With the new Windows 10 OS update, trust but verify

Microsoft is expected to release the next Windows 10 OS update in late May. It will include some minor feature updates and one major change in how those updates are installed.

With past Windows 10 OS updates, Microsoft automatically updated devices -- a feature included in the original release of the OS. With the upcoming Windows 10 update, Microsoft will hand installation preferences back to the users.

"We will provide notification that an update is available and recommended based on our data, but it will be largely up to the user to initiate when the update occurs," Mike Fortin, corporate vice president at Microsoft, wrote in a blog post.

Other features of Windows 10 version 1903, which has been delayed since March, include separating Cortana search and regular Windows Search, a light theme and a sandbox feature for IT.

In this Q&A, Dave Sobel, senior director and managed services provider evangelist for SolarWinds, an IT service management vendor in Austin, Texas, talks about the importance of giving that control back to IT admins and why the best approach to the updates is to trust, but verify.

What concerns should IT admins consider when deciding to wait on installing the latest Windows 10 updates?

Dave Sobel: The major concern is security. But the secondary piece of that is software testing and making sure it's interacting with other software. When I think about ... computer devices that are also medical equipment, there's a certain level of testing that goes into making sure even basic changes aren't impacting the ability to deliver those services.

Dave Sobel

We always talk about the horrible early days with major blue screens within patches, and those have gone away. But I'm also thinking about scheduling when these reboots happen or scheduling basic change management and being able to have that control. I'm glad Microsoft is giving that control to the people who will potentially need it.

Patch management is part of a layered security approach to keep systems secure. Stats remain overwhelming that systems that are fully patched are not the ones being broken into.

Should IT admins be concerned with the coming Windows 10 OS update, especially after the issues with the October 2018 update?

Sobel: The answer is to be ever-vigilant and to keep an eye on these things. I do tend to give Microsoft the benefit of the doubt. They knew there were some issues, and they made sure they were working on it and testing it. I trust [Microsoft] will do the right thing, but that's why I want to have control over this, too -- so that I can verify.

The preview release is the kind of thing I expect users to be doing tests with. In particular, I'm expecting software developers are using this preview release to do their testing and to make sure they feel comfortable on checking for changes. I also expect they are reviewing the release notes and changes, so they can be prepared for that and make a determination for their users.

A recent Patch Tuesday update also caused disruptions -- even causing computers to freeze. What can IT admins do to make sure their systems run smoothly when they decide to update?

Sobel: This is why there should be a process. A controlled rollout is how you catch these kinds of issues -- roll out to a small group, test, then go more widely. This example shows how it's a combination of software that causes a problem, which can be contained if you are systematic about the rollout.

'Trust, but verify' is exactly that -- I trust the source, but I verify it works in my environment with a staged rollout, so I can find any interaction problems and address them or delay the rollout further until they are fixed.

Windows 10 is light on features, but does include a new sandbox feature and a separation of search from Cortana and Windows. Is there anything noteworthy for IT admins?

Sobel: I think it's typical of a new patch. Microsoft has moved to that continuous development style with Windows. Each will have incremental changes, rather than waiting on the next big release. These are interesting features, especially the Cortana-versus-Search bit.

You can see the evolution of their voice strategy playing out with that, and they've made it more practical. There's nothing in here that I think is revolutionary, but when was the last time you looked at an OS and said this is revolutionary? They all are doing good, incremental upgrades, which is the sign of a mature market.