Tag Archives: workers

Coronavirus: VPN hardware becomes a chokepoint for remote workers

VPN hardware has become a bottleneck for companies with a high number of workers staying home to avoid spreading the coronavirus, networking vendors reported.

Many companies have VPN concentrators or gateways with insufficient licensing or capacity to accommodate the unexpected demand, executives said. As a result, some businesses have had to scramble to provide network access to the high number of remote workers. Many of those employees live in cities that have closed schools and asked people to stay home.

“It seems to be at the enterprise gateway that we see issues,” Angelique Medina, director of product marketing at network monitoring company ThousandEyes, said. 

Competitor Kentik saw similar problems with VPNs used by the corporate customers of internet service providers and telcos, said Avi Freedman, CEO of Kentik. About half of the vendor’s customers are service providers with enterprise subscribers.

Kentik found that the high number of remote workers is overtaxing the typical 1 Gb link that connects the concentrator or the gateway to the corporate network. A gateway can include a router and firewall.

“It’s not a lot of traffic by internet standards, but it is by some of the corporate architectures that are in place,” Freedman said.

Freedman and Medina said companies would likely look at cloud-based VPN gateways as a faster way to offload traffic than buying, configuring and installing more hardware. However, Freedman pointed out that the cloud might not be an option for highly regulated companies or organizations with strict compliance policies.

“Draining internet traffic, looking at cloud solutions are absolutely in the top three, along with upgrading the infrastructure that you have,” Freedman said.

Cisco customers up VPN licensing

The use of VPNs has risen considerably since schools and businesses have closed in states that include California, New York, Illinois, Ohio and Maryland. Verizon reported this week a 34% increase in VPN use since last week and a 20% rise in web traffic.

In an email, Cisco security CTO Bret Hartman said customers are upgrading their VPN licenses to cover more simultaneous users. Also, just in the last seven days, trial requests for Cisco’s AnyConnect VPN software has reached 40% of the total for last year. Meanwhile, the number of authentication requests made to VPNs through Cisco’s multi-factor authentication software Duo has increased 100% over the previous week, Hartman said.

Despite the increase in internet activity, Verizon and AT&T have not reported significant network problems. Both companies were closely monitoring usage in areas where the coronavirus outbreak is most severe.

“We will work with and prioritize network demand in assisting many U.S. hospitals, first responders and government agencies, as needed,” Verizon said in a statement.

Verizon reported in a recent Security Exchange Commission filing that it planned to increase capital spending from between $17 billion and $18 billion to $17.5 billion to $18.5 billion in 2020. The additional money was to “accelerate Verizon’s transition to 5G and help support the economy during this period of disruption.”

Go to Original Article
Author:

Slack redesigns app as Microsoft Teams hits 44 million users

Slack has redesigned its team messaging app in a bid to make the product simpler for workers who aren’t as tech-savvy as its earliest customers.

The refresh comes as Slack falls further behind rival Microsoft Teams in the race for users. The Microsoft product now has 44 million daily active users, up from 20 million four months ago, the tech giant announced Thursday.

Teams has gained 12 million daily active users in the past week alone, a spike the company attributed to the coronavirus outbreak. Slack had 12 million daily active users as of September 2019 but has likely exceeded that figure by now. Slack said it added paid customers at nearly three times its typical rate between Feb. 1 and March 18, netting 7,000 new accounts.

The Slack redesign contains several elements that make the product look more like Teams. The top of the app now features a search bar and navigation buttons. Slack also added tabs for files and notifications, such as when a user tags someone in a message.

Even more significant, Slack now lets paid users place channels within folders. For example, a user could put several channels in a “marketing team” folder. The setup is similar to how Teams groups channels — except in Slack, each user gets to customize the layout.

The inability to organize channels into groups had been a stumbling block for many Slack users, said Irwin Lazar, analyst at Nemertes Research. Slack should be able to get some companies to switch from free to paid plans with the introduction of folders as a premium service, he said.

The redesign also lays the groundwork for Slack to introduce more real-time communications features. A newly reorganized sidebar within channels features a prominent phone icon that lets users begin a video call.

Screenshot of Slack redesign
Slack unveiled a significant redesign of its app interface on Wednesday.

In the future, Slack plans to “do even more with that call button” through partnerships, said Ilan Frank, Slack’s vice president of enterprise product. Frank declined to provide further details. Currently, Slack’s built-in options for voice and video calls are far less advanced than what’s available in Teams.

