‘We’ve heard the feedback loud and clear,’ David Weston, Microsoft’s corporate vice president of enterprise and OS security, said.
Microsoft will release a series of security and resilience services and updates this summer that aim to help Windows device users that experience unexpected events such as 2024’s faulty CrowdStrike update that downed more than 8 million Windows devices.
The services and updates leverage learnings and feedback provided by vendor rivals and partners in the space, including CrowdStrike itself, whose executives have long been critics of Microsoft security offers.
The updates will include a private preview of the Windows endpoint security platform coming in July to select Microsoft Virus Initiative (MVI) partners, allowing those partners to build products and services to run outside of the Windows kernel and run in user mode as if they were applications.
David Weston, Microsoft’s corporate vice president of enterprise and OS security, told CRN in an interview that even if customers don’t blame Microsoft for the CrowdStrike outage, they are looking to Microsoft and its ecosystem to prevent a similar incident from happening again.
“We’ve heard the feedback loud and clear,” Weston said. “We want to show people what we’re doing about it. … Windows isn’t just a product. It is an ecosystem. And that’s the secret to our success.”
Microsoft Windows Resiliency Updates
Microsoft will also introduce this summer a simplified user interface (UI) and shortened experience for unexpected restarts on devices using Windows 11 version 24H2; general availability of quick machine recovery (QMR) with full control for IT administrators, and GA of a “connected cache” service for improving bandwidth during device upgrades.
John Snyder, CEO of Durham, N.C.-based Microsoft solution provider Net Friends, told CRN in an interview that he is glad to see Windows protecting the kernel and making the OS less susceptible to accidents by third-party software.
If Windows and Microsoft-brand cybersecurity tools are powerful enough, Snyder said he could see less of a need for third-party endpoint detection and response (EDR) and antivirus tools.
“This is an adaptation that is long overdue,” he said.
MVI Partners Endorse Updates
The Redmond, Wash.-based tech giant–which has more than 500,000 partners worldwide–has already released an e-book based on guidance from its Windows Resiliency Initiative (WRI) and with Windows practices, tools and strategies for improving IT environments.
Windows’ recent 24H2 update also added crash dump collection improvements to decrease downtime during an unexpected restart, according to Microsoft.
The new Windows endpoint security platform will allow MVI partners–including CRN 2025 Channel Chiefs companies Bitdefender, ESET, Trend Micro and CrowdStrike itself–to provide higher reliability and easier recovery by running services outside of the kernel, according to Microsoft.
The new Windows platform should result in fewer issues for Windows devices should they experience an unexpected event like the faulty CrowdStrike update, according to Microsoft. The tech giant pledged to collaborate deeply with MVI partners during the private preview.
Stefan Krantz, senior vice president and head of engineering at SentinelOne, another MVI member, told CRN in a statement that the vendor has “been collaborating with Microsoft to drive a more resilient approach to delivering endpoint protection products on Windows.”
The vendor has provided feedback on several application programming interface (API) drafts and provided other input to Microsoft for better outcomes for shared customers, Krantz said.
“It’s been a useful back and forth,” he said. “As a security-first company, we understand that every vendor must live up to stringent engineering, testing, and deployment standards and follow software development and deployment best practices. SentinelOne has followed these processes for years.”
Louise McEvoy, Trend Micro’s vice president of U.S. channel, told CRN in an email that the vendor is “working to ensure that the changes within Microsoft’s MVI program strengthen our joint business.”
“We commit to no interruption to channel sales or renewals, with our endpoint and hybrid security offerings remaining fully operational and supported across current Microsoft platforms,” McEvoy said. “We also have a strong focus on our channel business continuity and partner enablement, equipping our partners with early compatibility alerts and support for escalations. Additionally, Trend’s proactive engagement with Microsoft puts our partners in a strong position to retain and upsell with a proven, compatible solution.”
Alex Ionescu, chief innovation technology officer with Austin, Texas-based CrowdStrike, said in a Thursday joint statement with Microsoft that the vendor has “seen significant customer interest in the progress toward greater platform resiliency.”
