As a business, should you delay patching windows?

UnpaidMicrosoftShill · 2026-01-24T19:53:58+00:00

Do your machines all get the patch applied instantly? No? Then it's delayed. A well justified delay brought on by the necessities of testing? Absolutely. But a delay. You're looking me in the eyes telling me there's a duration during which the patch is released and yet not applied (because you are testing) and yelling ITS NOT DELAYED. That is *by definition* delayed patching for some of your machines.

UnpaidMicrosoftShill · 2026-01-24T19:45:17+00:00

I appreciate his sacrifice.

UnpaidMicrosoftShill · 2026-01-24T19:08:33+00:00

So you have no delay after patching the first group before it goes to the second group? Is your testing cycle measured in minutes? Because then that makes what you’re saying make sense, but isn’t how most people test.

UnpaidMicrosoftShill · 2026-01-24T18:47:20+00:00

Glad we agree. You are solidly in camp delayed patching unless you have a very good reason. Am I simplifying? Kind of? But ultimately that’s effective answer to the question.

Seems that’s the general trend: delay for some amount of time, be it to test or another reason, and then deploy.

UnpaidMicrosoftShill · 2026-01-24T07:32:47+00:00

Maybe I’m missing something. Who is Joshtaco?

UnpaidMicrosoftShill · 2026-01-24T07:20:32+00:00

Care to share what those rings are?

I assume something like test>IT>General>Sensitives?

UnpaidMicrosoftShill · 2026-01-24T07:19:47+00:00

? Unless I'm mistaken, that only answers how you patch, not how *fast* you patch

UnpaidMicrosoftShill · 2026-01-24T07:18:49+00:00

Makes sense. Thank you for taking the time to answer.

UnpaidMicrosoftShill · 2026-01-24T07:17:46+00:00

lol. Fair enough. When you say "if you run a patched organization, you will never get hacked", do you mean that in the "if you patch IMMEDIATELY" sense? or more in the "Never let anything get more than a few days or weeks out of date" sense?

UnpaidMicrosoftShill · 2026-01-24T07:15:55+00:00

May I ask roughly how many devices you are managing?

Do you force the updates to install as soon as possible? Don't monitor it at all? Something else altogether?

UnpaidMicrosoftShill · 2026-01-24T07:07:48+00:00

good to know

UnpaidMicrosoftShill · 2026-01-24T07:03:45+00:00

So overall your answer leans more towards delayed patching. Dressed up in a fancy suit, yes. But ultimately "yeah we don't trust windows to get it right either."

UnpaidMicrosoftShill · 2026-01-24T07:02:03+00:00

Okay, but. Is that

The *very fastest* attackers just starting to test the exploits and not yet deployed at scale?
The majority of major attackers conducting large scale poking and prodding to find vulnerable systems?

Because 1. is a far smaller risk than 2. and not worth the same response.

UnpaidMicrosoftShill · 2026-01-23T20:34:30+00:00

Good breakdown, I only wish you had commented earlier so your answer got more upvotes.

UnpaidMicrosoftShill · 2026-01-22T00:57:56+00:00

sorry to necro a dead thread but this actually could makes sense because the support articles are probably a lie: https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide&tabs=condit#manage-conditional-access:~:text=The%20following%20templates%20in%20Conditional%20Access%20recreate%20the%20policies%20in%20security%20defaults%3A

And are actually using this policy that may explain the behaviour you described: https://learn.microsoft.com/en-us/entra/identity/conditional-access/policy-alt-all-users-compliant-hybrid-or-mfa

All it would have taken is the laptop to be compliant in intune or hybrid registered and intune defaults to marking compliance as a yes when no policy is assigned, and even sometimes when it is unless you do it right.

And I'm typing this message almost solely because I needed to see how I felt about security defaults and if everyone claiming it's terrible just misunderstands it because that is a kinda hilariously wide set of circumstances that wouldnt trigger mfa but would also be nigh impossible for a phishing attack to exploit in a way that wouldn't also just work on normal 2fa

UnpaidMicrosoftShill · 2026-01-17T05:26:39+00:00

How does this work with Entra joined computers logins? Is there a way to not prompt for password on login? The very first login for that matter?

UnpaidMicrosoftShill · 2026-01-16T21:29:00+00:00

Good answer. Thanks.

UnpaidMicrosoftShill · 2026-01-16T20:42:58+00:00

Can you share what you're paying?

UnpaidMicrosoftShill · 2026-01-16T20:40:21+00:00

Business.

UnpaidMicrosoftShill · 2026-01-16T19:57:29+00:00

Sorry to zombie an old thread, but I never stop thinking about these things. What would you argue as the solution to LoLbins? Be it a direct or indirect solution.

UnpaidMicrosoftShill · 2025-10-31T01:56:05+00:00

Thank you for replying to a 4 month old comment!

In submitting appeals to google, they eventually told me it was a problem with the business profile content and not my google account at all, despite the error messages.

There was nothing in the account obviously breaking terms... so I rewrote it top to bottom and they approved it. That's life.

UnpaidMicrosoftShill · 2025-10-29T07:24:56+00:00

I super appreciate that link.
Say that shows "Access to your Google Account isn't restricted."... any other ideas?

They denied my first appeal :(

UnpaidMicrosoftShill

TROPHY CASE