The prominent call button is an example of how Slack is trying to make interacting with its app more intuitive. Over the past couple of years, the vendor has given users new ways to access third-party integrations without resorting to so-called slash commands. Those commands require users to type, for example, “/call” to start a call.

A new shortcut menu introduced with the redesign lets users access integrations through a few clicks of their mouse rather than by typing a command. At launch, the menu contains shortcuts to Slack tasks, as well as to the integrations for Cisco Webex, Simple Poll and Freshdesk, a help desk app.

Slack is giving its newest users access to the redesign first. Like many collaboration vendors, Slack has reported an uptick in usage in recent weeks as people work from home because of the COVID-19 coronavirus pandemic.

“We want to make sure that those new teams that are formed right now, especially in this time of remote work, see this new interface,” Frank said. Everyone else will get the update within a few weeks, except Slack’s largest customers. They will get more time to roll out the new design.

Through its latest changes, Slack wants to make its app more palatable to nontechnical users. The move could help the vendor convince more customers to deploy its app companywide. Software developers were the first to adopt Slack in droves. But that cohort now represents a minority of Slack’s users, Frank said.

Slack needs to sell to more organizations with thousands of employees to become profitable. The company has made progress in that regard: Over the past year, the number of customers each paying more than $100,000 annually for Slack increased by 55% to 893 customers.

But Slack is facing an uphill battle against Microsoft, which has a stranglehold on the market for cloud productivity tools. More than 200 million workers use Office 365 every month, giving them access to Teams at no additional charge. And Microsoft is particularly good at selling to large organizations: Ninety-three of the Fortune 100 are now using Teams.

On a conference call with investors in December 2019, Slack CEO Stewart Butterfield tacitly acknowledged he would have difficulty reaching a customer base equal in size to Microsoft’s. For example, Microsoft Lync, an older collaboration application that the vendor later rebranded as Skype for Business, had 100 million users in 2015.

In response to Teams hitting 44 million users on Thursday, Slack said in a statement that its app and Teams are “different tools used for different purposes.” The company said Slack is a collaboration tool that integrates with third-party applications. Nevertheless, Microsoft has integrated Teams with other applications too. Also, Teams has most of the same collaboration features as Slack.

Go to Original Article
Author:

Microsoft Teams to add smartphone walkie-talkie feature

Workers will soon be able to turn their smartphones into a walkie-talkie using Microsoft Teams. The feature is one of several Microsoft unveiled this week targeting so-called frontline workers, such as retail associates, nurses, housekeepers and plumbers.

The walkie-talkie feature will let groups of employees speak to each other by pressing a button in the Teams mobile app. The audio will travel over Wi-Fi and cellular networks, meaning users will be able to communicate with colleagues anywhere in the world. The feature will be available in private preview in the first half of 2020.

Many retailers, hospitals, airlines and hotels still rely on physical walkie-talkie devices. In recent years, startups like Orion Labs and legacy vendors like Motorola Solutions have begun selling smartphone walkie-talkie apps. Those mobile apps come with benefits like location tracking and integration with other business technologies.

Microsoft’s smartphone walkie-talkie feature is not innovative. But if it works well, the capability could help Microsoft boost adoption of Teams among workers who otherwise wouldn’t use the app. Microsoft has made targeting frontline workers a priority since late 2018.

In addition to the walkie-talkie app, Microsoft said Thursday it would add to Teams a task feature for creating and assigning small projects to employees. The system will give businesses a dashboard to track tasks in real time across multiple departments or store locations. It will launch in the first half of 2020.

Microsoft will also expand the scheduling capabilities of Teams by integrating the app with popular workforce management platforms by Kronos and JDA Software. Those integrations will let businesses keep existing scheduling software in place while giving workers the ability to swap shifts and request time off through Teams.

Microsoft is not the only collaboration vendor targeting frontline workers, said Rob Arnold, analyst at Frost & Sullivan. But Microsoft has a leg up on competitors because it can offer businesses so many complementary cloud services. Those include the customer relationship manager Dynamics 365 as well as e-commerce and Internet of Things (IoT) platforms within Microsoft Azure.

New identity and access features for Microsoft Teams

Additional features targeting frontline workers include SMS sign-in, off-shift access controls and shared-device sign-out. These features will roll out between now and the middle of the year. 

