Intune Archives

Winsage

February 19, 2025

Deprecation approaches for WSUS driver synchronization

Microsoft has announced the deprecation of driver synchronization through Windows Server Update Services (WSUS), effective April 18, 2025. After this date, drivers will still be available through the Microsoft Update Catalog for on-premises environments, but importing them directly into WSUS will no longer be possible. A 2024 survey indicated that 34 percent of respondents were using WSUS for driver synchronization, with 8 percent expressing concerns about the deprecation. Alternatives to WSUS include Device Driver Packages, Microsoft Intune, and Windows Autopatch. WSUS has been included in the deprecation list since September 2024, and while it remains operational, Microsoft has stopped active development on it.

Winsage

February 7, 2025

Windows 11 OOBE updates adjusted after widespread criticism

Starting in mid-2025, Microsoft will allow organizations to manage how fresh installations of Windows 11 handle cumulative updates from the outset, responding to system administrators' concerns about previous control limitations. This new policy will be available for devices running Windows 11 version 22H2 or newer during the Out-of-the-Box Experience (OOBE). Initially, Microsoft planned to require the installation of the latest updates upon first boot, but this raised concerns about potential issues with fixes and critical features. The new configuration can be enabled through Windows Autopilot, synchronizing existing quality update settings. This change applies only to cumulative or quality updates, not optional monthly updates. Organizations without Autopilot can disable quality updates during OOBE via Group Policy. The update process typically takes around 20 minutes, depending on various factors.

Winsage

December 7, 2024

Microsoft Confirms Windows 11 Hardware Requirements Won’t Go Away — Redmondmag.com

Microsoft is urging users to transition to Windows 11 as the deadline for Windows 10 support approaches, with a key requirement being that PCs must have Trusted Platform Module (TPM) version 2.0 for installation. Many older PCs do not meet this requirement, which will remain unchanged before the end of Windows 10 support in October 2025. As of November 2024, Windows 10 holds 61.8 percent of the Windows market share, while Windows 11 has 34.9 percent. TPM 2.0 enhances security through advanced encryption and key management, and is integrated with features like Secure Boot and Windows Hello for Business. Microsoft recommends organizations evaluate hardware for TPM 2.0 compatibility, plan and budget for necessary upgrades, and update security policies to incorporate TPM 2.0. An extended support program for Windows 10 is available, but it is not indefinite. TPM 2.0 is deemed essential for maintaining a secure IT environment and is part of a broader Zero Trust strategy.

Winsage

November 20, 2024

Windows security and resiliency: Protecting your business

Microsoft prioritizes security and is set to unveil new security advancements during Ignite 2024, including insights from a July incident and investments to enhance security measures. The Secure Future Initiative (SFI) has dedicated the equivalent of 34,000 full-time engineers to address security challenges. The upcoming November update will provide insights and actionable learnings for customers. The Windows Resiliency Initiative focuses on improving reliability, enabling more applications to run without admin privileges, implementing stronger controls over applications and drivers, and enhancing identity protection against phishing attacks. Quick Machine Recovery will allow IT administrators to execute fixes remotely, available to the Windows Insider Program in early 2025. Microsoft is evolving partnerships with endpoint security providers through the Microsoft Virus Initiative (MVI) and is developing new capabilities for security product developers. A private preview for these capabilities will be available in July 2025, and Microsoft is transitioning to safer programming languages. Windows 11 is designed to be more secure than Windows 10, requiring a hardware-backed security baseline for new PCs. Features like Windows Hello Enhanced Sign-in Security and the Microsoft Pluton security processor enhance security. Windows 11 has led to a reported 62% reduction in security incidents and a threefold decrease in firmware attacks. New features in Windows 11 address challenges such as overprivileged users, unverified apps, and insecure credentials. Administrator protection allows users to make system changes securely without persistent admin privileges. Multifactor Authentication (MFA) is emphasized, with Windows Hello serving as the built-in MFA solution. Smart App Control and App Control for Business policies ensure that only verified applications can run, while Windows Protected Print integrates with Mopria-certified devices to enhance security. Personal Data Encryption safeguards files in known folders, and Hotpatch allows critical security updates without system restarts. Zero Trust DNS restricts devices to approved domains, and Config Refresh helps maintain preferred configurations. Microsoft emphasizes collaboration with OEMs and app developers to ensure Windows is secure by design and default.

