Event banner
Event details
Many orgs need to update based on timelines, e.g. patches for critical vulnerabilities deployed within 5 days, high within x days, etc. Being able to specify Minimum
version doesn't really scratch this itch: you still need to keep track of all 3rd party updates manually and update the version numbers--a lot of extra busywork. Will there be an alternative to the Minimum version approach, e.g. app must be updated within 5 days or it won't run (similar to Edge policies)?
- Joe_Lurie
Microsoft
-_RH_- Thanks for the feedback. We plan to have an N-1 available at a later date. We do not have any plans for a conditional access type of launch for the apps (based on version), but it's good feedback.
- Thank you. To meet the requirement from a practical standpoint, we'd need to select n (rather than n-1). Defender has a nascent ability to block vulnerable app launches, but this is also entirely a manual, one-off process at this time: a vuln is detected, from which you can create a rule until remediation is in place, rinse/repeat again and again and again. It seems to approach the security concern backwards or tangentially rather than directly, resulting in a lot of unnecessary busywork (as Aria Carley noted in the RunAs Radio podcast, we simply just need to start patching stuff asap--the old, slow cycles are no longer acceptable security-wise). Whether this update-now-or-block ability comes via Intune or Defender or both... great! 🙂