Workers will soon be able to sign into their Azure Active Directory account (which controls access to Teams) using only a mobile phone number. IT admins will decide which groups of employees use the method.

IT admins will also be able to prevent frontline workers from accessing Teams when they are not on the clock. Temporarily blocking access will help businesses comply with labor laws.

Finally, for Android, Microsoft will add an “end shift” button to shared mobile devices and tablets that will clear app logins and browser sessions. Purging that data will prevent employees from accessing information they shouldn’t.  

Collectively, the latest features show that Microsoft wants to take Teams beyond the 30% of corporate employees who work in offices, Irwin Lazar, an analyst at Nemertes Research, said. “I think Microsoft is aggressively trying to expand the reach of Teams.”

Go to Original Article
Author:

Survey of business leaders highlights the importance of digitally enabling Firstline Workers – Microsoft 365 Blog

Today, there are more than two billion Firstline Workers, who are often a customer’s first point of contact, making them the first to represent a company’s brand. Microsoft partnered with Harvard Business Review Analytic Services to survey the roles and importance of the Firstline Workforce within the context of digital transformation.

Of the 383 business leaders who responded to the survey:

  • 78 percent responded that connecting and empowering Firstline Workers is critical.
  • 67 percent think increased efficiency is their top driver.
  • 60 percent will adopt advanced analytics in the next two years.

Read the full analysis of the survey, Building for success at the Firstline of business, to learn more.

How a custom Microsoft app is helping the Caribbean rebuild after hurricanes

Workers gather data using the Microsoft Building Damage Assessment app in Barbuda. The island was home to 1,600 people, all of whom were evacuated after Hurricane Irma. (United Nations Development Program Photo)

Travel for this story was supported by the Pulitzer Center on Crisis Reporting.

CODRINGTON, Barbuda — Last month at a United Nations donor conference, the international community pledged $1.3 billion to rebuild the hurricane-ravaged Caribbean. But how did they know how much the region, which was hit with back-to-back Category 5 hurricanes in September, needs to recover? In part thanks to a new app and software bundle from Microsoft, developed in collaboration with U.N. relief workers.

The prosaically named Building Damage Assessment app turned out to play a vital role in assessing the devastation of Barbuda and Dominica, two islands that faced the full force of Hurricanes Irma and Maria, respectively. Optimized for tablet, the Building Damage Assessment allows volunteers in the field with minimal training to quickly input data about structural damage through a series of drop-down questions, and collect photographs for visual evidence. The data is stored offline and then uploaded via the cloud when the tablet gets back in mobile data or wi-fi range. Professionals, meanwhile, can analyze the data using Microsoft Power BI to tabulate the total amount of damage and detect trends, like certain types of building materials that were more prone to collapse.

Data from the Building Damage Assessment App, shown in Microsoft Power BI.

The results have impressed even seasoned post-disaster professionals like Ugo Blanco of the United Nations Development Program (UNDP). “It’s going to change the way assessments have been done,” he said. “It can be deployed any time, anywhere. In a few days, we can have the teams in any country in the world.”

Microsoft developed a beta iteration of the Building Damage Assessment in 2015 as part of its humanitarian responses to the earthquakes in Nepal, but the software didn’t come into its own until this year’s double-whammy of hurricanes, when UNDP reached back out for technical assistance. The software giant allocated ten employees to the project and donated 70 Microsoft Surface tablets as well as keyboards and digital pens for use in the field, part of a $6.3-million post-hurricane philanthropic contribution.

Unlike a traditional software project, the client — the United Nations — needed the final product as soon as possible. “With people suffering, moving fast was really important, and we felt that the time that normal application development takes would not work in this situation,” Microsoft’s Humanitarian Response Manager Cameron Birge said via e-mail. “Given UNDP’s need to rapidly deploy, this meant the team had to respond and react more quickly, as challenges in information gathering and UX arose.”

Workers check data on the Building Damage Assessment app. (United Nations Development Program Photo)

A month after the storms, the Building Damage Assessment was ready to go. Barbuda is home to 1,600 people, all of whom were evacuated after Hurricane Irma. In early November, its 1,250 structures became the first complete assessment on a hurricane-hit island. Only a few United Nations relief workers were on the ground, so the U.N. staff recruited local volunteers and put them into 12 teams that fanned out across Codrington, Barbuda’s lone settlement.

