Editor’s note: An earlier version of this story said some devices need up to eight hours of time connected to the internet to update; the story has been revised based on updated information from Microsoft.
Windows devices that aren’t connected to the internet for up to six hours at a time are “very unlikely” to successfully update fully and properly, a recent Microsoft investigation revealed.
Microsoft program manager David Guyer wrote in a recent blog post that devices need a minimum of two continuous connected hours, and six total connected hours to install “quality and feature updates.”
“This allows for a successful download and background installations that are able to restart or resume once a device is active and connected,” Guyer wrote.
Nearly a week after the blog was first posted, Guyer answered some pointed questions in a comment thread, explaining that the majority of updates — from start to finish — can take less than an hour.
“The six ‘total connected hours’ (not eight) I cited in this post are based on studies that include devices that are infrequently used, often only online for a few minutes across multiple hours, have intermittent connectivity, and are often running on battery power,” Guyer wrote. “Some parts of the update process can restart where they left off, like the downloads. Others need to restart from the beginning if the device shuts down. So these are both taken into account in the criteria.”
The problem with long updates, Microsoft claimed, is most prevalent on devices running Windows 10; those systems require substantially larger updates than Windows 11. Microsoft reduced the size of updates for Windows 11 by 40% through compression technology, “thereby cutting time and bandwidth requirements for updates,” a Microsoft software engineer and program manager wrote in an October 2021 blog post.
Microsoft, Guyer wrote, has invested in a significant effort to understand why some Windows devices are still not always fully up to date.
About half of Windows 10 devices that are no longer running a serviced build don’t spend enough time online for the updates to be downloaded and installed. That number drops to 25% of Windows 10 devices that are on a serviced build but have security updates more than 60 days out of date, according to Microsoft.
One problem is end users power down their systems at the end of their workday, eliminating the possibility of updates overnight. “Impress upon [users] the importance of keeping their devices connected so their devices can stay protected and they can stay productive,” Guyer said.
When investigating the issue, Microsoft found “insufficient update connectivity,” or the amount of time and bandwidth needed to update hardware completely during the six hours of connected time. “If a device has insufficient update connectivity, then investigating other update issues is complicated because the low update connectivity can create new issues that go away once there’s enough connectivity,” Guyer wrote.
The bottom line, however, is that Windows updates are large, and even breaking the updates into smaller segments and spacing them out so they don’t take place all at once still requires the machine to be on a long time; then, once the update is fully downloaded, the PC still has to incorporate the software in background mode to have minimal impact on the machine performance.
The updating issue for Microsoft has been a problem for years; it’s not something new with Windows 10.
“Microsoft will have a tough time moving beyond this scenario, but they are trying to do so with each new OS, and getting better at it, but still have a ways to go,” said Jack Gold, principal analyst at J. Gold Associates.
The fundamental problem is that the way Microsoft has structured Windows and the update process essentially requires a very large part of the OS to be updated whenever there is a new version, according to Gold.
“Other OSes, especially some of the mobile ones…, have figured out how to do a componentized approach to updating just the portions of the code necessary,” Gold wrote in an email response to Computerworld. “Microsoft is trying to move in this direction as well, and Windows 11 does do better at this. But the fundamental architecture of Windows makes it hard to move fully to a less burdensome process, given that much of the existing code and platform is used in new versions of the OS.”
If Microsoft tried to give OS updates the priority they need to complete quickly, it would basically take over a machine’s CPU, leading to sluggish performance for all applications on the system.
To address the issue, Microsoft settled on partial downloads, performing one, waiting a bit, then downloading some more, Gold said.
“Basically, they are throttling back so as not to overly impact performance…, so as not to totally trash the user working on the machine,” Gold said.
Other OSes have similar issues, but to a much lesser extent. For example, Apple’s macOS is built on a Linux kernel that’s much more segmented than Windows. So updates to the system aren’t usually as big, unless a user is upgrading to a totally new version of macOS.
“But, that’s not to say that the updating process on Macs is a breeze either,” Gold said. “It still takes compute resources to download and make upgrades. It’s just a little easier on the system and user than Windows.”
According to Microsoft, another issue affecting updates is power management. Some power settings and related policies put a device into a deep sleep or hibernation too quickly, which can prevent updates from occurring outside active hours.
Microsoft provides recommendations on how to make sure updates are done, including power settings that allow devices to stay current with security updates. IT admins using Group Policy Objects to manage policies can use the settings in the Windows security baselines, available as part of the Security Compliance Toolkit, to configure power settings.
Companies might also want to consider filtering out devices that do not have the minimum update connectivity. The reasoning is that those devices are not “update healthy,” and changing policies or targeting them with more updates will not help until they meet the minimum Update Connectivity measurement required for success.
Admins can check which devices have Insufficient update connectivity using Microsoft Intune. Once there, navigate to Devices > Monitor and select either the Feature update failures or Windows Expedited update failures report.