Microsoft Windows Security, Resiliency Updates: 5 Things To Know
‘This ecosystem is mature, professional enough to let you put the customer first,’ Microsoft CVP David Weston says.
Upcoming limited access to a Windows endpoint security platform for third-party vendors. The Microsoft Virus Initiative holding competitors to improve safe deployment practices. And a series of improvements from quick machine recovery to a simplified unexpected restart user interface.
The Redmond, Wash.-based security, artificial intelligence, cloud and PCs vendor with an ecosystem of more than 500,000 partners is at work improving the resilience and security of its Windows operating system, even collaborating with some of Microsoft’s toughest critics to prevent a widespread outage like the 2024 one caused by a faulty CrowdStrike update.
David Weston, Microsoft’s corporate vice president of enterprise and OS security, told CRN in an interview that collaboration with the likes of SentinelOne and CrowdStrike shows “that this ecosystem is mature, professional enough to let you put the customer first.”
Microsoft Windows Updates
The Windows endpoint security platform entering private preview in July for select MVI partners serves as a minimum viable product (MVP) that partners will provide feedback on for several months.
“We want to make sure we’re … not tone deaf,” Weston said. “We’re not sitting in an ivory tower. … If we want to get full participation of the community, it has to be equal and transparent. And we’ve operated that way.”
Here’s more of what you need to know about Microsoft’s Windows endpoint security platform and other efforts to improve security and resilience for its OS.
Windows Endpoint Security Platform
Microsoft will move its Windows endpoint security platform into private preview in July for select Microsoft Virus Initiative (MVI) partners, allowing those partners to build products and services to run outside of the Windows kernel and run in user mode as if they were applications.
The project has included dozens of third-party security vendors weighing in on Windows engineering to make sure an event like the 2024 CrowdStrike faulty update that downed millions of Windows devices doesn’t happen again.
The new Windows endpoint security platform will allow MVI partners–including CRN 2025 Channel Chiefs companies Bitdefender, ESET, Trend Micro and CrowdStrike itself–to provide higher reliability and easier recovery by running services outside of the kernel, according to Microsoft.
This early version of the platform is more of a minimum viable product (MVP), David Weston, Microsoft’s corporate vice president of enterprise and OS security, told CRN in an interview. Over the next few months, Microsoft will take feedback from third-party vendors while building additional functionality.
“Windows isn’t just a product. It is an ecosystem,” Weston said. “That’s the secret to our success. And we look at ourselves as the caretakers of that ecosystem. … Yes, we compete with the vendors, etcetera. But in the context of Windows, it is really a community. And it’s in our best interest overall to make them successful.”
For now, the platform is an optional alternative to kernel mode for vendors in antivirus (AV) and endpoint detection and response (EDR). However, customer demand so far has Weston thinking that third-party vendors will transition to the platform quickly.
Is Microsoft Helping Competitors Improve?
Microsoft CVP Weston (pictured) told CRN that helping competitors improve safe deployment practices (SDPs) is part of the purpose of the latest version of its Microsoft Virus Initiative (MVI).
“This is ultimately about customer trust requirements, transparency,” Weston said. “If you can’t meet the resiliency requirements, you can’t be a partner, which means you don’t get access to these systems.”
Competitors stepping up their processes to bring customers a more comprehensive offer than just security and detection is ultimately good for Microsoft customers, Weston said.
“There is a maturity of that competitive ecosystem, which is they’re now starting to fill out the capabilities and realize it’s more than just what you can detect,” he said. “It’s the overall solution. That’s a good thing. It also potentially creates opportunities for newcomers, which is always a healthy thing.”
Microsoft will continue to invest in its Defender offer solution providers leverage with customers–but Windows is “much more than just any one product,” he said.
“I am obviously from Microsoft, but I feel very agnostic,” he said. “The success of the platform is actually a very vibrant ecosystem of lots of choices. That’s what is the secret to Windows’ success.”
Resiliency Effort Includes Simplified UI, Connected Cache
Along with the platform, Microsoft said to expect a simplified user interface (UI) and shortened experience for unexpected restarts on devices using Windows 11 version 24H2; general availability of quick machine recovery (QMR) with full control for IT administrators, and GA of a “connected cache” service for improving bandwidth during device upgrades.
The upcoming simplified unexpected restart UI — which replaces Windows’ decades-old “blue screen of death” error message — will also allow for configuration through registry policy on commercial and education editions, according to Microsoft.
Upcoming GA for QMR will support all Windows 11 version 24H2 devices and is enabled by default on Windows 11 Home devices, according to Microsoft. QMR can automate fixes to Windows devices and quickly get users to a productive state without complex IT manual intervention. Microsoft will still use Windows Recovery Environments (REs) for deploying targeted remediations to affected devices on a large scale.
IT teams will receive more capabilities for customizing QMR “later this year,” according to Microsoft.
