The management of Windows 10 and Windows 11 OS updates and subsequent patches is a constant exercise. From selecting and approving patches manually to testing and deploying updates, OS update management continues to be high touch and time consuming. Windows updates management causes more headaches due to the complexity of configurations available, required knowledge and time to troubleshoot and resolve errors, and lack of insights into update failures and success — to name just a few.
In the past, when there was a security risk and someone wasn’t on network, the updates would have to wait until the computer joined the network, which could take days, weeks, or months. If something goes wrong, uninstallation is often a very manual process, too. Because the reason for errors can be difficult to ascertain and even obscured behind PowerShell scripts, it can be difficult to tell leadership why it’s not working, only that it isn’t working. Until recently, there was not much of an option other than asking employees to join the network and then spending hours troubleshooting.
Introducing Workspace ONE Updates Lifecycle
A new Policy creation system allows admins to build their own fully custom configurations or select from pre-defined templates based on the target user experience or business need.
While standard configuration items are available, the design is more dynamic by linking specific values together based on their interdependencies. Many configuration items that were not previously available within MDM have been added to address deployment speed, reliability, and overall effectiveness to improve compliance and visibility into the overall health of an environment. Admins can target specific Windows OS products and versions to manage major Feature Update releases more granularly.
Policy sets are now easily managed from a central location, including editing, copying, and deleting, as well as additional actions, such as pause and rollback.
The Workspace ONE Update Catalog has seen significant changes as well. It is now a globally hosted catalog with full access to all published updates. This catalog constantly updates as they become available throughout the day.
This means VMware has a vastly larger system of metadata, allowing us to build and design new solutions around that additional information, such as release dates, version and revision history, applicability, and supersedence status.
Offering intrinsic flexibility to make patching accessible
Flexibility is an inherent feature of the new Workspace ONE Updates Lifecycle. Admins can roll out critical updates automatically, without having to create automations or approval workflows, while retaining control to hand-test patches that are more likely to create issues. Admins can define the timing of updates to ensure an expedient rollout with the least disruption to user experience. Simultaneously, users can choose when it’s best for them to patch, particularly during non-emergency updates. To address emergency updates and provide even further flexibility, IT teams can patch devices that are both on and off the network in real time.
Updates and patching are important to IT administrators and security operations teams. Workspace ONE Updates Lifecycle breaks down the silos between these teams and allows for seamless communications between the two teams. IT teams can communicate and delegate appropriate actions to Sec-Ops team members via granular role-based access controls (RBAC), and Sec-Ops can get customer views to track updates as they progress. Now, Windows updates are made easier. Both expert and fresher employees from IT and Sec-Ops teams will be able to improve compliance and elevate the security posture of their Windows fleet.