Windows Update Management: Infrastructure

We’re continuing the update of our Windows update management blogs – this time it’s infrastructure and preparation! 

We’re releasing all of our content that was previously sat behind a form – so no more emails! But if you’d rather view the original, click here.


So let’s touch on the infrastructure required to support Windows as a service. Your infrastructure must support your chosen servicing tool’s requirements, with a defined process to keep these tools updated and secured.

  • If you use Configuration Manager, is it on the Current Branch with the latest release installed?
  • Using Microsoft Intune? This reduces management of infrastructure as no service updates are required.
  • Using a third-party tool? Check with their product support to make sure it supports the next feature update.
  • Don’t forget validation infrastructure. It’ll allow you to validate the deployment, track it and understand failures and successes. Ideally have physical or virtual machines for testing and a virtual lab for application testing and remediation.


Now it’s time to determine environment readiness – validation tasks will assess the compatibility level and help you figure out if your environment is ready to receive the feature update. To make this easy for each update release, you need to create a list of tasks that can be repeated each time in the following areas:


Application validation requires working with the business units to determine the owners for the most critical business applications. You should also define the early adopter testers who will test the less critical applications that need to be validated. The least critical applications can be validated during daily usage by mainstream users. Business critical applications can be tested within a virtual environment, however physical test devices can also be used if a virtual environment isn’t available. The capacity of this environment is determined by the amount of validation testing needed and how many business-critical applications need to be tested.


For hardware, enterprise IT can use analytics to determine compatibility. Some service providers also provide automated testing solutions, but if none of those options are available, we recommend that you at least have a full set of hardware models in the early adopter testing rings.


The in-place upgrade should be validated by enterprise IT. As most Windows 10 devices in your enterprise will use the Windows in-place upgrade process to install updates, it’s important to test this in the validation tasks to ensure that you maintain any customisation in your environment.


Security readiness should be owned by the enterprise security department, which should work with any third-party vendors to determine readiness for all security components in scope.


Policies may be introduced, deprecated, or updated in a feature release, which may have an impact on your security policy design. Microsoft also releases recommended security baselines for each new release of Windows, and these need to be evaluated and implemented as appropriate.

Useful docs

Microsoft of course has a wealth of info out there! We’ve pulled out a few sections that may be useful to you here:

Windows 10 infrastructure requirements (Windows 10) – Windows Deployment | Microsoft Learn

Evaluate infrastructure and tools – Windows Deployment | Microsoft Learn

Determine application readiness – Windows Deployment | Microsoft Learn

Define readiness criteria – Windows Deployment | Microsoft Learn

In the next blog we’ll cover testing, validation and compatibility. 

Thinking about Windows 11?

Our CTO Steve Beaumont ran through key actions that will give you the right level of visibility and control over your IT estate ahead of upgrading to Windows 11. Check it out here!

This is perfect for anyone who wants a head start on the 2025 deadline (it’ll be here sooner than you think!) or anyone with a more complex IT estate (e.g. BYOD, a mix of device types/lots of old devices).

Share on:


Share on Facebook
Share on Twitter
Share on LinkedIn

Related blogs

two people at desk looking at code

AOVPN DPC V4.0 is Now Live!

Today we’re very excited to announce the release of AOVPN DPC 4.0 with support for Windows 11! AOVPN Dynamic Profile Configurator is now functional with