For about 15 years it has been a standard practice among law firms to skip iterations of Desktop Operating Systems—go to Windows 7 from XP, for example, or from Windows 7 to 10. As a result, desktop deployments used to be projects slated for every few years. This model, however, is no longer sustainable. With a new update schedule and a less than forgiving end-of-support timeline, skipping versions will leave firms scrambling to test, pilot, and deploy updated builds in uncomfortably small windows.
Microsoft has made many changes to its operations model and policies lately. While you’re bound to have noticed some of them, others, such as this one, are more obscure and require special attention.
Before deploying an OS update, most firms wait for Microsoft to release Current Branch for Business (CBB), the enterprise-ready version of its OS, which comes out about four months after the general release. Branches have an 18-month life span and Microsoft only supports the two newest CBB versions. Here is where the dilemma lies. If you have the third oldest version, support only extends during a 60 days grace period after the newest build is designated CBB.
(click to enlarge)
This is complicated, so here is an example. Let’s say that you have Windows 10 v1511, and you are waiting for v1703 to become CBB. You’ve skipped v1607, the update in the middle (understandably, as skipping around used to be practical), which means that you will be on the third oldest build once v1703 becomes CBB. You now have only 60 days to rollout v1703 to all desktops before any remaining v1511 devices are dangerously running an unsupported, vulnerable operating system. Recent cybersecurity events have underscored the immense risk of this, emphasizing how essential keeping your desktop up-to-date on security patches is to the business.
Anyone who has participated in a desktop rollout will recognize that 60 days is an extremely tight window of time to update a task sequence, conduct quality assurance (which alone takes 2-4 weeks), and deploy an OS firm-wide.
And this is assuming that your team is ready to start deployment on the day that the new version is released and that no critical application issues are identified by the testing mechanisms.
If, however, you have deployed the latest Windows release, you will have 6-12 months to deploy the next version before risking your security.
Does your firm have a plan to meet the new requirements posed by Windows releases?
Copyright © 2021 Legal IT Professionals. All Rights Reserved.