Today at Ignite, I had the pleasure of sharing how we’ve designed Windows Update for Business to empower IT Professionals to keep the Windows devices in their organization always up to date with the latest security defenses and Windows features. Windows Update for Business will be a free service for all Windows Pro and Windows Enterprise devices – and in this blog I want to explain how this service is unique and valuable among today’s smart-device ecosystems.
Today’s announcement builds on a journey that began in September when we first introduced Windows 10 for business. Since then, we’ve shared additional chapters of our Windows 10 story for business, focusing on security, deployment, manageability, and much more. And of course, this all builds on the Windows 10 end-user experience designed to empower everyone to do great things – with a familiar Start menu, a new Action Center, Continuum, Windows Hello, and of course, Cortana (soon, you can check out this demo Joe Belfiore did today of Cortana enabling you to ask natural language questions and extrapolate the answer from Power BI! It will be located here).
Today’s Security Landscape
All that being said, a top design priority has been to prepare Windows 10 for today’s complex and high profile security threat landscape. We’ve been designing Windows 10 security at all layers of the stack:
- Device protection, beginning with hardware-based Secure Boot to ensure that only trusted software loads when the device is turned on. Next, Windows 10’s new Device Guard feature ensures applications from trusted sources, including the Windows Store for Business, are allowed to run. Device Guard is backed by hardware-based Hyper-V isolation making it robust against software-based threats. Finally, Windows 10 includes a new device health capability that allows enterprises and websites to ensure that users only access services from healthy, fully updated, and compliant devices.
- Identity protection, with Windows 10’s Microsoft Passport feature, leveraging hardware-based Hyper-V isolation to protect credentials and securely authenticate with websites and networks on your behalf—without sending up a password. With Microsoft Passport, there is no password to be phished from the user or stored on a server for hackers to potentially compromise. Microsoft Passport puts enterprises on the path to putting “pass the hash” attacks behind them for good. And of course, there’s Windows Hello which makes biometric authentication simpler than ever.
- Application protection, with the Windows Store for Business, certifying applications before distribution and Device Guard ensuring enterprise devices only run those certified applications.
- Information protection, with Windows 10’s Enterprise Data Protection functionality, which can automatically encrypt corporate apps, data, email, website content and other sensitive information, as it arrives on the device from corporate network locations.
With all these protections in place, the fact still remains, the number one thing a business can do to protect their devices is to keep them up-to-date with the latest security updates. Here at Microsoft, we take our responsibility to keep Windows secure seriously. We follow up on all reported security issues, continuously probe our software with leading edge techniques, and proactively update supported devices with necessary updates to address issues. And today, we’re announcing this continuous update process applies to all Windows 10 devices, including phones.
This level of commitment and support is far different than Android, for example, where Google refuses to take responsibility for updating their customers’ devices, leaving end-users and business increasingly exposed every day they use the device.
Today’s Updating Process
For all of our Windows consumers, we offer Windows Update as a free service. We currently manage over 850M diverse Windows devices through Windows Update, updating them regularly with security and quality improvements. With Windows 10, Windows Update will also be regularly delivering ongoing Windows innovation in addition to security updates.
For all of our Windows business customers, we support a variety of update management solutions. These solutions enable a business to select which updates to deploy to which devices on what schedule. The design point of these Windows updating solutions was to enable Windows business devices to be selectively updated like mainframes – where reliability is paramount, with a guiding philosophy of “if it isn’t broken, don’t fix it.” And still today, this capability is well utilized on many Windows mission critical devices worldwide. With Windows 10, we are improving our support of these mission critical deployments by offering “Long Term Servicing Branches” that contain ONLY security updates, without any functional updates.
However, when considering the end-user devices in business today, it’s clear this approach is not ideal. People at work expect the same Windows innovations which are being delivered to their Windows consumer devices, but selective updating introduces delays in roll outs. Selective updating at scale also creates customer-unique quality issues, since we rigorously test the platform as an integrated whole. Selective updating creates platform fragmentation for developers, which impedes innovation and creates quality problems with apps. And last but not least, selective updating is an expensive, thankless task for IT professionals. With Windows 10, we need a new approach for end-user devices at work.
Introducing Windows Update for Business
With Windows 10, we’re excited to provide you a new option – Windows Update for Business. We have been working with IT professionals all over the world to design new capabilities in Windows Update, designed for end-user devices within businesses. Windows Update for Business will provide:
- Distribution rings, where the IT Pro can specify which devices go first in an update wave, and which ones will come later (to ensure any quality kinks are worked out).
- Maintenance windows, where the IT Pro can specify the critical timeframes when updates should and should not occur.
- Peer to peer delivery, which IT can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient.
- Integration with your existing tools like System Center and the Enterprise Mobility Suite – so that these tools can continue to be that ‘single pane of glass’ for all of your systems management.
Windows Update for Business will reduce management costs, provide controls over update deployment, offer quicker access to security updates, and provide access to the latest innovation from Microsoft on an ongoing basis. Windows Update for Business is FREE for Windows Pro and Windows Enterprise devices. It’s part of our intelligent cloud – we will update and maintain Windows devices for you, while still giving you control.
If you are interested in shaping Windows Update for Business with us, please join the Windows 10 Insider Program today. As you roll out Windows 10, we recommend you segment your Windows devices and consider the best updating approach for each class of device, and then start a pilot of Windows Update for Business with your end-user devices. Together, as partners in the innovation of IT, we will make this a great solution for your business end-user computing needs.