News
Microsoft Readies Multiple Security Updates in Name of Windows 'Resiliency'
Seven months after unveiling its Windows Resiliency Initiative (WRI), Microsoft on Thursday announced a raft of new and upcoming security capabilities.
The changes, which involve post-crash recovery, cached Windows upgrades, printer security and more, are aligned with the WRI's overall goal of "helping organizations prevent, withstand, and recover from disruptions," according to a blog post by Microsoft's head of Enterprise & OS Security David Weston.
Among the enhancements aimed at enterprises are:
- A "streamlined" UI, coming later this summer to Windows 11 24H2 devices, to recover from unexpected restarts. Recovering from a crash should take most users about two seconds, according to Weston, thanks to "crash dump collection" improvements in Windows 11.
- A quick machine recovery (QMR) capability for crashed Windows 11 24H2 devices that are caught in restart limbo. Also coming this summer, QMR works with the Windows Recovery Environment to deliver "targeted remediations to affected devices," theoretically freeing IT from restoring these PCs manually. QMR will be turned on by default for Windows 11 Home PCs, while Windows 11 Pro and Enterprise organizations will be able to opt in. Additional IT controls will roll out later this year, per Weston.
- Starting July 9, the ability for device fleets to download Windows updates en masse from a local cache instead of over the air, reducing the likelihood of bandwidth bottlenecks. This capability, called "Connected Cache," serves updates from locally deployed nodes, not the cloud. Connected Cache supports Windows 11 updates, Windows Autopatch updates, Microsoft Intune app installations and Windows Autopilot device provisioning.
- The ability for organizations to use temporary "loaner PCs" via the cloud in the event of device theft, loss or damage. Called Windows 365 Reserve, this offering gives customers access to preconfigured cloud PCs until their normal device access is restored. Microsoft plans to offer Windows 365 Reserve as a preview "soon."
- An update to Universal Print that "enables users to securely release their printing request from anywhere in the organization to any authorized printer." The idea is to reduce the chance that sensitive documents are left exposed when they're not immediately retrieved from a printer. IT admins can configure the printers that are available to end users at their discretion.
A New Platform for Endpoint Security
Microsoft laid the groundwork for its WRI last fall, after the disastrous CrowdStrike outage that crippled millions of Windows PCs worldwide as the result of a faulty update.
After the dust settled from the outage, Microsoft convened several of its biggest endpoint security partners, including CrowdStrike, to brainstorm ways they can protect their mutual customers from similar incidents. At the time, Microsoft said it agreed with its partners to develop a new platform for Windows security.
That new platform will see daylight in July, Microsoft said on Thursday. This so-called "Windows endpoint security platform" will become available to Microsoft Virus Initiative (MVI) partners as a private preview. MVI partners are antimalware vendors that work closely with Microsoft on new Windows platform security features.
The upcoming endpoint security platform will enable these partners to, said Weston, "start building their solutions to run outside the Windows kernel. This means security products like anti-virus and endpoint protection solutions can run in user mode just as apps do." The goal of the platform, as it is for the WRI broadly, is to improve Windows stability and make recovering from unscheduled downtime faster.