by Anton Saes
Windows patch management is the way you manage patches for Microsoft Windows, a type of code that is inserted into the code of existing software. Usually it is a intermediate measure to remaining safe, compliant and productive until a new software version becomes available.
What we’re finding is that customers with Windows devices are being constantly challenged to maintain their Windows patching (feature updates) while remaining mindful of user impact (time it takes to update the computer) and network capacity.
Windows 10 Enterprise is a product supported for 30 months for the (H2) builds only, with only 18 months of security updates. To avoid security deficiencies devices need to have feature updates completed i.e going from Windows 10 1809 to 1909.
How you manage this process really depends on your existing management solution and how you already maintain your patching. Assuming that most customers are on-prem and currently using Endpoint Manager with WSUS to control patching, then I would recommend using a task sequence with an upgrade package to feature update Windows 10. This method allows greater flexibility and control. You should also be updating device firmware (BIOS flashing) and updating the drivers as part of a feature update.
What do you need to consider?
You need to have a plan for maintaining Windows 10. Most customers update to Windows 10 and tick the box however don’t possess a plan on how to maintain the platform.
Think about the applications you really require; less is more in this instance. The fewer applications you have running equates to fewer over-heads to maintain. i.e. Do you really need 3 different web browsers?
Olikka, Part of Accenture can help you design a deployment plan and also provision infrastructure such as a Cloud Management Gateways which provide feature updates to remote devices without relying on a VPN connection.