Each team included a volunteer trained in the Building Damage Assessment app, an architect or building engineer who could assess damage, and a local who knew the neighborhood and its residents. In 10-15 minutes, the team would determine the state of the building and collect as much information as possible about the inhabitants – family size, gender, age, occupation – in a series of 46 questions.

Adradene Walker was one of the volunteers handling a tablet. After an hour-long orientation workshop, she was sent out into the field and said working with the brand-new app was a breeze.

(Google Earth Image)

“Everything was straightforward,” she told me. “It was even easier than some online forms.” Walker has some data-entry experience from her job as a secretary at the Barbuda secondary school. She owns a smartphone and an HP 3-in-1 laptop. With drop-down menus, the app is designed to be easy to use for anyone with mobile technology literacy.

In five days, the teams assessed all of the buildings on Barbuda in time for the donor conference at U.N Headquarters. While initial reports in the immediate aftermath of the storm indicated that 90% of buildings on Barbuda were damaged, the Building Damage Assessment determined that about half of the structures are ready to move back in or need relatively minor, handyman-level repairs. The other half need serious repairs or have to rebuilt from scratch. That kind of data helped the U.N. determine the rough cost of $79 million to repair and rebuild Barbuda’s housing stock, the kind of hard number necessary to make a pledging conference yield valuable results.

Using technology in post-disaster scenarios is not without pitfalls, of course, especially given power outages. Generators continue to govern life on Barbuda, and nearby Antigua, 39 miles away, offered a stable place to return at the end of the day with reliable electricity and Internet. (Antigua and Barbuda is a twin-island country.) Dominica has proven a more daunting task. There are 25,000 structures to be assessed by 30 teams. UNDP estimates it will take two months to finish the job there. As power is slowly restored, police stations are the only reliable source of electricity in remote areas. Tablets also must weather difficult conditions – several overheated in the Barbuda sun – so cases are de rigueur.

A worker takes a picture of hurricane damage using the Microsoft app. (United Nations Development Program Photo)

Fortunately, the Microsoft Surface Pro 3 can work offline and still collect GPS coordinates. With mobile roaming data, the app can upload 30 questionnaires in ten seconds to collect the most vital data, while photos can be held until there is a WiFi connection.

As the tool continues its work in Dominica, UNDP and Microsoft are already discussing future improvements to user experience, like further streamlining the questionnaire to minimize keyboard entries, which are prone to errors in the high-pressure field environment.

The tool’s desktop data analysis has also helped build local capacity in an underdeveloped region. “The Building Damage Assessment gave us information that the government has never had before,” Blanco said, citing detailed info among the million-plus data points on the location of damaged buildings, the type of debris, and what kinds of roofs were most prone to failure. He describes the user-friendly visual display as valuable for technicians at a housing ministry but also easy-to-understand for a prime minister or president.

“This information is critical evidence,” Blanco said. “You can make policy decisions on how to rebuild.”

Above all, the Building Damage Assessment has proven that a digital approach is the future of disaster relief. “I’ve been in many post-disaster situations. In the best case we’ve had info we can’t use – thousands of pages we did not have time to go through or input to Excel,” Blanco said. “We are dealing with millions of data points. You cannot do that with paper.”

Multi-geo service tackles Office 365 data residency issues

Many modern enterprises have workers in offices spread all over the world. While there are numerous advantages…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

to a multinational organization, the complexities of managing the data generated by a global workforce can vex even the most adept Office 365 administrator.

When the admin creates the Office 365 tenant, the Exchange Online mailboxes reside in a specific geographic region determined by the organization’s billing address. The mailboxes may be replicated to different data centers within that geographic region. To meet data residency requirements, organizations can create multiple Office 365 tenancies in different geographic regions, but this increases overall administrative complexity.

To address these Office 365 data residency needs and streamline how businesses handle them, Microsoft designed what it calls multi-geo capabilities. With multi-geo, organizations that use Exchange Online can store a mailbox in one of multiple geographic regions within a single Office 365 tenancy.

Here is some information on the multi-geo feature and its configuration for Office 365 data residency.

Multi-geo comes with restrictions

As of publication, the multi-geo feature is in a selective preview stage for Exchange Online and OneDrive for Business. Microsoft plans to release it into general availability for those services in the first half of 2018. The company intends to add multi-geo to SharePoint Online with a preview expected in the first half of 2018. Microsoft said it might add this capability to other Office 365 apps, such as Microsoft Teams, but it has not given any timelines.

