This article is more than 1 year old

Windows updates? Just trust us, says Microsoft executive

'Rather than you approving which patches you want, we are saying let them all flow'

Group Policy, or Mobile Device Management?

Today most PCs are managed using a traditional approach based on Group Policy, whereas mobile devices use a more generic method called Mobile Device Management (MDM) which can be delivered from the cloud. Windows 10 can be managed using either technique, but does Microsoft see Group Policy declining in favour of MDM?

“Our long term vision on Windows 10 management is that organisations should rely on Microsoft to do more for them on their behalf. Let us worry about your images. Let us keep your devices updated through Windows Update for Business. Rather than you approving which patches you want, we are saying let them all flow because the way organisations get the most secure, the most compliant, the most reliable and most performance devices is to stay updated with all of our updates,” says Anderson.

What about when an update breaks compatibility?

“There is years of experience that IT pros have, sometimes we release updates that break something. As we build confidence with IT pros around the world that our updates are solid they will get more comfortable with just letting the patches go through,” Anderson says, though he adds that “in Windows Update for Business you have the ability to say, I want to delay these updates, so you have some level of control. You don’t have the degree where you can say I want to deploy these three but not these 10.”

Anderson says that System Center’s Configuration Manager offers a path towards this approach via its auto-approve setting. “What we are telling people is, as you get confident with us turn on auto-approve, let all the updates flow down because that is the way that you are going to have the most predictable, the most secure, the most reliable, the most compatible devices. Then as we continue to enrich that MDM layer, organisations will move to that model of management, but that is going to take them some time. There is a bit of a cultural change there. Because you can’t control the same number of settings that you can with Group Policy and Config Manager.”

When Microsoft introduced management of iOS and Android devices in its Enterprise Mobility Suite, eyebrows were raised, but Anderson says take-up is substantial. “Of all the mobile devices that we manage 55% are iOS, 35% are android and 10 per cent are windows,” he told The Reg.

Is Microsoft frustrated by the continuing love for Windows 7 in business, with many PCs still being delivered with Windows 7 pre-installed? If it is, Anderson will not admit it. “We are very pleased with the rate of adoption that we are seeing, it is the fastest that we have ever seen,” he said.

The overall picture is confused though, because the figures Microsoft releases cover both consumer and business, and the consumer upgrade was both free and heavily promoted by the company. At Ignite, Microsoft refused to give the press numbers for Windows 10 Enterprise take-up alone.

Anderson says there are strong reasons to upgrade. “Enterprises want the security. With things like Windows Hello you can eliminate passwords. Credential Guard stores your credentials in a way that it is impossible for an attacker to get credentials. There are things like secure boot, which as device comes up checks that something has not been injected into the boot sequence. The form factors are also driving a lot of it. Two-in-ones, Surface Pro, Surface Book, users want to have these modern touch devices.”®

More about


Send us news

Other stories you might like