The Microsoft Connected Cache service will start monthly updates on July 9, according to the vendor. The service should help improve bandwidth during Windows 11 upgrades, Windows Autopilot device provisioning, Microsoft Intune app installations and Windows Autopatch work.
The Connected Cache nodes transparently and dynamically cache Microsoft-published content Windows devices download, saving bandwidth by serving content requests through locally deployed nodes instead of the cloud, according to the vendor. More reliable internet bandwidth should improve resiliency with cloud-native device management approaches.
Microsoft has also introduced the ability for Universal Print users to securely release printing requests from anywhere in the organization to any authorized printer, adding Windows Protected Print infrastructure so that users don’t have to choose a printer in advance and avoiding toner and paper waste.
The update also allows IT administrators to configure print options for a printer share and give end users a select number of print options, according to Microsoft.
Entering preview “soon” is Windows 365 Reserve, which should help users mitigate downtime risk with secure access to a temporary, pre-configured cloud PC. Users can access the cloud PC across devices when the primary device is not available due to malfunction, theft or other reasons.
Security Rivals Endorse Efforts
Various third-party security vendors in the Microsoft Virus Initiative (MVI) endorsed Microsoft’s efforts around the Windows endpoint security platform and other Windows resiliency and security services and updates in a shared statement Thursday and in emails to CRN.
Stefan Krantz, senior vice president and head of engineering at SentinelOne, another MVI member, told CRN in a statement that the vendor has “been collaborating with Microsoft to drive a more resilient approach to delivering endpoint protection products on Windows.”
The vendor has provided feedback on several application programming interface (API) drafts and provided other input to Microsoft for better outcomes for shared customers, Krantz said.
“It’s been a useful back and forth,” he said. “As a security-first company, we understand that every vendor must live up to stringent engineering, testing, and deployment standards and follow software development and deployment best practices. SentinelOne has followed these processes for years.”
Louise McEvoy, Trend Micro’s vice president of U.S. channel, told CRN in an email that the vendor is “working to ensure that the changes within Microsoft’s MVI program strengthen our joint business.”
“We commit to no interruption to channel sales or renewals, with our endpoint and hybrid security offerings remaining fully operational and supported across current Microsoft platforms,” McEvoy said. “We also have a strong focus on our channel business continuity and partner enablement, equipping our partners with early compatibility alerts and support for escalations. Additionally, Trend’s proactive engagement with Microsoft puts our partners in a strong position to retain and upsell with a proven, compatible solution."
Alex Ionescu, chief innovation technology officer with CrowdStrike, said in a Thursday joint statement with Microsoft that the vendor has “seen significant customer interest in the progress toward greater platform resiliency.”
“Through this collaboration, we’ve driven substantial improvements to the planned capabilities for the Windows endpoint security platform, paving the way for a more integrated high-performing security solution,” Ionescu said. “With the introduction of MVI 3.0, we’ve successfully met all the new standards and recognize how these rigorous requirements strengthen the overall ecosystem. We remain fully committed to developing a Windows endpoint security platform-ready product and look forward to leveraging these new capabilities as Microsoft releases them.”
Juraj Malcho, ESET’s chief technology officer, said in a Thursday joint statement with Microsoft that the high level of requirements to be an MVI partner–including documentation and adoption of resilient processes–ensures “any incident is either avoided or managed both efficiently and expediently.”
ESET is “committed to the important evolution of both the MVI partnership and the engineering collaboration with Microsoft, something we have valued for several decades,” Malcho said.
MVI 3.0 program requires partners to commit to testing incident response processes and following safe deployment practices (SDP) for updates to Windows endpoints as part of improving Windows security and reliability, according to Microsoft.
Partners also need to perform gradual security product updates, leverage deployment rings and use monitoring to minimize negative effects. These practices should increase stability and take down recovery time and operational risk for Windows environments.
Microsoft Solution Provider Feedback
John Snyder, CEO of Durham, N.C.-based Microsoft solution provider Net Friends, told CRN in an interview that he is glad to see Windows protecting the kernel and making the OS less susceptible to accidents caused by third-party software.
If Windows and Microsoft-brand cybersecurity tools are powerful enough, Snyder (pictured above) said he could see less of a need for third-party endpoint detection and response (EDR) and antivirus tools.
“This is an adaptation that is long overdue,” he said.
Bobby Guerra, CEO of Jacksonville, Fla.-based Microsoft solution provider Axiom, told CRN in an interview that Microsoft still has investments it should make in its first-party tools to help partners better secure and manage clients.
Microsoft should invest in more partner control over endpoints through its Intune offer, for example, Guerra said. The vendor should also make Intune more responsive with insights on what is happening behind the scenes.
“You should be able to fully manage servers and workstations with Intune,” Guerra said. “You should have total control of” multi-factor authentication (MFA).
A simpler way to monitor tenant baselines and receive drift alerts plus moving all Purview options into Business Premium plans instead of locking them behind E5 licenses are other areas where Guerra could see Microsoft improving how partners administer security to clients.