However, the multi-geo service comes with restrictions. For example, the India and South Korea geographic regions are only available to organizations with licenses and billing addresses there. Other regions, such as France, are not yet available.

Microsoft recommends an organization with questions about the multi-geo feature talk to its Microsoft account team. The company has yet to unveil licensing details for the service.

Multi-geo introduces new terminology

Home geo is the term Microsoft uses for the geographic region where the Office 365 tenancy was created. Regions that the organization adds later are known as satellite geos. The multi-geo feature provisions new mailboxes in the home geo by default, but admins can start them in a satellite geo.

The organization can move existing mailboxes between home and satellite geos. This operation should not adversely affect workers because the mailboxes will remain in the same Office 365 tenancy, and the Autodiscover service automatically locates the user’s mailbox in the background. However, Microsoft said the multi-geo service does not support Exchange public folders, which must reside in the home geo.

Organizations should monitor the Microsoft Office 365 roadmap for changes in support of the multi-geo service.

PowerShell cmdlets adjust regions

In organizations where directory synchronization hasn’t been deployed, administrators can use two PowerShell cmdlets to set configuration parameters for the multi-geo feature.

Admins can use the Set-MsolCompanyAllowedDataLocation cmdlet from the Azure Active Directory (AD) PowerShell module to set up the additional geographic regions in the Office 365 tenant.

The Set-MsolUser cmdlet features a PreferredDataLocation parameter to specify the geographic region that will store the user’s Exchange Online mailbox and OneDrive for Business files. A user account can only have one PreferredDataLocation for those services.

Considerations with directory synchronization

Businesses that have deployed directory synchronization and run a hybrid configuration of Exchange, where some mailboxes are stored on premises and others in Exchange Online, need a new version of Azure AD Connect to support the multi-geo feature. Azure AD Connect synchronizes an on-premises AD user account custom attribute into the PreferredDataLocation attribute in Azure AD.

The admin sets up the geographic region of the user’s Exchange Online mailbox with the AD on-premises custom attribute. After the value is synchronized with Azure AD, Exchange Online uses that setting to place the mailbox in the proper region. This enables admins to adjust settings in on-premises AD accounts to control the geographical region of Exchange Online mailboxes.

Next Steps

Keep Office 365 data secure

Microsoft adds data loss prevention features across services

Back up Office 365 before disaster strikes

Configuration Manager tool regulates server updates to stop attacks

Business workers face a persistent wave of online threats — from malicious hacking techniques to ransomware –…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

and it’s up to the administrator to lock down Microsoft systems and protect the company.

Administrators who apply Microsoft’s security updates in a timely fashion thwart many attacks effectively. IT departments use both System Center Configuration Manager and Windows Server Update Services to roll out patches, but the Configuration Manager tool’s scheduling and deployment options make it the preferred utility for this task. Admins gain control and automation over software updates to all managed systems with the Configuration Manager tool, which also monitors compliance and reporting.

Why we wait to update

An organization bases its security update deployment timeline on several factors, including internal policies, strategies, staff and skill sets. Some businesses roll patches out to production servers as soon as Microsoft makes them available on Patch Tuesday, the second Tuesday each month. Other companies wait a week or even a couple months to do the same, due to stringent testing procedures.

Here’s one example of a deployment timeline:

  • Week 1: Handful of test systems (pilot)
  • Week 2: Larger pool of test systems
  • Week 3: Small pool of production servers
  • Week 4: Larger pool of production servers
  • Week 5: All systems

This scenario leaves many endpoints unpatched and vulnerable to security risks for several weeks. Microsoft has a cumulative update model for all supported Windows OSes; the company packages each month’s patches and supersedes the previous month’s release. In some cases, systems won’t be fully patched — or will remain unpatched — if a business fails to deploy the previous month’s security fixes before Microsoft releases the new updates. To avoid this situation, IT organizations should roll out the current month’s updates before the next Patch Tuesday arrives just a few weeks later.

Automatic deployment rule organizes the patch process

An automatic deployment rule (ADR) in the Configuration Manager tool coordinates the patch rollout process. An ADR provides settings to download updates, package them into software update groups, create deployments of the updates for a collection of devices and roll out the updates when it’s most appropriate.

