Microsoft Will Remove a Significant Windows 10 Enterprise Pain Point in 2019

chrome 2018 12 20 10 23 19

With the release of Windows 10 and Microsoft’s mandate that it be updated twice a year, installing major Windows 10 updates is very slowly becoming a routine activity. Even though the company is expanding the life cycle of each fall update, when are required to update your environment, it’s about to become slightly less painful.

The challenge is that after a Window 10 update is applied, when the user sits down to start working, they are greeted with the update dialog and then have to sit there and wait for Windows 10 to finish installing. With the next major update to Windows 10 that should arrive around the month of March in 2019, it will include Automatic Restart and Sign-On (ARSO) for Enterprises.

This new feature will automatically sign-in a user after an update is applied to finish the setup procedure and then re-lock the PC. The end result is that when the user returns to their machine, it will be fully updated.

This feature will be enabled on Cloud Domain Joined devices that meet certain security requirements:

  • BitLocker is enabled and is not suspended during the upgrade
  • TPM 2.0
  • SecureBoot

This feature will need to be explicitly enabled (Settings > Accounts > Sign-in options > Privacy) and as long as your devices meet all the requirements, this should significantly reduce the friction of your next major update. Of course, you won’t be able to take advantage of this update until after you update to the next release which means you are, at least, a year away from benefiting from this functionality.

The odd thing about this addition to Windows 10 is why is it needed at all? If the OS can log in on its own, does this mean that credentials are stored and accessible to the OS at any time? I’m sure that Microsoft has thought about this and it’s part of the reason why you need three different security tools to be enabled for it to function but in 2018, it seems like there should be a better way to complete an install of Windows 10 without what feels like a rudimentary option of faking a login.

But, this is very much a welcomed addition to Windows 10 Enterprise; it’s too bad that not everyone will be able to benefit from this functionality after upgrading. That being said, Microsoft is looking at ways to reduce friction for consumers post-update and hopefully we will see similar functionality arrive in all iterations of the OS in the near future.