<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Updates on IT Made Simple</title><link>https://itmadesimple.co.nz/tags/updates/</link><description>Recent content in Updates on IT Made Simple</description><generator>Hugo -- gohugo.io</generator><language>en</language><managingEditor>Thaddeus</managingEditor><webMaster>Thaddeus</webMaster><lastBuildDate>Thu, 18 Jun 2026 08:00:00 +1200</lastBuildDate><atom:link href="https://itmadesimple.co.nz/tags/updates/index.xml" rel="self" type="application/rss+xml"/><item><title>Windows Updates: Why You Can't Just Ignore Them</title><link>https://itmadesimple.co.nz/posts/windows-updates-why-ignore/</link><pubDate>Thu, 18 Jun 2026 08:00:00 +1200</pubDate><author>Thaddeus</author><guid>https://itmadesimple.co.nz/posts/windows-updates-why-ignore/</guid><description>That &amp;#34;Update and restart&amp;#34; prompt is annoying. But ignoring it is how businesses get ransomware. Here&amp;#39;s what updates actually do and how to manage them without losing your mind.</description><content:encoded><![CDATA[<p>You&rsquo;re in the middle of something. A deadline, a customer on the phone, a report that was due yesterday. And there it is:</p>
<p><strong>&ldquo;Update and restart now.&rdquo;</strong></p>
<p>So you click &ldquo;Remind me tonight.&rdquo; Tonight comes. You click &ldquo;Remind me in 4 hours.&rdquo; You keep clicking it until it forces the restart at the worst possible time, and now you&rsquo;re annoyed at Microsoft.</p>
<p>I get it. I really do. But here&rsquo;s the thing — that prompt is trying to save your business.</p>
<h3 id="what-updates-actually-do">What Updates Actually Do</h3>
<p>There&rsquo;s a misconception that Windows Updates are just Microsoft adding features you don&rsquo;t want and changing things that work fine. Sometimes that&rsquo;s true — the occasional feature update does change the look and feel, and it&rsquo;s annoying.</p>
<p>But the critical updates? The ones that interrupt your work? Those are usually security patches (delivered as part of monthly cumulative updates).</p>
<p>Here&rsquo;s what that means in practice:</p>
<p>Microsoft&rsquo;s security team (and independent researchers) find vulnerabilities in Windows. These are flaws that a criminal could use to get into your computer. Some vulnerabilities require no interaction at all — in some cases, just being on the same network with an unpatched machine is enough. Others rely on phishing or user action.</p>
<p>Microsoft releases a patch to fix the vulnerability. That patch gets delivered via Windows Update.</p>
<p>If you install the patch, you&rsquo;re protected. If you don&rsquo;t, the door stays open. And criminals know exactly which doors are still open — the patches are public. When Microsoft releases a fix, attackers can reverse-engineer the patch to figure out exactly what to exploit on machines that haven&rsquo;t updated yet.</p>
<p><strong>Not updating is like locking your front door but leaving the key in it.</strong></p>
<h3 id="the-wannacry-problem">The WannaCry Problem</h3>
<p>In 2017, a vulnerability called EternalBlue was used to spread the WannaCry ransomware. It infected over 230,000 computers across 150 countries in a few days. Hospitals, businesses, government agencies — all hit.</p>
<p>Microsoft had released a patch for the vulnerability <strong>nearly two months before</strong> the attack.</p>
<p>Most of the businesses that got hit weren&rsquo;t running ancient unsupported Windows. Mostly Windows 7 and Server 2008 R2 systems — the same versions many businesses were still running. They just hadn&rsquo;t installed the update.</p>
<p>WannaCry didn&rsquo;t care that you were busy. It didn&rsquo;t care that the update prompt was annoying. It just encrypted everything and demanded $300 in Bitcoin.</p>
<p>The majority of successful ransomware attacks exploit known vulnerabilities with available patches. The gangs aren&rsquo;t using fancy zero-days — they&rsquo;re exploiting the updates people didn&rsquo;t install.</p>
<h3 id="but-updates-break-things">&ldquo;But Updates Break Things!&rdquo;</h3>
<p>This is the counter-argument, and it&rsquo;s not wrong. Sometimes updates do break things. A driver stops working. An app compatibility issue pops up. Something that worked yesterday doesn&rsquo;t work today.</p>
<p>This was more of a problem in the Windows 7/8 era. It still happens occasionally, but Microsoft has gotten significantly better at testing updates before broad release. The &ldquo;update broke my computer&rdquo; scenario is far less common than it used to be.</p>
