Describe the deployment and release models for Windows-as-a-Service (WaaS)

  • 8 minutes

Windows Client is a comprehensive desktop operating system that allows you to work efficiently and securely. It's important to keep the desktop operating system up to date because it helps devices run efficiently and stay protected. Windows-as-a-Service (WaaS) is a new way to work with the Windows desktop. The WaaS model is designed to make life easier for both users and IT professionals by simplifying the deployment and servicing of Windows client computers. WaaS maintains a consistent and current Windows experience for users.

Servicing

Release types

With Windows client, there are two release types:

  • Feature updates add new functionality and are released twice a year. Because these updates are more frequent, they're smaller. There are many benefits:
    • There's less disruption and effort to apply new features.
    • Users are more productive with earlier access to new Windows features.
    • Users take less time to adapt to smaller changes.
    • The workload and cost impact of updating Windows is reduced.
  • Quality updates provide security and reliability fixes. These updates are issued once a month as non-security releases or combined security + non-security releases. Non-security releases allow IT admins to do an early validation of content. In addition, a cumulative update is released which includes all previous updates. There are a couple of benefits:
    • Identified security issues are fixed and deployed quickly, helping to keep devices secure.
    • Everyone receives security fixes regularly, keeping all devices aligned.

Servicing channels

Servicing channels are the first way to separate users into deployment groups for feature and quality updates. There are three servicing channels. Each channel each provides different levels of flexibility for when these updates are delivered to client computers.

  • Windows Insider Program provides organizations with the opportunity to test and provide feedback on features that will be shipped in the next feature update. New features are delivered to the Windows Insider community during the development cycle through a process called flighting. This process will allow organizations to see exactly what Microsoft is developing and start their testing as soon as possible. Microsoft recommends that all organizations have at least a few devices enrolled in this program. To learn more about the Windows Insider Program and how to join see, The Windows Insider Program.
  • General Availability Channel receives new functionality with feature update releases annually. This model is ideal for pilot deployments and testing of feature updates. It's also ideal for users such as developers who need to work with the latest features. Organizations can choose when to deploy updates once the latest release has gone through pilot deployment and testing.
  • Long-term servicing channel is designed for specialist systems and devices that don't run Office apps such as medical equipment or ATMs. These devices typically perform a single task and don't need frequent updates compared to other devices in the organization. This channel receives new features every two or three years.

Deployment

Deployment rings

Deployment rings are a deployment method used to separate devices into a deployment timeline. Each “ring” comprises a group of users or devices that receive a particular update together. IT administrators set criteria that should be met to control delay time or completion before deployment to the next broader ring of devices and users can occur.

A common ring structure uses three deployment groups:

  • Preview is for planning and development.
    • The purpose of the preview ring is to evaluate the new features of the update.
  • Limited is for pilot and validation.
    • The purpose of the limited ring is to validate the update on representative devices across the network.
  • Broad is for wide deployment.
    • Once the devices in the limited ring have had a sufficient stabilization period, it’s time for broad deployment across the network.

Deployment methods

To successfully deploy Windows in your organization, it's important to understand the different ways that it can be deployed. There are three types of deployment methods:

  • Modern deployment methods grasp both traditional on-premises and cloud services to deliver a streamlined, cost effective deployment experience.

    • Windows Autopilot allows IT professionals to customize the out-of-box experience (OOBE) for Windows PCs and provide end users with a fully configured new Windows device. Users can go through the deployment process independently, without the need to consult their IT administrator.
    • In-place upgrade provides a simple, automated process that uses the Windows installation program to upgrade from an earlier version of Windows. This process automatically preserves all data, settings, drivers, and applications from the existing operating system version. In-place upgrade requires the least IT effort, because there's no need for any complex deployment infrastructure.

  • Dynamic deployment methods enable you to configure applications and settings for specific use cases without having to deploy a new custom organization image to the device.

    • Subscription activation uses a subscription to switch from one edition of Windows to another when a licensed user signs into a device. For example, you can switch from Windows 10 Pro to Windows 10 Enterprise.
    • Azure Active Directory (Azure AD) joined with automatic mobile device management (MDM) enrollment automatically joins the device to Azure AD and is configured by MDM. The organization member just needs to provide their work or school user ID and password.
    • Provisioning package configuration uses the Windows Imaging and Configuration Designer (ICD) tool. This tool is used to create provisioning packages that contain all the configuration, settings, and apps that can be applied to devices.

  • Traditional deployment methods use existing tools to deploy operating system images.

    • New computer, or also called bare metal, is when you deploy a new device or wipe an existing device and deploy with a fresh image.
    • Computer refresh, or also called wipe-and-load, is when you redeploy a device by saving the user state, wiping the disk, then restoring the user state.
    • Computer replace is when you replace an existing device with a new one. You save the user state on the old device and then restore it to the new device.