WUfB has four main settings in Group Policy. Let's explore both sides and explore why you may want to stick with your current WSUS setup or decide to jump to WUfB and shut down those servers. If you're trying to go to the cloud as much as possible - that includes using cloud-based management tools such as Intune - then the choice is WUfB, unless you decide to run WSUS on an Azure VM. When it comes to patching Windows machines, should you stick with WSUS - and Endpoint Manager for updates, which requires WSUS - or should you move to WUfB? WUfB is free for managing all premium editions of Windows 10.
The controls WUfB provides are fairly minimal, but that might be enough for some administrators who prefer not to handle Windows Updates on a regular basis. You control those registry settings with a management tool, such as Intune or Group Policy, or through other methods to modify registry settings, including a script.
Windows Update for Business (WUfB) is just a few registry settings on a PC to provide a few extra rules for the client to connect to the public Windows Update service. These feature updates also include all preceding quality updates, which are the monthly security updates and bug corrections. To further complicate the update process, Microsoft releases two feature updates for Windows 10 each year - one in the spring and another in the fall - that introduce new features.
Microsoft switched to a cumulative update model in late 2016 that removed the ability to pick and choose which updates to install by releasing multiple patches into a single large update. While we're seeing better stability from the monthly updates, administrators have less control over the patching process. These issues range from minor annoyances to the dreaded blue screen of death. IT admins will occasionally get bit by buggy Microsoft updates on Windows devices.
This is a manual and time-intensive process to follow, especially at a time when Microsoft releases several updates at different times of the month. Later, they would push the patches to legacy and more delicate devices.
Some admins would read up on every single update, deploy to a test group and then roll out to the main fleet. They either allowed all updates as they arrived or they allowed the critical and security updates straight away and held off on the rest for testing. WSUS helps automate the busywork of Windows patchingįor a long time, many admins used WSUS in a mostly automated fashion. SCCM ingests the updates downloaded via WSUS and uses its own client to deploy them, using the workflow and rules defined in ConfigMgr. System Center Configuration Manager (SCCM) - also known as ConfigMgr and recently rebranded as Microsoft Endpoint Configuration Manager - came along and offered even more control over Windows updates. WSUS helps maintain order: Instead of having all the Windows clients go to the internet and download the updates, you have one or more WSUS servers that centralize the job and give you control on which updates to release to the clients. WSUS is still fully supported and many companies rely on it. Microsoft released Windows Server Update Services (WSUS) in 2005 to supersede Software Update Services (SUS).