Microsoft Windows 10 and Windows 11 OS updates and subsequent patch management are ongoing exercises. OS update management continues to be high-touch and time-consuming: selecting and approving patches manually, creating update lists and patch packages, and testing and deploying updates. Windows updates management causes many IT admins headaches due to the complexity of configurations available, required knowledge and time to troubleshoot and resolve errors, and lack of insights into update failures and success — to name just a few.
In the past, if there was a security risk and someone was not on the network, the updates would have to wait until the computer joined the network, which could take days, weeks, or months. If something goes wrong, uninstallation is often a highly manual process, too. Because the reason for errors can be difficult to ascertain and they can be obscured behind PowerShell scripts, it can be difficult for IT admins to tell leadership why it’s not working, only that it isn’t working. Until recently, there was not much of an option other than to ask the employee having issues to join the network, and then spend hours and hours troubleshooting.
Introducing Workspace ONE Updates Lifecycle
The VMware Workspace ONE team is pleased to announce new capabilities that simplify the management of OS updates and patches and improve the security posture of Windows devices. Workspace ONE flexibly extends to multiple content sources and unifies policy, deployment, and lifecycle management of the OS from the cloud. The revamped update management capabilities in Workspace ONE will give admins significant flexibility in level of automation and vastly improved reporting and dashboards. Admins can patch OS versions at any time, regardless of whether the device is on or off the company network.
Let’s explore the admin experience. With these new features, the controls for updates are handled within a new payload in a device profile. We introduced the new Windows Update Profile in Workspace ONE UEM 23.02, and it reflects the latest Microsoft best practices for Windows Update Management. The new payload is use-case driven and, based on an admin’s selections, only shows relevant configurations.
A new sampling engine provides additional details about updates. Admins can now see the source of the update and the status on the device.
While standard configuration items are available, the design is more dynamic by linking specific values together based on their interdependencies. Many configuration items that were not previously available within mobile device management (MDM) have been added to address deployment speed, reliability, and overall effectiveness to improve compliance and visibility into the overall health of an environment. Admins can target specific Windows OS products and versions to manage major feature update releases more granularly.
Besides “Profile” and “Sampling,” Workspace ONE UEM 23.06 introduced other new features, including “Pause” and “Rollback.” Quality and feature updates are available for Pause and Rollback on a per-profile or per-device level.
Offering intrinsic flexibility to make patching accessible
Flexibility is an inherent feature of the new Workspace ONE Updates Lifecycle. IT admins can roll out critical updates automatically, without having to create automations or approval workflows, while retaining control to hand-test patches that are more likely to create issues. Admins can also define the timing of updates to ensure an expedient rollout with the least disruption to user experience. Users can also choose when it is best for them to patch.
Updates and patches are important to IT admins and security operations teams. Workspace ONE Updates Lifecycle breaks down the silos between these teams and allows for seamless communications between them. Now, Windows updates are easier. Both expert and less-experienced employees from IT and Sec-Ops teams will be able to improve compliance and elevate the security posture of their Windows fleet.
To learn more about OS updates and patching with Workspace ONE, join us for a live session at VMware Explore 2023 Las Vegas, “Revolutionizing Windows Update Management: From Chaos to Control [EUSB2218LV],” on August 23, 2023, at 10:15 AM. Otherwise, visit the VMware Tech Zone for more information.