MicrosoftOne of the things that is seldomly mentioned is the lack of an ability to patch during autopilot.
You're delivering a system over the internet that will be used with an internet connection the minute the user logs on. Being able to deliver a fully patched system (Windows, Office / Microsoft Apps for enterprise, 3rd party apps), all of that should be patched prior to the user opening mail, browsing the web, or office documents or any of the other common infection vectors.
It's equally simple to suggest to look for meaningful settings, I've been asking for real analytics for quite a while now. What does meaningful mean? Going through 22 years of history to define meaningful is a big exercise for a ton of organizations.
That being said, this is about the first time I've seen a public statement about the need for doing that rationalization effort instead of advocating to 'just' start over.
As to the approach of just trying and see what works and doesn't work, it's not necessarily about working or non-working. The aim should be to deliver an at least equally secure (and productive) device to the end user. A lot of organizations can use help in making that a reality.
