If we had £1 for every time we stressed the importance of patch management alongside any Windows 10 version update, we would be sailing around the Bahamas in a Yacht. But we’re not in it for the Yacht – we love helping our Encryption partners and here’s another article on Windows 10 Patch Management.
Patch management is an ongoing process to help organisations acquire, test and install multiple patches on existing applications and software on a computer or device.
As with a lot of Windows feature upgrades, Windows 10 1803 (RS4) has seen many hiccups along the way, from its late arrival due to a blocking bug (1), to certain Surface Pro (2017) owners being hitting with blue screens of death when trying to update to Win10 1803 (2)… which was later found out to be connected to the issue with Win10 1803 being incompatible with Toshiba Solid State Drives (3)… The list goes on.
Whilst it’s still very early in the rollout cycle, it’s safe to say that Windows 10 1803, build 17134.1, has delivered more than its fair share of bugs and many of which are tied to Microsoft software, such as Skype (4). We have personally received reports of VPNs not working, Skype for Business not functioning as well as several other hardware reports.
Windows 10 has changed. Every 6 months we will see a fresh release of Windows, so in light of the above, extra care and attention needs to be taken to ensure a smooth transition between versions. Windows versions have an average of 18-24 months of security updates, which also shortens the lifespan of a device even further. So, what do we do?
Patch Manage. Patch Manage. Patch Manage.
As an organisation, MFG Managed Encryption follow appropriate procedures to test multiple scenarios to ensure the best outcome for our partners and their customers.
As an example, we are currently testing the process of in-line upgrades without the need for ‘Suspending BitLocker’ – this will allow for a smoother transition to the next future version of Windows, for example 1709 to 1803.
We have our own set of patch management procedures which we apply to Windows 10 feature updates, as well as falling in-line with our wider company policies.
Many businesses around the globe have suffered a loss in productivity due to issues with Windows 10 feature updates, therefore controlling these upgrades with patch management is a must is.
We would always suggest testing new software prior to upgrading to avoid any potential compatibility issues. This would include a procedure to block automatic upgrades, vet the updates and push-out to test machines on both Windows 7 and Windows 10 in your environment.
Upgrade or Retire?
Together with the launch of 1803, Windows 10 version 1607 Pro (RS1) will no longer be receiving security updates, as per Microsoft’s Windows lifecycle fact sheet.
An upgrade may not be a practical or particularly worthwhile option at the end of the 18-24-month period. Of course, the customer may decide to upgrade (at a cost) or retire the device and replace it with a new device to meet up-to-date security measures.
Notes for Partners: Windows 10 and SecureDoc (Managed Encryption)
To upgrade to 1709 onwards, you will require the latest version of the SecureDoc software. (This is made available to our partners for each of their clients in their secure area). Please note: these packages are regularly updated, so please don’t install from a localised version.
If you are on Enterprise version of Windows 10, an extended 6 months of security updates are provided. If you have any questions, please contact your MFG account manager. Or for further guidance, see our Windows 10 Patch Management document (which is held in your secure FTP site), or contact your patch management provider.