Monday, May 9, 2022

The Best of Windows: Windows 365, Windows 11, and Windows Autopatch

The demand for digital transformation has never been greater.  In an uncertain world, organizations understand the need to adopt modern technologies to keep their employees productive and secure. As I work with customers in the manufacturing industry, it’s been a great joy to see most organizations start prioritizing a Zero Trust approach with modern management technologies.


As a direct response to the global pandemic, we have delivered unprecedented innovations within Windows.  To best position your organization, it’s imperative to learn about and understand the latest Windows announcements. Windows 365, Windows 11, and Windows Autopatch are designed to empower your organization with the tools to help your organization enable hybrid work and improve employee efficiency.


Introducing Windows 365:

Our CEO, Satya Nadella, announced Windows 365 to the whole world in July of 2021.  Windows 365 is an entirely new category of computing denoted as the Cloud PC.


For years, organizations have shifted their identities and applications to the cloud.  Cloud offerings have demonstrated the ability to improve employees’ productivity and security.  Given these learnings, Windows itself has moved to the cloud with Windows 365.  This is a truly ground-breaking innovation.  Organizations have already started adopting Cloud PC in droves.


Windows 365 devices are personal, persistent desktop experiences.  IT administrators can quickly deploy Cloud PC’s using Microsoft Endpoint Manager.  Users are then able to access their Cloud PCs through any device with an HTML5 browser.  Additionally, there are specific remote desktop clients available on Windows, MacOS, iOS, and Android devices. 


Windows 365 devices are designed to be managed the same way that physical devices are managed.  In fact, the administrator console for Cloud PC is built right into the Microsoft Endpoint Manger console.  When one deploys a Cloud PC, it shows up in Intune right next to all the other physical devices and can be managed using the same Intune policies.  Cloud PC devices can be managed with Intune and SCCM.  This makes it easy for IT teams, who can manage these devices with their existing desktop management skillset.

After an initial configuration of the Windows 365 environment, companies will be able to deploy Cloud PC’s rapidly across the globe by simply purchasing and assigning a Windows 365 license to a user.

Windows 365 is an excellent option for organizations with the following use cases.

  • Organizations who are having trouble getting devices due to the supply chain issues can immediately refresh employees’ device experiences with Cloud PCs
  • Cloud PCs are also excellent for short-term consultants and interns where it doesn’t make sense to purchase devices
  • Windows 365 can also assist organizations through mergers and acquisitions by providing users with devices on day one which have network access


To learn more about the exciting world of Windows 365, check out the following links:

Windows 365, your Cloud PC | What is it, how it works, and how to set it up

Windows 365 and Windows 11


Operating System innovations with Windows 11:

Windows 11 is the first and only operating system designed for hybrid work.  The Windows team focused on productivity, collaboration, and security with the Windows 10 experience.


When it comes to productivity and collaboration, Windows 11 for the win:

The Microsoft team released overview of the productivity and optimization improvements newly developed in Windows 11.  Check it out here:  Windows 11: The Optimization and Performance Improvements

When it comes to Windows 11, here are a few achievements to highlight:

  • Built-in snap assist provides users a new method to organize their Windows layouts
  • Apps are more responsive due to foreground prioritization even with high CPU usage
  • Resume from sleep is 25% faster with Windows 11
  • Built-in Microsoft Teams’ integrations simplify screen sharing and microphone settings


Windows 11, the most secure version of Windows ever released:

To detail this achievement, the Microsoft team released a 66-page comprehensive book on the security improvements in Windows 11.  Check it out here: Windows 11 Security Book

Here are a few highlights:

  • Firstly, all certified Windows 11 systems must be equipped with a TPM 2.0 chip.  TPM 2.0 chips are secure hardware-based, crypto-processors which are able to generate cryptographic keys.  These keys can be used for ensuring integrity of boot processes but also can be leveraged with Windows Hello for Business to reduce the risk of phishing attacks.  To learn more about the benefits of TPM 2.0, click here.
  • Secondly, Windows 11 supports Azure Attestation.  Windows 11 devices can leverage Azure attestation to remotely verify the integrity of a platform and the binaries running inside it.  This technology can give IT teams confidence that only authorized software is loaded and run on the hardware of a device.  To learn more about Azure Attestation, click here.
  • Third, Windows 11 is equipped with the most advanced Virtualization Based Security (VBS) and Hypervisor-protected code integrity (HVCI) security features to date.  VBS and HVCI prevent malicious actors from stealing sensitive data in a computer’s memory.  In the past, sophisticated attackers were able leverage the stolen data from memory to fully compromise the device.  These features are enabled by default when running Windows 11.  When comparing devices with HVCI and those without HVCI enabled, our preliminary research shows a 60% reduction in malware reports when HVCI has been enabled. To learn more about VBS and HVCI in Windows 11, click here.

To learn more about Windows 11, check out these resources:

Windows 11 Optimization and Performance Improvements

Windows 11: The 11 things every organization should know


Our newest announcement with Windows Autopatch:

For years, Microsoft has offered a paid, premium service to assist organizations with updating and patching requirements.  The goal of this service was to assist organizations with developing global strategies for keeping their devices secure and up to date.  Once the overall strategy was determined, Microsoft consultants and engineers were dispatched to work alongside IT teams to build the policies and monitor the solutions.  This offering provided incredible value to organizations and in light of this success, Microsoft has announced an initiative to extend this program to a multitude of organizations.


One month ago, Microsoft announced Windows Autopatch.  Windows Autopatch is a new service offering included with a standard Windows E3 license.  With Windows Autopatch, Microsoft resources will assist organizations automate the management of their updates for Windows, Office, and Microsoft Edge.  This service will reduce the workloads on IT admins and allow them to focus on other value propositions within their companies.


To ensure a secure and productive updating experience, Windows Autopatch will be designed to roll out to an organization in stages.  In Intune, these stages are referred to as update rings. 

There are four update rings to ensure an organization’s deployments are successful.

  • First, updates will be deployed to a specific group of test users.
  • Second, updates will be deployed to 1% of an organization’s user population
  • Third, updates will be deployed to 9% of an organization’s user population
  • Lastly, updates will be deployed to the remaining 90% of an organization’s user population


There are many safeguards in place to ensure a positive user experience.  If users run into any issues at any stage of an update rollout, there are several options to quickly remediate the situation.

  • Halt – IT admins can quickly stop the deployment of the updates to future deployment rings so an investigation can occur.
  • Rollback – If necessary, IT admins can quickly rollback any updates that were published to their environment.
  • Selectivity – In the event that part of a published update was unsuccessful, that part could be halted or rolled back selectively and automatically.  However, the successful portion of the update could be passed on to an organization’s devices.


Included in the service are extensive reporting and compliance functionality.  Windows Autopatch will provide in-depth insights into the health and update status of devices.


To learn more about Windows Autopatch, feel free to check out the following links:

Deep dive into Windows Autopatch

Windows Autopatch FAQ

Posted at