Microsoft has announced changes to how Windows updates are managed and clarified its requirement for multi-factor authentication (MFA) for all Azure users. The deployment service Windows Update for Business will soon allow feature updates to be offered as optional instead of force-installed, giving administrators more flexibility in managing Windows devices. Previously, feature updates were mandatory, but now users can choose when to install updates.
The requirement for MFA for all Azure users caused concern among administrators, prompting Microsoft to release clarifications. The scope of the requirement includes users who manage Azure resources through various platforms such as the Azure portal, CLI, PowerShell, or Terraform. Certain accounts used for automation, such as service principals and managed identities, are excluded. Microsoft is open to feedback for special scenarios like emergency accounts and recovery processes.
While any supported MFA method can be used, opting out is not possible. An exception process will be available for cases where alternative solutions are not feasible. The implementation of MFA will be gradual, and users are encouraged not to delay in setting up MFA for their accounts.
Overall, the updates from Microsoft aim to provide more control over Windows updates and enhance security with the inclusion of MFA for Azure users. Administrators now have the flexibility to offer feature updates as optional, making it easier to manage a fleet of Windows devices. The clarifications regarding MFA for Azure users address concerns raised by administrators and provide clear guidelines on the implementation process. It is important for users to take the necessary steps to set up MFA and ensure the security of their accounts.
Article Source
https://www.theregister.com/2024/05/23/microsoft_windows_updates_azure/