Over-the-Air Updates: Keep Devices Evergreen Without Patch Management
How good would it be if the process to update our Windows applications was as easy as it is on our smartphones?
These days we take it for granted that our smartphone applications are updated, often automatically based on the rules we set.
Those rules might be allowing updates to happen automatically when devices are connected to a Wi-Fi network for apps, and overnight when we are not using our mobile devices for OS updates. Why would you not want to do something similar on your computer?
Over-the-Air (OTA) Updates does precisely that, with minimal impact.
Denis O’Shea on Over-the-Air Updates and What It Means
Managed Updates were Tedious, Often Tying up IT and Individual users
Do you remember all the time you spent on updates, often one at a time? Windows updates used to be a managed process, relying on Group Policy, System Center, WSUS and update servers. Often staff had to be physically located in the office to be able to receive their updates and work through each step.
Having to be at their desks for updates resulted in time loss, frustration and often companies were months behind on updates, with different users and different levels of currency. Not having the latest updates on their computers left them exposed to
vulnerabilities and created an IT administration nightmare.
Windows 10 can now be updated, just like your iOS or Android smartphone. Users no longer must be physically connected to the domain or the wired network.
Instead of those massive releases every three years, Microsoft now releases bi-annual feature updates and monthly quality updates with security fixes.
Using Microsoft Intune, you can deploy Windows updates using Windows deployment rings. It’s like throwing a stone into a pond. Each ring goes farther from the source, and the update reaches more users.
Users don’t have to come into the office to get their updates. They can get them anywhere they have connectivity, reducing time loss and stress and eliminating the need to be domain joined and on VPN.
With small regular updates delivered Over-the-Air, employees receive prompts to restart their device, and the updates are then automatically installed, typically within a few minutes over an Internet connection.
System Admins can set the maximum deferral period for updates and check user-compliance of devices in Windows Analytics.
What This Means for You
There is no additional cost for this service, and it saves you time and money. Over-the-Air updates reduce the server infrastructure you previously used for managed updates. You can plan and execute Windows updates just like you would a mobile app update on iOS or Android.
Sunset On-premise Infrastructure
Once you move to over-the-air updates you can eliminate imaging for end-user devices. Image management infrastructure can be retired, and licensing costs can be saved. Further, VPNs may no longer be required for user access – this will depend on other on-premise resources – certainly updating will no longer require ‘phoning home.’
Our clients have been able to sunset SCCM, WSUS, VPNs, and combined with the other aspects of Modern Endpoint Management, some have completely eliminated their server room.
Device Stay Secure
With Windows Deployment Rings, updates are no longer dependent on patch management from your internal IT team. Instead users will be prompted (and eventually forced) to update their machine based on the deployment ring you place them into. This means devices stay evergreen. Further, device wipes and resets do not experience the same amount of updating as traditional Windows operating systems, so they are less vulnerable when reset.
For a deeper dive on how this affects security, check our article on Windows 10 updates from our Principal Architect, Daniil Michine.
IT can focus on innovation
Image management and patch management are resource intensive but do little to drive your business further ahead. IT departments are constantly strapped for time and struggle to maintain the pace of innovation that business leaders desire. Over-the-air updates return time to valuable IT resources and shift IT from keeping the lights on to driving innovation.
Better employee experience
Over-the-air updates give employees control of when to apply the update while still ensuring that the device remains current after a reasonable period. The update works from any internet connection and doesn’t require connecting to the domain.
This reduces IT helpdesk calls and eliminates a frustration point for employees.
We wouldn’t be without it!
We walk the talk. At Mobile Mentor, we use over-the-air updating through Microsoft Intune for all our devices, and we strongly recommend it to all our clients.
When COVID hit and everyone had to work from home, the transition was seamless. Our administrators didn’t have to scramble to create new processes and capabilities, we didn’t require a VPN and our laptops remained updated and secure across three countries.
Over-the-Air Updates is one of the 6 pillars of Modern Endpoint Management. Leveraging it will simplify your IT operations and lead to happier, more engaged, and more productive employees.