<p>Here&rsquo;s how to manage the risk without leaving yourself exposed:</p>
<p><strong>Don&rsquo;t install updates on day one. But don&rsquo;t wait three months either.</strong></p>
<p>Let the early adopters find the problems. Wait a week or so after &ldquo;Patch Tuesday&rdquo; (the second Tuesday of each month — that&rsquo;s when Microsoft drops their big security updates). Then install.</p>
<p>You can configure this in Windows through <strong>Windows Update for Business</strong> or <strong>Intune</strong> (if you&rsquo;re on M365 Business Premium). Set a deferral period — give feature updates a longer deferral (30-60 days), but keep security updates shorter (7-14 days).</p>
<h3 id="how-to-set-up-a-basic-update-policy">How to Set Up a Basic Update Policy</h3>
<p>If you&rsquo;re running Windows 10/11 Pro (most business machines do), you can configure this without any extra tools:</p>
<ol>
<li>Open <strong>Settings &gt; Windows Update &gt; Advanced options</strong></li>
<li>Enable <strong>Receive updates for other Microsoft products</strong> (keeps Office updated too)</li>
<li>If available on your version of Windows, under <strong>Choose when updates are installed</strong>, set:
<ul>
<li><strong>Feature updates:</strong> defer by 30 days</li>
<li><strong>Quality updates:</strong> defer by 7 days</li>
</ul>
</li>
</ol>
<p>That&rsquo;s the &ldquo;set and forget&rdquo; level. You&rsquo;ll get security updates within a week of release (early adopters have found any problems by then) and feature updates within a month (plenty of time for news about any issues).</p>
<p>If you&rsquo;ve got M365 Business Premium and Intune, you can do this centrally for all machines — more on that below.</p>
<h3 id="if-youve-got-intune-m365-business-premium">If You&rsquo;ve Got Intune (M365 Business Premium)</h3>
<p>This is where it gets easier. When we covered <a href="https://itmadesimple.co.nz/posts/m365-licensing-which-plan/">M365 licensing</a>, I mentioned that Business Premium includes Intune. One of the best things about Intune is centrally managing Windows updates across all your devices.</p>
<p>You create <strong>update rings</strong> — groups of settings that control when and how updates install. You can set up:</p>
<ul>
<li><strong>A pilot ring:</strong> 5-10 machines get updates first. If something breaks, you catch it before it hits everyone.</li>
<li><strong>Everyone else:</strong> Gets updates 7-14 days after the pilot group.</li>
</ul>
<p>The pilot ring should include non-critical machines and tech-comfortable staff who&rsquo;ll actually report problems. Don&rsquo;t put your most important server in the pilot group.</p>
<p>I&rsquo;ve put together a complete walkthrough on Patreon for setting up Intune update rings — including recommended settings for small business, screenshots, and what to do if an update causes problems.</p>
<h3 id="other-things-updates-cover">Other Things Updates Cover</h3>
<p>It&rsquo;s not just security. Updates also include:</p>
<ul>
<li><strong>Bug fixes:</strong> That weird crash in Excel that happens every Tuesday? Might get fixed in a cumulative update.</li>
<li><strong>Driver updates:</strong> New hardware support and better performance on existing hardware (though these can occasionally cause issues, so some businesses manage them separately).</li>
<li><strong>.NET Framework updates:</strong> A lot of business software depends on this. Missing or mismatched .NET versions are a common cause of app issues.</li>
</ul>
<h3 id="the-bottom-line">The Bottom Line</h3>
<p>I know updates are annoying. I know they always seem to fire at the worst time. But the alternative — running unpatched Windows in a business environment — is genuinely dangerous.</p>
<p>Configure a deferral so you&rsquo;re not on day one. Test on a couple of machines first if you&rsquo;re in a managed environment. But actually install them. Every month. Without fail.</p>
<p>The ransomware gangs are counting on you putting it off. Don&rsquo;t make it easy for them.</p>
<hr>
<p><em>For M365 Business Premium users, I&rsquo;ve put together a step-by-step Intune update ring guide on Patreon — with recommended settings, pilot group setup, and rollback procedures if an update causes issues. <a href="https://www.patreon.com/c/ITMadeSimple">Check it out here</a>.</em></p>
]]></content:encoded></item></channel></rss>