With the Windows 10 1909 release, Microsoft announced that System Center Configuration Manager (SCCM) and the Microsoft Intune mobile management service will be combined under the name of Microsoft Endpoint Manager. It might be time to revisit how you control updating in Windows 10 and what you use to do it.
Firms rolling out Windows 10 are deciding whether to use Windows Software Update Services (WSUS) or just rely on the settings of Windows Update for Business (a series of Group Policy settings) to control when and how updates are installed. With Office 2019, the need to control Office updates lessens because Office 2019 relies on click-to-run technology. Thus, Office updates are deployed differently from Windows updates. In fact, most users won’t see Office updates being installed and instead be prompted to close and reopen Office as needed.
Windows 10, however, still needs update control. Most prudent businesses still set up testbeds and deploy updates after they are deemed acceptable. If you wait at least a week, any major issues will usually be identified.
Recently a UK National Cyber Security Centre (NCSC) blog post caught my eye. In it they detail how they control updating Windows 10 and it doesn’t include WSUS. They don’t have a traditional workstation/domain infrastructure and thus the choice of Windows Software Update Services was not an option.