Windows updates are important—not only for security but to access new features and to fix any bugs… but that does not mean these updates have to be an annoying, intrusive or dangerous process.
Most recently, the Windows 10 October update had users reporting several wide-ranging issues caused by the update. The biggest complaint? Lost data and files. Yikes! Other complaints included issues with CPU usage and reduced battery life post update as well. Luckily, there are a few options to better manage these automatic updates to protect your data.
Depending on your industry, the size of your company and other factors, one solution may work better than others in your workplace. Look at these three solutions that allow you to be in charge of the timing of your updates.
Windows Update for Business is a layer of configuration option that controls the free Windows Update service. It allows IT pros to set update policies for an organization that can delay updates until they’ve been proven safe and reliable. The big pro to Windows Update for Business is that it is a free service.
Microsoft Intune provides the ability to configure update settings on devices and gives you the ability to defer update installation. Intune is typically ideal for smaller organizations or companies that have a small IT team because it is simple to manage in the cloud. It is an easier setup and less upkeep than other solutions. Intune allows you to defer a whole lot of updates, but this also means you can not pick and choose specifically which updates you want to defer or install. Intune also does not work with servers, only workstations which is another reason it is usually the best option for smaller sized companies. Intune can manage mobile and tablet devices in addition to PCs which is a tremendous benefit.
Configuration Manager has capabilities that extend beyond software updates, such as application deployment, antivirus management, software metering, and reporting, and provides a secondary deployment method for Windows Long Term Servicing Branch (LTSB) clients. Configuration Manager can effectively control bandwidth usage and content distribution through a combination of BranchCache and Distribution Points.
SCCM can be more complicated to manage because it allows for more customization. With this tool, you can pick which updates to defer or to install and you can also pull an update after you have already installed it, or set up a set of machines as test groups.
The majority of our clients today are choosing to utilize SCCM and Intune together. They are employing the power of SCCM to handle things like images and patching. Plus, they are managing their mobile devices with Intune. Many clients are also treating the PCs of their road warrior users (salespeople/ regional managers, etc.) just like mobile devices. Then they utilize Intune to manage the PC with Azure Active Directory to drive authentication. This means that IT departments no longer need to worry about PCs coming back onto the network to obtain their antivirus updates or patches. The coolest part, when a client purchases a license for Intune, they also get the client license for SCCM included! So, even Microsoft thinks that utilizing both packages to their strengths makes sense.
Are you stuck on which solution would be best suited for your organization? Contact us and schedule a free consultation; we will assess your current work environment and help guide you in the right direction. Our consultants have experience implementing a number of management packages, so they are equipped with the knowledge to answer your questions and get everything started.
For additional resources, check out this blog from our partners at Peters & Associates.