{"id":11209,"date":"2023-06-01T08:00:45","date_gmt":"2023-06-01T15:00:45","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=11209"},"modified":"2025-10-02T09:26:39","modified_gmt":"2025-10-02T16:26:39","slug":"harnessing-first-party-patching-technology-to-drive-innovation-at-microsoft","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/harnessing-first-party-patching-technology-to-drive-innovation-at-microsoft\/","title":{"rendered":"Harnessing first-party patching technology to drive innovation at Microsoft"},"content":{"rendered":"

\"Microsoft
\nWe live in a world where network security is a foundational concern for large enterprises like ours that are trusted with sensitive customer data. This creates an environment where we all need to ensure that we have high patching compliance across our massive array of devices. This complexity requires that we continuously improve our patching tools and solutions.<\/p>\n

Layered on top of that, our need for device security exists within a complex matrix of software, hardware, and user interfaces. If our employees are running out-of-date software, they\u2019re leaving their device and our network unsecured and vulnerable.<\/p>\n

Every leader understands the extreme importance of keeping their data secure. No enterprise wants to be the next company that gets exposed by one of these hacks that has happened in the past and to lose sensitive business or customer data.<\/p>\n

\u2014Biswa Jaysingh, principal product manager, Microsoft Digital<\/p>\n<\/blockquote>\n

\"Ruana,
Christine Ruana (left), Biswa Jaysingh (center), and Jamshed Damkewala are among those helping Microsoft transform how it does first-party patching. Ruana is principal program manager for Microsoft Visual Studio responsible for enterprise deployments and updates of Visual Studio, Jaysingh is a principal product manager in Microsoft Digital, and Damkewala is a principal PM manager on the Platforms and Languages team responsible for .NET.<\/figcaption><\/figure>\n

This is especially true when developers use powerful first-party tools like Microsoft Visual Studio and developer platforms like .NET to build new software. With developer platforms like .NET, this becomes even more critical because .NET is not just deployed to developer machines, it is also installed on the computers where the developed application will run.<\/p>\n

Here at Microsoft Digital, the company’s IT organization, we are committed to holistically improving patching compliance rates across the company. To ensure we are improving security at every level of Microsoft\u2019s infrastructure, from software and devices to the networks themselves, we are utilizing new technology and new approaches that we develop internally within our organization and within our product group partners.<\/p>\n

\u201cEvery leader understands the extreme importance of keeping their data secure,\u201d says Biswa Jaysingh, a principal product manager with Microsoft Digital. \u201cNo enterprise wants to be the next company that gets exposed by one of these hacks that has happened in the past and to lose sensitive business or customer data.\u201d<\/p>\n

Recent innovations in first-party patching technology at Microsoft, including in Windows Update for Business, Microsoft Endpoint Manager, and Microsoft Defender for Endpoints, are allowing us to unlock unprecedented levels of security across our network while at the same time reducing costs and speeding the timeline of deployment. From consolidating multiple deployments to reducing the impact of reboots on users, our changes are producing efficiencies across the business.<\/p>\n

Within the matrix of network security at Microsoft, there are several critical arenas for security admins to monitor, patch, and secure. Malicious actors are looking at the full tech stack for vulnerabilities, which means our teams must monitor, patch, and secure devices at every level from the operating system and first-party software to hardware and third-party software.<\/p>\n

[Discover boosting Windows internally at Microsoft with a transformed approach to patching.<\/a>]<\/em><\/p>\n

Reacting to the growing threat to first-party software<\/h2>\n

In the modern cloud-connected world there is more surface area that we need our IT professionals to protect. With more and more devices, from Internet of Things devices to peripherals having internet access, there is much larger potential for bad actors to break in. It\u2019s more important than ever to stay secure, which means update compliance must be as close to 100% as possible across all levels of a device.<\/p>\n

\u201cThe last thing we want is for Microsoft to ship a fix for a vulnerability, but an enterprise isn\u2019t able to adopt the update. That would leave them insecure,\u201d says Christina Ruana, principal program manager for Microsoft Visual Studio, who is responsible for enterprise deployments and updates of Visual Studio.<\/p>\n

This passion for effectively securing networks led Microsoft leaders like Ruana to ensure they\u2019re doing everything possible to ease the burden of patching, both on our teams here at Microsoft and for our external customers. \u201cVisual Studio\u2019s recent Administrator update solution<\/a> makes it much easier for enterprises to deploy updates through Microsoft Endpoint Manager,\u201d Ruana says.<\/p>\n

