Recently, Microsoft said the inside thing on the outside: they will no longer invest in new features for Windows Server Update Services (WSUS). You can and should read the short blog post here, which was updated to define deprecation as “we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS.”
Am I Impacted?
The answer to this question naturally follows from the above: Do you have an outstanding feature request for WSUS pending with Microsoft? If you do, then I have good news and bad news. The bad news first: that feature will never … ever … see the light of day.
The good news: I have an exhilarating, very exclusive crypto opportunity to offer you called PatchMyCoin™. Get in now before it goes to the moon!
If you were one of the few not currently awaiting, with bated breath, Microsoft’s delivery of amazing new features to WSUS, then you are not impacted.
Full stop.
You can literally stop reading right now and move on with the rest of your life. Go on; we’ve already got your click; we won’t be offended in the slightest.
But WSUS Is Dead … Right?
If we measure WSUS’s health by Microsoft’s clarified definition of deprecation, then WSUS hasn’t had a pulse for over a decade. Admittedly, a lack of pulse is not a great look, and WSUS definitely has some structural faults that I’d love to see resolved. Still, if WSUS is working for you today, it shall continue to work for you tomorrow and as far into the future as we in IT can possibly fathom. At a bare minimum, WSUS shall continue to function unabated for at least ten years.
How do we come to that conclusion? From the aforementioned blog post: “Deprecated features continue to work and are fully supported until they are officially removed, and we have no current plans of removing WSUS from in-market versions of Windows Server (including Windows Server 2025).”
Part of the reason WSUS has not seen significant investment is that shortly after its 3.2 release, it was consumed into Windows Server as an OS feature. All evidence points to that team being uninterested in further developing WSUS beyond life support. However, as an OS feature, Microsoft cannot just arbitrarily End of Life (EoL) it. Given their intent to include it in Server 2025, you can infer a minimum of 10 years of support.
It’s also important to remember that the submarine use case is literal, not figurative. Actual, real submarines, full of nuclear missiles, are roaming the seas with more PCs on them than ever before. Those PCs need to be managed, and they are most definitely not talking directly to the internet. It’s an open secret that the DOD requires ten years of advanced notice of any deprecation impacting their operations. When the day comes, and on a long enough timeline, it inevitably will, our industry will have a very long offramp thanks to the US Navy.
What Do I Need to Do If I’m Using WSUS?
Right now, at this very instant, you need to do nothing. Absolutely nothing.
Microsoft’s decision to deprecate WSUS after over a decade of zero investment is meaningless unless paired with an EoL announcement, which they took great care not to do. There is no reason to take immediate action until Microsoft makes a clear EoL statement and sets an EoL date.
Why would Microsoft bother to announce that it won’t be working on WSUS after a decade of not working on WSUS? Microsoft gladly explains itself: “We recommend organizations transition to cloud tools, including Windows Autopatch and Microsoft Intune for client update management and Azure Update Manager for server update management.”
In case you need that translated: “Microsoft would really like you to adopt the solutions we have built that have found new ways of charging you money.”
Microsoft has long pioneered the art of sowing ‘Fear, Uncertainty, and Doubt’ (FUD) to herd customers in the direction Microsoft wants them to move. It’s hard not to interpret an overdue statement of the obvious (no new feature development) without an actual EoL as anything else. It’s working: we’ve already seen system admins and customers reaching out with deep concern that WSUS will stop functioning. Despite the blog itself saying that’s not what’s happening.
To be clear, you should absolutely review Microsoft’s cloud offerings and determine if they better suit your organization’s needs. If they do, you should absolutely start planning a migration path. However, you should not do so out of fear, uncertainty, or doubt about WSUS working for the foreseeable future.
Doesn’t PMPC Rely on WSUS?
If you are using PMPC in a Configuration Manager (ConfigMgr) environment, then yes, PMPC’s products integrate with WSUS to provide updates to existing applications alongside your first-party Microsoft updates. Hopefully, the above has clarified that there is no reason for concern on this front for a long time. If you need reassurance, Microsoft helpfully provides it: “WSUS deprecation does not impact existing capabilities or support for Microsoft Configuration Manager.”
Suppose the unthinkable were to happen, however, and MS gets drunk with power and secretly uninstalls WSUS worldwide overnight. In that case, we are committed to ensuring that our ConfigMgr customers retain the ability to install and update third-party applications using our products. We have worked through the various scenarios and have plans of action we would be able to execute quickly to continue delivering the value our customers have come to expect of us.