Find the ADR feature in the Configuration Manager tool under the Software Updates menu within the Software Library module. Figure 1 shows its options.

Create a software update group
Figure 1. The automatic deployment rule feature in the Configuration Manager tool builds a deployment package to automate the update procedure.

Settings to configure specific update criteria

The admin sets the ADR options to download and package software updates with the following criteria, which is also shown in Figure 2:

  • released or revised within the last month;
  • only updates that are required by systems evaluated at the last scan;
  • updates that are not superseded; and
  • updates classified as Critical Updates, Security Updates, Feature Packs, Service Packs, Update Rollups or Updates.
Build an automatic deployment rule
Figure 2. The administrator builds the criteria for a software update group in the ADR component.

The property filter — also seen in Figure 2 — packages software updates on a granular scale to best suit the organization’s needs. In the example shown, the admin uses the property filter to only deploy updates released in the last month.

In the evaluation schedule shown in Figure 3, the admin configures an ADR to assess and package software updates at 11 p.m. on the second Tuesday of each month.

ADR custom schedule
Figure 3. The admin builds a schedule to evaluate and package software updates every month at a certain time in the ADR feature of the Configuration Manager tool.

Set a maintenance window to assist users

To patch servers, use maintenance windows, which control the deployment of software updates to clients in a collection at a specific time. This meets the preferences of server owners, who cannot take certain machines down at particular times for a software update and the consequent reboot. In most cases, admins set maintenance windows to run updates overnight to minimize disruption and effects on end users.

Some businesses roll patches out to production servers as soon as Microsoft makes them available on Patch Tuesday, the second Tuesday each month. Other companies wait a week or even a couple months to do the same, due to stringent testing procedures.

Admins can set the deployment schedule in a maintenance window to As soon as possible since the maintenance window controls the actual rollout time. For example, assume the IT staff configured the following maintenance windows for a collection of servers:

  1. Servers-Updates-GroupA: maintenance window from 12 a.m. to 2 a.m.
  2. Servers-Updates-GroupB: maintenance window from 2 a.m. to 4 a.m.
  3. Servers-Updates-GroupC: maintenance window from 4 a.m. to 6 a.m.

If the admin sets these collections to deploy software updates with the As soon as possible flag, the servers download the Microsoft updates when they become available — it could be right in the middle of a busy workday. Instead, the update process waits until 12 a.m. for Servers-Updates-GroupA, 2 a.m. for the next group and so on. Without any deployment schedule, collections install the software updates as soon as possible and reboot if necessary based on the client settings in the Configuration Manager tool.

To create a maintenance window for a collection, click on the starburst icon under the Maintenance Windows tab in the collection properties. Figure 4 shows a maintenance window that runs daily from 2 a.m. to 4 a.m.

Maintenance window schedule
Figure 4. Configure a maintenance window for a collection with a recurring schedule.

In this situation, admins should configure an ADR to deploy updates with the Available flag at a specific date and time, but not make the installation mandatory until later. Users apply patches and reboot the system at their convenience. Always impress upon users why they should implement the updates quickly.

Microsoft refines features to maximize uptime

Microsoft added more flexibility to coordinate maintenance and control server uptime in version 1606 of the Configuration Manager tool. The server group settings feature the following controls:

  • the percentage of machines that update at the same time;
  • the number of the machines that update at the same time;
  • the maintenance sequence; and
  • PowerShell scripts that run before and after deployments.

[embedded content]

How to use System Center Configuration
Manager to plan and execute a patching regimen
for applications and OSes.

A server group uses a lock mechanism to ensure only the machines in the collection execute and complete the update before the process moves to the next set of servers. An admin can release the deployment lock manually if a patch gets stuck before it completes. Microsoft provides more information on updates to server groups.

To develop server group settings, select the All devices are part of the same server group option in the collection properties, and then click on Settings, as seen in Figure 5.

 Set server group configuration
Figure 5. Select the
All devices are part of the same server group option to configure a collection’s server group settings.

Select the preferred option for the group. In Figure 6, the admin sets the maintenance sequence. Finally, click OK, and the server group is ready.

Maintenance sequence
Figure 6. The administrator uses the server group settings to maintain control over uptime and coordinate the maintenance schedule.

For additional guidance on software update best practices, Microsoft offers pointers for the deployment process.

Next Steps

Secret Service: Culture change needed to boost security

Reduce patching headaches with these tools

Find the right patching software