The management of Windows 10 and Windows 11 OS updates and subsequent patches is a constant exercise. From selecting and approving patches manually to testing and deploying updates, OS update management continues to be high touch and time consuming. Windows updates management causes more headaches due to the complexity of configurations available, required knowledge and time to troubleshoot and resolve errors, and lack of insights into update failures and success — to name just a few.
In the past, when there was a security risk and someone wasn’t on network, the updates would have to wait until the computer joined the network, which could take days, weeks, or months. If something goes wrong, uninstallation is often a very manual process, too. Because the reason for errors can be difficult to ascertain and even obscured behind PowerShell scripts, it can be difficult to tell leadership why it’s not working, only that it isn’t working. Until recently, there was not much of an option other than asking employees to join the network and then spending hours troubleshooting.
Introducing Workspace ONE Updates Lifecycle
VMware is introducing new Workspace ONE capabilities that will make managing OS updates and patches even easier and improve the security posture of Windows devices. Workspace ONE flexibly extends to multiple content sources and unifies policy, deployment, and lifecycle management of the OS from the cloud.
The revamped update management capabilities in Workspace ONE will give admins significant flexibility in update timing and level of automation, granular controls, and vastly improved reporting and dashboards. Admins can patch OS versions at any time, regardless of whether the device is on or off the company network.
Let’s have a look at the upcoming admin experience.
With these new features, the controls for OS updates will be within a new payload in a device profile. They will have a new dedicated space where admins can configure, manage, and monitor updates.
A new sampling engine will provide additional details about updates. Admins will see the source of the update as well as the status on the device.
While standard configuration items will be available, the design will be more dynamic by linking specific values together based on their interdependencies. Many configuration items that were not previously available within MDM will be added to address deployment speed, reliability, and overall effectiveness to improve both compliance and visibility into the overall health of an environment. Admins will be able to target specific Windows OS products and versions to manage major Feature Update releases more granularly.
Policy sets will be easily managed from a central location, including editing, copying, and deleting, as well as additional actions, such as pause and rollback.
Offering intrinsic flexibility to make patching accessible
Flexibility is an inherent feature of the new Workspace ONE Updates Lifecycle. Admins will be able to roll out critical updates automatically, without having to create automations or approval workflows, while retaining control to hand-test patches that are more likely to create issues. Admins will be able to define the timing of updates to ensure an expedient rollout with the least disruption to user experience.
Simultaneously, users will be able to choose when it’s best for them to patch, particularly during non-emergency updates. To address emergency updates and provide even further flexibility, IT teams will be able to patch devices that are both on and off the network in real time.
Updates and patching are important to IT administrators and security operations teams. Workspace ONE Updates Lifecycle breaks down the silos between these teams and allows for seamless communications between them. IT teams will be able to communicate and delegate appropriate actions to SecOps team members via granular role-based access controls (RBAC), and SecOps will get customer views to track updates as they progress. Windows updates will be easier. Both expert and newer employees from IT and SecOps teams will be able to improve compliance and elevate the security posture of their Windows fleet.
Originally published June 2, 2022. Updated September 28, 2022.