{"id":10013,"date":"2023-04-12T10:30:02","date_gmt":"2023-04-12T17:30:02","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=10013"},"modified":"2023-07-19T11:47:29","modified_gmt":"2023-07-19T18:47:29","slug":"boosting-windows-internally-at-microsoft-with-a-transformed-approach-to-patching","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-windows-internally-at-microsoft-with-a-transformed-approach-to-patching\/","title":{"rendered":"Boosting Windows internally at Microsoft with a transformed approach to patching"},"content":{"rendered":"

\"MicrosoftYou\u2019re only as secure as your most vulnerable machine.<\/p>\n

That leaves enterprises like ours at risk when our employees don\u2019t update to the latest software version on a timely basis. Bad actors are tirelessly pursuing the smallest of vulnerabilities, so responding quickly will always be essential when it comes securing your organization\u2019s environment.<\/p>\n

For us, secure and timely Windows patching is one of our first lines of defense. That\u2019s why we\u2019re using Windows Update for Business to transform how we deploy our updates.<\/p>\n

\u201cSecuring data is an extremely important priority,\u201d says Biswa Jaysingh, a principal product manager with our Microsoft Digital Employee Experience team, the organization that powers, protects, and transforms the company. \u201cThis means responding quickly to vulnerabilities, getting accurate patches out in a timely manner, and helping users install updates using a disruption-free method.\u201d<\/p>\n

By making deploying Windows patching updates a better experience for our employees and IT admins who own the process, we\u2019ve decreased the amount of time it takes for us to respond to vulnerabilities, deploy patches, and reach target compliance rates. This approach has strengthened our overall security posture.<\/p>\n

A single device left untouched causes the same amount of risk as not doing anything at all. It\u2019s not a choice for the enterprise to patch some, but not all, of their vulnerabilities, and say “Let\u2019s just hope that no one cracks open the one we didn\u2019t patch.”<\/p>\n

\u2014 Biswa Jaysingh, principal product manager, Microsoft Digital Employee Experience<\/p>\n<\/blockquote>\n

A big part of our transformed experience is due to Windows Update for Business<\/a>, which reduces the time and effort it takes us to configure our machines and deploy security updates, which in turn is leading to better, more secure outcomes.<\/p>\n

[Take a look at our rich set of content that chronicles our move to Windows 11<\/em><\/a>. <\/em>Explore the opportunities of Windows Update for Business<\/em><\/a>.<\/em> Learn how to deploy Visual Studio updates through Windows Update for Business<\/em><\/a>.]<\/p>\n

The triple aims of patching<\/h2>\n

Patching has three parts: completeness, timeliness, and accuracy.<\/p>\n

\"
Microsoft wants to make sure all devices\u2014including those that employees rarely use\u2014are compliant and secure, says Biswa Jaysingh, a principal product manager with our Microsoft Digital Employee Experience team.<\/figcaption><\/figure>\n

\u201cA single device left untouched causes the same amount of risk as not doing anything at all,\u201d Jaysingh says. \u201cIt\u2019s not a choice for the enterprise to patch some, but not all, of their vulnerabilities, and say, \u2018Let\u2019s just hope that no one cracks open the one we didn\u2019t patch.\u2019\u201d<\/p>\n

That\u2019s where patching compliance comes into play. The goal is always to have a vulnerability patched in the shortest amount of time possible across a large volume of user devices. The third leg, accuracy, is ensuring that all dependencies are also addressed for vulnerabilities.<\/p>\n

Of course, a patch only works when correctly installed, which is why Microsoft sets aggressive internal timeliness standards to define how long users have to install the updates.<\/p>\n

\u201cWe should reach 95 percent compliance within 30 days after a security update is released,\u201d says Harshitha Digumarthi, a senior product manager responsible for improving the security patching experience on our Microsoft Digital Employee Experience team. \u201cUsers don\u2019t always treat updates with the same degree of importance, especially if it disrupts their work. Making Windows patching a better experience improves our compliance significantly.\u201d<\/p>\n

Automatic forced reboots and a deluge of notifications were not a pleasant update experience. While effective from a brute-force perspective, they caused consternation among users who delayed or avoided updating their devices.<\/p>\n

What if, for example, you were in a presentation when your machine automatically shut down for an update? This kind of disruption to productivity is the kind of experience we\u2019re trying to avoid.<\/p>\n

Providing a seamless patching experience<\/h2>\n

Our team in Microsoft Digital Employee Experience has implemented new recommendations which minimizes disruption for users while bolstering the Windows patching security posture. This process begins with adopting advances in Windows Update for Business.<\/p>\n

Windows Update for Business automates a significant portion of the deployment process, eliminating the need for our IT admins to complete multiple builds and tests, now allowing them to work more efficiently and accurately.<\/p>\n

Overall, this strategy reduces our operational costs and improves our speed of deployment and adoption.<\/p>\n

In Windows Update for Business, we can expedite zero-day patching, communicate with users, and easily manage deployment deadlines and notifications. All of this used to be manual.<\/p>\n

These efficiencies allow our admins to take on other tasks.<\/p>\n

But it also ensures a better update experience for users by having predictable and accurate patches deployed at the same time each month.<\/p>\n

\"Digumarthi
Microsoft\u2019s goal is to install all new updates on all devices in its ecosystem within 30 days of an update being released, says Harshitha Digumarthi, a senior product manager responsible for improving the security patching experience on our Microsoft Digital Employee Experience team.<\/figcaption><\/figure>\n

\u201cBy utilizing Windows Update for Business, we are now routing all software updates for both Windows and other key Microsoft applications like Visual Studio to a single deployment on Patch Tuesday,\u201d Digumarthi says. \u201cThis means that we have reduced the impact on users to only a single monthly reboot.\u201d<\/p>\n

Our employees appreciate the smoother, less invasive patching experience given by Windows Update for Business and are installing updates more quickly. More complete and timely update compliance means that Microsoft is more secure.<\/p>\n

Driving compliance and security<\/h2>\n

Our Microsoft Digital Employee Experience team continues to make strides in improving our Windows update workflow, creating a better user and admin experience. Windows Update for Business empowers us to close vulnerabilities faster, achieving the triple aim of completeness, timeliness, and accuracy, all while reducing operational cost and achieving our security goals.<\/p>\n

\u201cThe primary focus is creating a great user experience,” Digumarthi says. \u201cAfter that it\u2019s about improving operating costs and the admin experience. It\u2019s very expensive to patch and meet compliance goals, but we\u2019re finding ways to become more efficient with automation.\u201d<\/p>\n

Creating a predictable Windows update experience, where users know when they\u2019re getting updates, has significantly improved compliance. Once everything is packaged into the smallest number of reboots possible, and notifications cease to be a disruption, patching becomes less of a hassle.<\/p>\n

\u201cWe worked hard to minimize the impact that updates have on users and teams to encourage more timely compliance,\u201d Jaysingh says. \u201cWe are seeing success on all fronts, and the proof is in our compliance rates. We are now more secure than ever.\u201d<\/p>\n

\"Key<\/h2>\n