Share via

How to update windows computers with security patches / updates?

Darren Bowring 0 Reputation points
2025-12-01T13:54:59.85+00:00

I am the network manager for a large secondary school in the UK and I would like to understand how I am now expected to apply security patches / windows updated to our fleet of windows workstations to keep them compliant now that you are deprecating WSUS please?

 

Microsoft Security | Intune | Updates

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-01T13:55:09.6333333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To update Windows computers with security patches and updates, especially in light of the deprecation of Windows Server Update Services (WSUS), you can consider the following approaches:

    1. Windows Update for Business: This feature allows you to manage updates for Windows 10 and Windows 11 devices. It provides control over how and when updates are deployed, allowing you to defer updates and ensure that critical updates are applied promptly.
    2. Microsoft Intune: If your organization uses Microsoft Intune, you can manage updates through it. Intune allows you to configure update rings, which define how and when updates are applied to devices. You can also use Intune to monitor the update status of your fleet.
    3. Windows Autopatch: This is a newer service that automates the deployment of updates. It allows IT administrators to schedule update deployments, ensuring that devices receive the necessary security patches without manual intervention. To use Windows Autopatch, your organization must meet specific prerequisites, including having the appropriate Microsoft subscriptions.
    4. Automatic Updates: Ensure that the Automatic Updates feature is enabled on all Windows workstations. This will allow Windows to automatically download and install updates as they become available, helping to keep systems compliant without manual effort.
    5. Manual Updates via Microsoft Update Catalog: For specific updates or if you need to deploy updates to multiple computers manually, you can download updates from the Microsoft Update Catalog and install them as needed.

    By utilizing these methods, you can effectively manage and apply security patches and updates across your network of Windows workstations, ensuring compliance and security for your organization.

    References:

    0 comments
  2. Darren Bowring 0 Reputation points
    2025-12-01T15:59:00.43+00:00

    The devices are currently managed with WSUS and as far as i understand you cant use intune unless you pay!

    Not impressed that we are expected to "pay to patch" Microsoft's software!

    0 comments
  3. Adam J. Marshall 10,456 Reputation points MVP
    2025-12-05T15:14:26.9966667+00:00

    You've confused deprecation and end of life/end of service.

    https://www.ajtek.ca/wsus/microsoft-deprecates-wsus-what-does-this-mean-here-is-what-you-need-to-know/

    WSUS will continue to work until at least 2035 and likely beyond, it just means that it's 'feature complete' and there will be no new features or development besides security updates to WSUS.

    Yes, that's right, WSUS IS STILL SECURITY PATCHED - see the latest patch information on October 23rd's OOB release - https://www.ajtek.ca/blog/wsus-vulnerability-patched-october-23rd/

    Microsoft has created fear, uncertanty, and doubt (FUD) around this to scare people into paying for Microsoft's paid systems (hotpatch, AUM, Intune). Even their paid flagship patching product Microsoft Configuration Manager still uses WSUS under the hood.

    Spend some time reading the guides and blog entries on our site and you'll see that WSUS is not dead, just Microsoft setting the scene for an eventual end of WSUS in the long-term future.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.