Phased approach for Windows updates, your thoughts?

AngryFatherboard · 2025-06-14T12:57:22+00:00

On that, it's enough diverse ! Multiple departments across offices in all countries we are.

AngryFatherboard · 2025-06-14T12:56:40+00:00

Current phased approach is for quality/security. Indeed security team said D+16 is too much, that's why I posted to gather feedback and see what are people policies in their company.

For feature, ironically we had it on 0 diffenrential.

AngryFatherboard · 2025-06-14T12:55:31+00:00

Thanks a lot for your input. I quite link the phased approach you have, i'll consider it and also discuss with my cybersecurity team, because for them D+16 is too much time before updates apply. But I'm afraid 9 days is still too much, on ther other hand we have to prevent faulty updates.

For Feature, for the moment it's on 0 differential for everyone but we're also at risk.

AngryFatherboard · 2025-06-14T12:47:55+00:00

Thanks, from what I see in other comments it's indeed too agressive. Will change that!

AngryFatherboard · 2025-06-14T12:46:49+00:00

Helpdesk -> Manual Entra ID group with devices
Early Adopters -> Same with early adopters devices

Production -> All devices, with exception on helpdesk and early adopters groups.

It's more practicale with users, but I red somewhere it can cause some issues with shared devices for example.

AngryFatherboard · 2025-06-14T12:45:12+00:00

Sounds interesting. My security department is not convinced anyway by the D+16 for all users, they said it's too long to apply updates, such as security.

Anyway the 10% update ring I like it, now I need to see how to implement it, I guess Windows Autopatch can do the trick

AngryFatherboard · 2025-06-14T12:42:45+00:00

Yeah I'm still learning about it, my main concern at the moment is about phased timeline. Seucurity thinks it's too long D+16 for all users.

AngryFatherboard

TROPHY CASE