Key Points:
- WSUS is not end of life. It is end of development and has been officially deprecated.
- Windows Server 2025 includes WSUS as a role and will be supported until at least the end of support for Windows Server 2025 which will take us to 2035.
- Microsoft’s ConfigMgr uses WSUS under the hood for the Software Update Point role.
- Hotpatching was never going to come to WSUS even before this announcement.
- WSUS is your ONLY option for Disconnected secure environments.
On Friday September 20, 2024, Microsoft officially announced that they are deprecating WSUS. The writing has been on the wall for a long time. In the last 15 years, WSUS has appeared to many as dead anyways as the interface and reporting structures have not changed in that time. What many people do not realize, is that WSUS has had development done over the last 15 years, but it was to support and improve the core update systems of Windows 10, Windows 11, and the Unified Update Platform (UUP).
All development for WSUS has been in the background and included such things as the new upgrade methods that Windows 10 started out with, delivery optimization capabilities (more client than WSUS), Electronic Software Distribution (ESD), and UUP.
WSUS: Deprecated but NOT End-of-Life
WSUS is officially deprecated, but it is not reaching end-of-life. Windows Server 2025 will continue to support WSUS at least until the end of the version’s lifecycle, which brings us to 2035. This gives businesses plenty of time to rely on WSUS for their update management needs.
Microsoft’s Push for Cloud Updates
While WSUS remains vital for many organizations, Microsoft is pushing for the adoption of cloud-based update solutions like Windows Update for Business (WUfB), Windows Autopatch, and Hotpatching through Azure Update Management (AUM) – Arc enabled.
- Windows Update for Business (WUfB): A free service for managing updates on workstations. However, it does not support server updates, which limits its effectiveness for larger IT operations.
- Azure Update Management (AUM) and Arc: These solutions include hotpatching, which allows updates to be applied without restarting the system. However, using these features requires a licence fee for each server managed.
Why Hotpatching Isn’t Available in WSUS
Hotpatching was never intended for WSUS, even before this announcement. The reason why it won’t ever be included and why Arc requires a licence cost is because Microsoft must actively develop the hotpatch. It’s not as simple as applying a patch and restarting the system; hotpatching works by patching the in-memory code of running processes without needing to restart the process.
The Continued Importance of WSUS
For organizations that operate offline, WSUS is still the only option. Many businesses, especially those in secure environments, rely on WSUS to manage updates without an internet connection. Even with Microsoft pushing for cloud solutions, WSUS will remain essential for these networks for years to come. Additionally, Microsoft’s Configuration Manager (ConfigMgr) still uses WSUS under the hood for the Software Update Point (SUP) role.
Final Thoughts
In short, while WSUS is deprecated, it is not obsolete. Organizations can continue to use WSUS for update management, especially in offline environments, where it will be vital until at least 2035. To streamline your WSUS operations, use AJ Tek’s WAM. WAM automates WSUS tasks, reducing the manual workload on your IT staff so they can focus on more important priorities.
Get WAM to save time on WSUS maintenance.
At AJ Tek, our vision is to make IT simple and automated for other IT professionals. Our flagship product is WAM, WSUS Automated Maintenance. This system performs all of the tasks that a WSUS Administrator needs to do to maintain WSUS properly only leaving the approving of updates and reporting to the WSUS Administrator.
Connect with us on Facebook and LinkedIn for additional insights and advice.
