Also unknown: The impact, if any, of the rings in the CB and CBB on patch delivery.
The danger of artificially delaying security updates to fit the constraints of a Current Branch or Current Branch for Business schedule, or even a "fast" or "slow" ring, is that some will get fixes before others. Cyber criminals typically start examining a patch as soon as they get their hands on it, hoping to uncover the underlying vulnerability, then craft a workable exploit. That would let them probe for unpatched systems, say those on the four-month-delayed CBB, as they sniff for potential victims.
That's not terribly different from the situation now: Enterprises often take months to apply a patch. What would be different is if a fix was not available to everyone at the same time.
We'd be very surprised if Microsoft did not simply let each patch loose, available to all at the same time. But you can never be sure.... Microsoft has done stranger things.
I manage hundreds of Windows devices, all running Windows 7 Enterprise. What do I get? Depends. If your organization pays for Software Assurance (SA), the annuity-like plan that gives the company OS upgrade rights, as well as a host of other benefits, you'll be able to use the third track, Long-term Service Branch (LTSB), when you eventually migrate to Windows 10.
LTSB is designed to lock down devices. During an April webinar for partners, a Microsoft product manager said LTSB would be "very similar to Windows 7" in that security and other bug fixes would reach devices, but that those systems would not receive the feature/functionality/UI/UX changes for Windows 10.
So far, LTSB is the only branch that Microsoft has explicitly guaranteed will receive support for the usual decade, five in "Mainstream" support, the following five in "Extended" support.
Every two to three years, Microsoft will create another LTSB build, integrating some or all of the feature changes released to CB and CBB in the intervening time, then offer that to customers. They will have the option to move to that build — it won't be mandatory — and have the ability to skip at least one build, passing on LTSB 2 (or whatever Microsoft names it) then years later adopting LSTB 3 with an in-place upgrade.
LTSB seems too old-school for most of our devices. What other choices do we have? Devices running Windows 10 Pro, Windows 10 Education or Windows 10 Enterprise can be on the Current Branch for Business, meaning that corporations running Windows 10 Enterprise have the most choices: CB, CBB and LTSB.
Any device on CBB can — as outlined earlier — take updates via Windows Update for Business within the first four months of them being approved by Microsoft.
Sign up for CIO Asia eNewsletters.