desktop Analytics is an enhanced version of the tool that integrates with SCCM and provides these same functions for Windows 11 Enterprise workstations.
Management
Microsoft 365 provides many enhancements to the enterprise management environment, enabling administrators to simplify deploying and configuring Windows 11 Enterprise workstations. One of the primary objectives of Microsoft 365 is to automate many of the routine tasks that occupy a great deal of an administrator’s time.
- Windows Autopilot This is a cloud-based feature designed to simplify and automate deploying Windows 11 workstations on an enterprise network. Instead of having to create and maintain images and drivers for every computer model, Autopilot uses cloud-based settings and policies to reconfigure the OEM-installed operating system into a user-ready workstation, even installing applications and applying a new product key to transform Windows 11 Pro to the Windows 11 Enterprise edition.
- Microsoft Application Virtualization (App-V) This enables Windows workstations to access Win32 applications that are actually running on servers instead of local disks. Administrators must install the App-V server components and publish the desired applications. A client component is also necessary, and Windows 11 Enterprise includes the App-V client by default, so no additional installation is necessary. However, the client has to be activated; administrators can activate clients using either Group Policy settings or the Enable-App cmdlet in Windows PowerShell.