At the start of the .NET journey we were seeing unacceptable compliance rates as developers were using the software in ways that we hadn\u2019t anticipated. This increased the complexity for maintaining patching compliance. We had to create paths for updating both current builds of .NET through Visual Studio and for keeping older builds compliant through Microsoft Update. This has improved compliance rates considerably.<\/p>\n

\u2014Jamshed Damkewala, principal PM manager, Platforms and Languages team<\/p>\n<\/blockquote>\n

We\u2019re using Microsoft Defender for Endpoints to manage the health of our devices, which is helping us improve the security of our network while also improving the user experience for our employees and our admins. Every efficiency gained along the way makes it more likely for compliance rates to grow. Teams are working around the clock to identify and patch vulnerabilities, but this work is only as effective as the compliance rate is strong.<\/p>\n

A better experience for admins and users alike<\/h2>\n

We in the Microsoft Digital Employee Experience organization began our journey to transform the way we do patching by making it easier for our IT admins to deploy patches across our network.<\/p>\n

Until recently, the first-party patching regime at Microsoft required a slew of software solutions to be manually managed, including important software applications like Visual Studio and .NET. But in November 2022, we were able to migrate numerous critical patch deployments to Windows Update for Business, dramatically increasing the timeliness and accuracy of device patching.<\/p>\n

\u201cAt the start of the .NET journey we were seeing unacceptable compliance rates as developers were using the software in ways that we hadn\u2019t anticipated,\u201d says Jamshed Damkewala, principal PM manager on the Platforms and Languages team responsible for .NET. \u201cThis increased the complexity for maintaining patching compliance. We had to create paths for updating both current builds of .NET through Visual Studio and for keeping older builds compliant through Microsoft Update. This has improved compliance rates considerably.\u201d<\/p>\n

We gain significant efficiencies as we eliminate manual deployments through automation and streamline the rollout of patches through Windows Update and Windows Update for Business. With these universal sources for patches, we simultaneously reduce time for testing while reducing errors in the deployments.<\/p>\n

With more accurate updates meeting user devices more quickly and hitting all builds of first-party software that require patching, our networks are more secure than ever. The ease of patches deploying on devices also reduces the impact on users, so they are more likely to remain compliant while experiencing minimal disruption.<\/p>\n

These innovations are not custom built for Microsoft. We are effectively leveraging technology that we already had to make it more efficient and effective for teams to patch their software.<\/p>\n

\u2014Harshitha Digumarthi, senior product manager, Microsoft Digital<\/p>\n<\/blockquote>\n

Furthermore, the technology within Microsoft Defender for Endpoints allows for thorough device scanning to provide effective telemetry for admins to react to, giving them better knowledge to engineer future patches and policies for Windows Update for Business, which further grows compliance rates. We use it to scan and report vulnerabilities, which empowers our admins to respond faster. Microsoft Endpoint Manager also allows our admins to better manage Windows Update for Business policies.<\/p>\n

Providing the tools for teams to succeed<\/h2>\n

Internally here at Microsoft, our updated technology allows us to monitor our networks more efficiently, providing detailed telemetry about device health that we\u2019ve never had before. This visibility allows us to develop new protocols for our networks, including complicated cases of end-of-life devices and end-of-service software.<\/p>\n

But the true unlock-for-efficiency comes in how these systems were designed, constructed, and automated.<\/p>\n

\u201cThese innovations are not custom built for Microsoft,\u201d says Harshitha Digumarthi, a senior product manager responsible for improving the patching experience at Microsoft Digital. \u201cWe are effectively leveraging technology that we already had to make it more efficient and effective for teams to patch their software.\u201d<\/p>\n

This approach reduces cost, increases the speed of development, and fundamentally improves the efficiencies of teams deploying mission-critical patches for their software. Potential errors caused by manual deployment are eliminated and the single update source on a single day per month improves the user experience considerably. The result is a more secure network through increased device compliance.<\/p>\n

These benefits are compounded when it comes to first-party software like Visual Studio and .NET. We\u2019ve seen a rise in patching compliance for internal customers developing new solutions with these products, all attributable to improvements in Visual Studio and .NET. As a result, security dividends can exponentially grow through the company and to the ecosystem at large. Our networks, and yours, are more secure thanks to these developments.<\/p>\n

\"Key<\/figure>\n