With the most recent Windows update causing major issues with lost data for its users, people are beginning to feel weary of these automatic updates, so what can you do to manage them?
Windows updates are important—not only for security but to access new features and to fix any bugs… but that does not mean these updates have to be an annoying, intrusive or dangerous process.
Most recently, the Windows 10 October update had users reporting several wide-ranging issues caused by the update. The biggest complaint? Lost data and files. Yikes! Other complaints included issues with CPU usage and reduced battery life post update as well. Luckily, there are a few options to better manage these automatic updates to protect your data.
Depending on your industry, the size of your company and other factors, one solution may work better than others in your workplace. Look at these three solutions that allow you to be in charge of the timing of your updates.
Windows Update for Business
Windows Update for Business is a layer of configuration option that controls the free Windows Update service. It allows IT pros to set update policies for an organization that can delay updates until they’ve been proven safe and reliable. The big pro to Windows Update for Business is that it is a free service.
- Delay Patch Tuesday updates for up to 30 days
- Defer feature updates until Microsoft declares the update ready for widespread deployment
- Simplified access, Windows Update for Business is available in the settings application
Microsoft Intune provides the ability to configure update settings on devices and gives you the ability to defer update installation. Intune is typically ideal for smaller organizations or companies that have a small IT team because it is simple to manage in the cloud. It is an easier setup and less upkeep than other solutions. Intune allows you to defer a whole lot of updates, but this also means you can not pick and choose specifically which updates you want to defer or install. Intune also does not work with servers, only workstations which is another reason it is usually the best option for smaller sized companies. Intune can manage mobile and tablet devices in addition to PCs which is a tremendous benefit.
- Enabling organizations to provide their employees with the ability to access company data from anywhere on almost any device all while ensuring the data is secure.
- Requires no on-premises resources and can be managed by a web console from anywhere in the world.
- Easy cloud deployment in a relatively short timeframe
- Allows users to enroll and manage their devices alongside the ability to install corporate applications
- No infrastructure needed which eliminates the need to maintain hardware or infrastructure
- Secure company data by being able to request a passcode reset, lock a device, and even fully wipe a device if a device unenrolls, is lost, or stolen
System Center Configuration Manager (SCCM)
Configuration Manager has capabilities that extend beyond software updates, such as application deployment, antivirus management, software metering, and reporting, and provides a secondary deployment method for Windows Long Term Servicing Branch (LTSB) clients. Configuration Manager can effectively control bandwidth usage and content distribution through a combination of BranchCache and Distribution Points.
SCCM can be more complicated to manage because it allows for more customization. With this tool, you can pick which updates to defer or to install and you can also pull an update after you have already installed it, or set up a set of machines as test groups.
- Enabling your organizations IT team to quickly deploy new devices and manage the sea of servers and PCs in your network.
- Rollout new machines easily with quick OS deployment and imaging
- Support a wide range of devices such as PC, Windows Servers, Linux, Unix, and even Mac OS X
- Take full control of your environment with comprehensive PC management where you can set up group policies, custom reporting, login scripts, and more
- Automatically deploy Windows Updates to end-user Windows workstations and Windows servers with minimal effort
Intune & SCCM Together
The majority of our clients today are choosing to utilize SCCM and Intune together. They are employing the power of SCCM to handle things like images and patching. Plus, they are managing their mobile devices with Intune. Many clients are also treating the PCs of their road warrior users (salespeople/ regional managers, etc.) just like mobile devices. Then they utilize Intune to manage the PC with Azure Active Directory to drive authentication. This means that IT departments no longer need to worry about PCs coming back onto the network to obtain their antivirus updates or patches. The coolest part, when a client purchases a license for Intune, they also get the client license for SCCM included! So, even Microsoft thinks that utilizing both packages to their strengths makes sense.
Need More Guidance?
Are you stuck on which solution would be best suited for your organization? Contact us and schedule a free consultation; we will assess your current work environment and help guide you in the right direction. Our consultants have experience implementing a number of management packages, so they are equipped with the knowledge to answer your questions and get everything started.
For additional resources, check out this blog from our partners at Peters & Associates.