Winsage

November 20, 2024

Microsoft brings hotpatch updates to Windows 11

Microsoft is introducing hotpatch updates to Windows 11 24H2, allowing security updates without requiring a system restart. This feature is currently in preview for Windows 11 Enterprise users. To use hotpatching, users must operate on Windows 11 Enterprise 24H2 and have a Microsoft subscription that includes Windows Enterprise E3 or E5, or a Windows 365 Enterprise subscription, along with Microsoft Intune for deployment. Hotpatch updates provide a complete set of OS security patches that take effect immediately upon installation. The update process involves installing a standard monthly security update with a restart in the first month of each quarter, followed by two months of hotpatch updates that do not require a restart. This approach reduces the number of required restarts from twelve to four each year.

Winsage

November 20, 2024

Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365

Microsoft has introduced hotpatching in preview for Windows 365 and Windows 11 Enterprise 24H2 client devices, allowing security updates to be installed without rebooting. Hotpatching, which has been part of the Windows ecosystem since February 2022, enables background installation of security updates, patching in-memory code without disrupting user activities. These updates provide a complete set of OS security patches without additional features. The update cycle includes cumulative security updates in January, April, July, and October, with hotpatch updates in the intervening months, reducing required restarts from twelve to four annually. Organizations must have a Microsoft subscription that includes Windows Enterprise E3 or E5, devices running Windows 11 Enterprise version 24H2 or later, and Microsoft Intune for management to utilize hotpatching. Eligible organizations can enable hotpatch updates through a new Windows quality update policy in Intune. Devices not meeting the criteria will continue to receive standard monthly security updates.

Winsage

November 13, 2024

How to make the most of Windows Autopatch with Intune

Patching is a critical responsibility for IT departments to protect organizational data. Windows Autopatch is a cloud-based service from Microsoft that automates the update management process for Windows, Microsoft 365 applications, Microsoft Edge, and Microsoft Teams, enhancing security and productivity. It integrates with Microsoft Intune and utilizes Windows Update for Business to manage patching for Windows devices. Organizations must acquire the necessary licensing for Windows Autopatch and ensure devices are registered for the update management cycle. Key features include deployment rings, which determine the percentage of devices receiving updates, and update settings that dictate update behavior. Reporting capabilities provide insights into update status and notifications. Windows Autopatch creates configuration profiles for managing updates and establishes deployment profiles for monthly and yearly updates.

Winsage

November 2, 2024

Microsoft: Ditch Windows 10 for Windows 11 for better speed, efficiency, and AI

The end of support for Windows 10 is set for October 14, 2025. Users must decide to either upgrade to Windows 11, if their hardware is compatible, or choose an extended security update for an additional year of security patches. Microsoft encourages the transition to Windows 11, highlighting improvements in speed and efficiency, with claims of performance enhancements for PCs with the latest Copilot+ technology. Windows 11 is marketed as the most secure version of Windows, featuring TPM 2.0, Smart App Control, and the Pluton security processor, which purportedly reduce security incidents by up to 62% compared to Windows 10. Organizations may benefit from 50% faster workflows with tools like Windows Autopilot and Intune. Since its release in 2021, Windows 11 has received updates that improve animations and interface design while remaining compatible with Windows 10 applications. Users with older hardware may not experience the same performance benefits, and the option for extended security updates until October 2026 is available for a fee.

Winsage

November 1, 2024

Windows 10 support ends in October 2025, but you can pay $30 to get another year of security updates

Microsoft has announced that mainstream support for Windows 10 will end in October 2025, urging users to upgrade to Windows 11. Users can continue using Windows 10 but will face increasing risks as Microsoft will stop providing security, bug fixes, and feature updates. Extended Security Updates (ESU) will be available for personal users for one additional year and for business users for up to three years, with escalating costs. Personal users will not receive updates after October 2026, while business customers can extend updates for a fee that increases annually. Even with ESU, only security updates will be provided, with no bug fixes or feature updates.

Winsage

November 1, 2024

How to prepare for Windows 10 end of support by moving to Windows 11 today

Microsoft will end support for Windows 10 on October 14, 2025, and is encouraging users to transition to Windows 11. Key points include the advantages of upgrading, eligibility assessment for current PCs, resources for acquiring new PCs, and details on Extended Security Updates (ESU). Windows 11 features enhanced security with a 62% reduction in security incidents, improved performance, multitasking tools, accessibility enhancements, energy efficiency, and AI integration. The operating system includes hardware-based protections and advanced authentication methods, such as the Microsoft Pluton Security Processor and Smart App Control. Users can check their upgrade eligibility through Windows Update and may need a new PC for full benefits. Microsoft offers resources for data transfer and synchronization. The ESU program will provide critical security updates for those needing more time to transition. Windows 11 is designed to support organizations, promising a 250% return on investment and improved device management.