alex_aldo - Fotolia

Microsoft debuts password-free Windows Hello, PatchTuesday changes

Microsoft Ignite 2015 showed that Microsoft may have rethought the Tuesday part of Patch Tuesday, but Windows Update is stronger than ever.

Microsoft used its Ignite conference this week in Chicago to show some new security features and to announce a shift that brings consumer and enterprise device updates into the same framework.

For devices that have infrared-capable cameras (something we can expect to be built into many notebooks as Windows 10 rolls out), a new facial recognition option called Windows Hello allows computers running pre-release versions of Windows 10 to recognize you as you approach your notebook, logging you in "on sight." Joe Belfiore, corporate vice president of the operating systems group at Microsoft, demonstrated the process from the keynote stage on Monday, claiming it was the rare case of "a natural interaction on a PC providing better security."

Several other security enhancements were announced or demonstrated, including a new product called Microsoft Advanced Threat Analytics, the result of this past November's acquisition of Aorata. It's another entry in the crowded field of anamoly detection tools, perhaps most interesting because of its inherent insider view of Active Directory data.

Not so fast, Patch Tuesday!

Terry Myerson, Microsoft's executive vice president of operating systems, announced revisions to the Windows Update program that some have claimed spell the death of Patch Tuesday. While it's true that the 858 million consumer devices updated each month will no longer get their monthly dose on the same Tuesday, what's perhaps more important is that Patch Tuesday, heretofore targeted at consumers, will now have an enterprise counterpart called Windows Update for Business.

In both consumer and enterprise variants, Myerson said, there will be new configuration options to choose between different "distribution rings." These rings will differentiate those who want updates and enhancements as soon as they are available from those who would prefer a more measured approach.

In the Update for Business version, Myerson said, "we'll be giving your IT department control over the automated updates. You can decide which distribution ring you're in." There's also fine-grained control over when updates to mission-critical machines are allowed, such as only at night or never in the final week of a quarter. 

Chris Goettl, product manager for patch-management vendor Shavlik, said he has "always recommended organizations have certain groups of users adopt updates immediately upon release. Remote users and laptop users (the road warriors) would be good groups to put in the faster-moving branches. On-premises machines that have multiple layers of defense could remain on long-term service branches and keep more to monthly maintenance schedules, but we would still urge customers to move any end-user machine to more aggressive update schedules."

The Ignite event was also used to announce that updates to System Center Configuration Manager (SCCM), which enable it to handle Windows 10, will be released next week.

Next Steps

Learn more about Microsoft's use of biometric devices in Windows 10.

Dig Deeper on Platform security