Patch management – Windows SSU and LCU bundled into one cumulative update

Introduction

Since we moved towards windows 10 we were met with a new way of patching. Patching Cumulative, so that the next patch had all the older patches inside, this made our life as admins much easier. Thinking of the good old days with Windows 7 where we reached a good side of 200 patches to apply to an image. A real pain.

Today Microsoft announced that Cumulative updates and servicing stack updates move together as one cumulative experience. It will still be possible to patch separately, but to make the life even easier for admins this new experience has been added and can be used already for December patching.

In this blog post I will introduce how to move forward using this new Cumulative experience.

 

Prerequisites

• Configuration Manager / WSUS

• Windows 10 2004 or later

• September 2020 SSU installed on your clients

 

Enable pre-release category

Open Configuration Manager console

Go to Administration

 

Open Site Configuration and Sites

 

Mark the primary site and press Software Update Point

Locate the Products tab and enable “Windows Insider Pre-Release”

 

Go to the Software Library

 

Right click All Software Updates and Synchronize your software updates.

 

Locate wsyncmgr.log and verify the sync started.

 

Deploy cumulative update to your environment

To make sure everything goes as planned we had to make sure our devices would get the SSU prior to the LCU. Now with the new Cumulative update, this is not something we need to think of as Microsoft (the client) will make sure the proper order is executed.

Navigate to the Software Library

 

Choose All Software Updates

 

Search for 2020-12 which will show us December patch.

 

We have 2 Cumulative updates for 2004 x64 and 2 cumulative updates for 20H2, WHY is that? You may wonder?

Microsoft stated that we are not forced to use the new Cumulative update containing both LCU and SSU and therefore you will see 2 cumulative updates. Let me show you:

First 1 comes from our Product category “Windows 10, 1903 and later”. That means you can deploy this patch but then you should remember to send out the SSU patch also (see picture below)

 

Same name, same article number. At first sight no difference at all, but taking a closer look we see that this update comes from product category “Windows Insider Pre-Release”

Comparing the 2 Cumulative updates

We see a gap of 8 mb which means we save 6 mb pr device as the SSU standard patch is 14 mb (see picture below)

I hope you found this informative.

 

Want to automate the new cumulative updates?

You are ready to be awesome!

 

Summary

Going forward we need only 1 patch to our devices as LCU and SSU are bundled.

Microsoft are not pushing anything rather you can use your preferred method of choice. The Pre-Release is just a helping hand to make life easier and to make sure that both updates are available for the client SSU first and then LCU.

Using a pre-release feature is fully supported and you should not fear using this in production environments.