Microsoft will handle Windows 10 upkeep as part of the device-as-a-service (DaaS) Microsoft Managed Desktop (MMD) subscription, the vendor revealed at its Ignite conference.
"We will manage all the updates that happen on this device," Nathan Mercer, a senior product marketing manager, said in a 15-minute session on MMD. "We'll manage all the Windows 10 feature updates.
"You'll be getting Semi-annual Channel updates for this device. We'll also be managing the Office updates and the monthly quality updates that come from Windows as well."
Those twice-annual feature upgrades and monthly security updates - as well as a host of other bug fixes for Windows that shoot out the refresh pipeline - will be delivered through Windows Update for Business (WUfB), a spin-off of the better-known Windows Update service.
As part of the OS servicing end of MMD, Microsoft will also build four release "rings," those rings populated with the devices the enterprise's IT staff assign to various groups in Azure Active Directory (AAD). AAD is one of the requirements for deploying MMD.
"We will automatically set up a ring-based deployment typology behind the scenes for this, using Azure AD groups so you can roll this out on a scheduled basis for your users," Mercer said.
Those rings synced with long-time Microsoft recommendations. PCs in what the company dubbed the "Test" ring, for example, receive each feature upgrade on the first day of availability, while those in the next ring, labelled "First," take the upgrade 30 days later.
The final of the four rings, tagged as "Broad," get the feature upgrade 30 days after Microsoft offers the code to all comers, businesses included. Microsoft calls this step "Semi-annual channel," while the predecessor, handed out immediately to consumers, goes by the clunkier "Semi-annual channel (targeted)" instead.
Similar, but much shorter, delays are built into the dissemination of the monthly security updates, which most customers know as "Patch Tuesday" updates but Microsoft likes to call "quality updates."
The Test and First rings receive the patches on the day of release, while "Fast" - the third ring - and Broad get them one and five days later, respectively.
But Microsoft can't work magic. If the upgrade or update fails, it may ultimately pass the job on to a customer's IT and support staff.
Some problems can solve themselves given time, according to Microsoft. If an upgrade or update fails - and Microsoft knows this directly via customer-to-Redmond's-servers telemetry - then everything in that ring, and all future rings, is put on pause.
If an issue is discovered while deploying a quality update to the First ring, then First, Fast, and Broad will all be paused until the issue is resolved," Microsoft said in a support document.
By default, the pause lasts 35 days, but it can be reduced or extended, the support document added, "depending on whether the issue is remediated." It was not clear whether Microsoft or the customer would release the upgrade or update from the pause.
It seems likely, though, that in-house IT would have to intervene at times: Although Microsoft includes help desk support as part of the deal - end users can launch an online chat or, in desperation, use a toll-free number if they "can't sign in to the device, or the device is broken" - the developer isn't putting boots on the ground.
"We are partnering with, not replacing, your corporate help desk," Microsoft said.