Windows Patching - common mistake Intune admins do

Lately I have being evaluating existing Intune environments with Windows management and I see this almost every time. Many admins tend to postpone update releases for quite many days. This is bad, because you really should patch your Windows as soon as possible. I want to rise a great presentation by security guru Sami Laiho where he tells us, how the hacking and attacking business has grown last couple of years. There are companies who offer you hacking tools and will help you to attack any organization you want. I couldn't believe it myself first, but go and listen this yourself.

Personally, I recommend to postpone updates using this deferral option set only to 2 or 3 days. During that time, some one else will already receive updates and major bugs would be experienced on home users first. If you will postpone your environment patching for longer time, your doors are becoming wide open to hackers.

Another two option I usually do is I set Active Hours for shorter period than actual office working day. That gives me better chance to get updates installed. As an example, in Finland typical office working hours are 8am - 4pm, and I leave some action time for installation at the first and last hour of working day (active hours being set to 9am-3pm).

If you are still afraid of patching too fast, I recommend to publish updates faster than you used to do, but leave some optional dates for restart using the Deadline option.

What do you think of this recommendation? Feel free to comment. Thank you for reading this!