14 DAY TRIAL // Microsoft has detailed the company’s latest way to improve the delivery of Windows updates, especially in the case of companies where deploying urgent patches is essential.
Available for devices enrolled in the Windows Update for Business deployment service (in Intune and Windows Update for Business), the program is mostly aimed at resolving zero-day security vulnerabilities in a timelier manner.
Microsoft says the best approach is to configure the number of days required for a reboot to 1 or 2 days, as it prevents forced reboots to minimize the disruption in the organization.
Full focus on security updates
At the same time, it also gives a reasonable window to deploy security updates, though when zero-days are being involved, immediate rebooting might be required.
“If you are using the expedite capability for the first time, then prior to reaching a zero-day vulnerability scenario, identify if your devices are eligible to receive expedited updates or not. If your devices are up to date and active, do a test run and expedite them to an older security update,” Microsoft explains.
“For example, if your devices have the August security update, then you could test the expedite capability by using target release as June. The Summary and Device reports in Intune will notify you if there are devices that could not be expedited, along with reasons and mitigations. Note: We are exploring a future capability to test the expedite capability without having to create an expedite policy for a quality update.”
Microsoft says the program is currently focused specifically on security updates, but at the same time, the company reveals that it’s also working on a similar approach specifically aimed at non-security patches. This expansion would make it possible for organizations to urgently deploy certain bug fixes and improvements on their Windows 10 and Windows 11 devices, while also enforcing a time to reboot per each machine.