“Through this collaboration, we’ve driven substantial improvements to the planned capabilities for the Windows endpoint security platform, paving the way for a more integrated high-performing security solution,” Ionescu said. “With the introduction of MVI 3.0, we’ve successfully met all the new standards and recognize how these rigorous requirements strengthen the overall ecosystem. We remain fully committed to developing a Windows endpoint security platform-ready product and look forward to leveraging these new capabilities as Microsoft releases them.”
Juraj Malcho, ESET’s chief technology officer, said in a Thursday joint statement with Microsoft that the high level of requirements to be an MVI partner–including documentation and adoption of resilient processes–ensures “any incident is either avoided or managed both efficiently and expediently.”
ESET is “committed to the important evolution of both the MVI partnership and the engineering collaboration with Microsoft, something we have valued for several decades,” Malcho said.
CRN has reached out to ESET and CrowdStrike for further comment.
Updates Include Simplified UI
The upcoming simplified unexpected restart UI will also allow for configuration through registry policy on commercial and education editions, according to Microsoft.
The Windows Resiliency Initiative aims to make the operating system and all digital environments that interact with Microsoft products more resilient and secure. Security and reliability incident prevention, management and recovery are among WRI’s priorities.
“Complexities are the enemy of resilience,” Microsoft’s Weston told CRN. “You can see we’re bit by bit looking at what are the highest ROI areas for us in terms of your resiliency and working against that roadmap.”
MVI 3.0 program requires partners to commit to testing incident response processes and following safe deployment practices (SDP) for updates to Windows endpoints as part of improving Windows security and reliability, according to Microsoft.
Partners also need to perform gradual security product updates, leverage deployment rings and use monitoring to minimize negative effects. These practices should increase stability and take down recovery time and operational risk for Windows environments.
Upcoming GA for QMR will support all Windows 11 version 24H2 devices and is enabled by default on Windows 11 Home devices, according to Microsoft. QMR can automate fixes to Windows devices and quickly get users to a productive state without complex IT manual intervention. Microsoft will still use Windows Recovery Environments (REs) for deploying targeted remediations to affected devices on a large scale.
IT teams will receive more capabilities for customizing QMR “later this year,” according to Microsoft.
Connected Cache Updates Planned For July
The Microsoft Connected Cache service will start monthly updates on July 9, according to the vendor. The service should help improve bandwidth during Windows 11 upgrades, Windows Autopilot device provisioning, Microsoft Intune app installations and Windows Autopatch work.
The Connected Cache nodes transparently and dynamically cache Microsoft-published content Windows devices download, saving bandwidth by serving content requests through locally deployed nodes instead of the cloud, according to the vendor. More reliable internet bandwidth should improve resiliency with cloud-native device management approaches.
Microsoft has also introduced the ability for Universal Print users to securely release printing requests from anywhere in the organization to any authorized printer, adding Windows Protected Print infrastructure so that users don’t have to choose a printer in advance and avoiding toner and paper waste.
The update also allows IT administrators to configure print options for a printer share and give end users a select number of print options, according to Microsoft.
Entering preview “soon” is Windows 365 Reserve, which should help users mitigate downtime risk with secure access to a temporary, pre-configured cloud PC. Users can access the cloud PC across devices when the primary device is not available due to malfunction, theft or other reasons.
CrowdStrike Fallout Continues
The 2024 Windows outage was estimated to cost Fortune 500 companies more than $5 billion and cost CrowdStrike $30 billion in value when its stock price fell, a third of its market capitalization. The vendor has since made the money back and trades almost 30 percent above the pre-incident share price.
CrowdStrike scored a legal win earlier this month when a judge in the U.S. District Court of Western Texas granted the vendor a motion to dismiss a consumer class action suit brought by airline passengers who said the 2024 faulty update led to flight disruptions, according to Law360.
In May, a Georgia state judge with Fulton County Superior Court said Delta Air Lines can continue to pursue its $500 million lawsuit against CrowdStrike. The airline alleges that CrowdStrike is liable for costs experienced by 7,000 canceled flights after the faulty update incident, according to Reuters.
