Get ready for upcoming Microsoft client-management changes

Mary Jo Foley is the Editor in Chief at Directions on Microsoft. Before joining Directions, Mary Jo has worked as... more

In recent weeks, Microsoft has started making clearer its intentions around what ultimately will be major changes to its client-management portfolio. Some of these are imminent; others are still likely years away. In any case, it’s not too soon to start making a plan for Microsoft’s inevitable move to cloud-based management.

Earlier this month, Microsoft announced (in a typical bad-news drop on a Friday) that it is deprecating its Windows Server Update Services (WSUS) updating mechanism. “Deprecated,” as Microsoft uses the term, “refers to the stage in the product lifecycle when a feature or functionality is no longer in active development and may be removed in future releases.”

This new phase for WSUS shouldn’t be surprising to anyone who follows Microsoft, as WSUS hasn’t received noticeable new features in years. However, WSUS is still part of how a number of Microsoft business customers use Configuration Manager to update Windows clients.

In its September 20 blog post, Microsoft notes the WSUS deprecation does not (yet) impact support for Configuration Manager, and that the WSUS role will remain in Windows Server 2025, which is slated to ship later in 2024. However, Microsoft’s guidance to customers who are willing to stick with Microsoft’s products and services is to begin transitioning to Windows Autopatch and Intune for client update management and Azure Update Manager for server update management.

None of Microsoft’s suggested replacements is entirely free (but neither is WSUS, if you take Client Access Licenses and other prerequisites into consideration). Intune, Windows Autopatch and Azure Update Manager all require subscriptions and Internet connections — something that a number of commentators on Microsoft’s blog post pointed out angrily and repeatedly.

Microsoft isn’t yet providing guidance on precisely when it will discontinue WSUS. However, given it will be part of Windows Server 2025, it seems fairly safe to assume that Microsoft will continue to support it for years, since Windows Server 2025 gets five years of mainstream and five years of extended support.

Speaking of Windows Autopatch…

Microsoft also is making changes to its Windows Autopatch service — specifically, merging the Windows Update for Business (WuFB) deployment service into it. This change is slated to roll out between mid-September and mid-October 2024.

Windows Autopatch is one of a number of ways for customers to manage updates for Windows, Microsoft 365 Apps for Enterprise, Microsoft Edge and Teams. Microsoft officials say by merging Autopatch with the WuFB deployment service, it is creating “a more cohesive and streamlined update experience” for enterprises. Customers can access the new unified Autopatch via the Intune admin center to update policies, groups, status and reports.

However, existing WuFB customers have a lot of questions about exactly what this merger means. Based on responses to Microsoft’s September blog post about the change, it sounds as though existing Windows Update for Business enterprise customers will start configuring their mobile-device management under the Autopatch brand, but they won’t automatically get all the current Autopatch capabilities without having Windows 10/11 Enterprise E3, E5, or F3 included as part of their Microsoft 365 E3, E5, or F3 licenses.

When ‘Customer Feedback’ Wins

While negative customer feedback didn’t shift Microsoft’s plans around WSUS and the Windows Update for Business deployment service, it did impact another client-management change Microsoft announced recently with not much heads-up.

Microsoft’s Intune team blogged on September 16 that Microsoft had decided to change the Windows mobile-device-management (MDM) “enrollment experience” so that security fixes, plus updates to existing features would be automatically downloaded and installed on Windows 11 devices running 22H2 and higher that were connected to an MDM service like Intune.

Microsoft officials said at that time that this would start happening with “the coming October Windows update” whether devices were pre-registered with Windows Autopilot or not. They also said there would be no option to control or disable the updates applied during the set-up experience, and that the new process would lead to longer initial set up times as various updates were applied.

But on September 20, Microsoft updated the original announcement blog post to note that, based on customer feedback, this change will not happen until the team finds a way to make sure IT admins would be in control of the new experience.

“Customers need to stay mindful of Microsoft announcements — particularly heading into weekend news dump time — as Microsoft is clearly trying to begin clearing the decks of some legacy technology in favor of cloud-based services that have been gradually replacing them,” advised Directions on Microsoft analyst Wes Miller.