Microsoft Is Opening Windows Update To Third-Party Apps

Microsoft is previewing a new Windows Update orchestration platform that lets third-party apps schedule and manage updates alongside system updates, "aiming to centralize update scheduling across Windows 11 devices," reports The Register. From the report: On Tuesday, Redmond announced it's allowing a select group of developers and product teams to hook into the Windows 11 update framework. The system doesn't push updates itself but allows apps to register their own update logic via WinRT APIs and PowerShell, enabling centralized scheduling, logging, and policy enforcement. "Updates across the Windows ecosystem can feel like a fragmented experience," wrote Angie Chen, a product manager at the Borg, in a blog post. "To solve this, we're building a vision for a unified, intelligent update orchestration platform capable of supporting any update (apps, drivers, etc.) to be orchestrated alongside Windows updates."

As with other Windows updates, the end user or admin will be able to benefit from intelligent scheduling, with updates deferred based on user activity, system performance, AC power status, and other environmental factors. For example, updates may install when the device is idle or plugged in, to minimize disruption. All update actions will be logged and surfaced through a unified diagnostic system, helping streamline troubleshooting. Microsoft says the platform will support MSIX/APPX apps, as well as Win32 apps that include custom installation logic, provided developers integrate with the offered Windows Runtime (WinRT) APIs and PowerShell commands. At the moment, the orchestration platform is available only as a private preview. Developers must contact unifiedorchestrator@service.microsoft.com to request access. Redmond is taking a cautious approach, given the risk of update conflicts, but may broaden availability depending on how the preview performs.

Meanwhile, Windows Backup for Organizations, first unveiled at Microsoft Ignite in November 2024, has entered limited public preview. Redmond touts the service as a way to back up Windows 10 and 11 devices and restore them with the same settings in place. It's saying it'll be a big help in migrating systems to the more recent operating systems after Windows 10 goes end of life in October. "With Windows Backup for Organizations, get your users up and running as quickly as possible with their familiar Windows settings already in place," Redmond wrote in a blog post on Tuesday. "It doesn't matter if they're experiencing a device reimage or reset."

thats not going to open up any issues....

[Vomitgod]

will it....
will MS test each and every update?

Re:

[TractorBarry]

Microsoft ? *TEST* updates ????

Have I missed something ? Microsoft just push any old "updates" for "users" to beta test their "new & improved" crapware. (e.g. try and put band aids over the pile of crap they originally shipped) I don't think Micosoft have properly tested anything since possibly Windows 2000.

Re:thats not going to open up any issues....

[Tony Isaac]

It's no different that app auto-update on your iPhone or Android phone.

Re: thats not going to open up any issues....

[simlox]

Those are real OSes, you don't need to batch updates together as reboot is only required for OS updates. With Windows it makes more sense to bundle all updates as you need to reboot.

Re:

[acoustix]

It's no different that app auto-update on your iPhone or Android phone.

Yes, there is a big difference. iOS and Android apps, for the most part, handle *all* installations and updates through their own app stores.

Windows doesn't (I don't know of anyone that uses the windows store app at all). In fact, sometimes apps can't (shouldn't be updated) due to compatibility issues - sometimes because of peripheral compatibility and stuff. Updates can go very bad if the conditions aren't right.

Re:

[thegarbz]

Actually no it's not that different. If you side load an app that is published in the app store the app store will take over the updating for you.

Windows doesn't (I don't know of anyone that uses the windows store app at all). In fact, sometimes apps can't (shouldn't be updated) due to compatibility issues - sometimes because of peripheral compatibility and stuff.

Apps published in windows update are virtually unable to have compatibility issues with peripherals - they aren't permitted to interface with hardware in that way. Windows store apps can't modify the OS, install drivers or anything like that. Windows Update can though.

Re:

[bleedingobvious]

It's looking to resolve the current issue where the user fails to apply latest updates to every piece of garbage they've grabbed from random places around the internets.

This is the far better option. Unless your argument is everything is better/safer through not patching?

Re:thats not going to open up any issues....

[Zuriel]

This is the age of enshitification, where a lot of updates just push anti-features like data harvesting and advertising. You can't just assume that a newer version will be better/safer.

Re:

[buck-yar]

Maybe its time for some polling. Ask people, have you ever had an update fix a bug? Versus have you ever had an update break something or remove functionality? Do you turn off updates because they do more harm than they help? Do you trust some unknown coder to have complete control over your system and that every update is for your benefit? How do you feel about political updates such as Firefox's removal of the term "master" passwords because its racist? Do you think developers sneak in changes that you mi

Re: thats not going to open up any issues....

[Fortnite_Beast]

Mozilla changed master passwords to fight racism. Unfortunately, the renamed it "Trump Password" to win favor with 47 and his oligarchs. Expect another change when 48 is in office and demands everyone rename everything after them.

Re:

[packrat0x]

The end of Microsoft draws ever nearer...

Re:

[thegarbz]

This is the age of enshitification, where a lot of updates just push anti-features like data harvesting and advertising. You can't just assume that a newer version will be better/safer.

In this age of enshitification you can't assume your app will work if you don't update it. Especially those who push anti-consumer stuff like this - often the app update is forced.

Re:

[gweihir]

Oh, sure. To the same standards they test their own updates, i.e. none at all.

will they add more control to end users?

[Joe_Dragon]

will they add more control to end users?

Fer cryin' out loud

[buss_error]

Just get winget working reliably and not have to do stupid stuff to kick start it on the first installation. Gee whillickers, it's not as if MS doesn't own freakin' GIT HUB!
Been working for two years with a pro bono team to get a simple code base share for windows to work without needed the user to do more than just breathe.
Because - users. It works sometimes. Most of the time there's something going with the winget server side and it breaks horribly. Bleeding bits splattered all over the bus. Oh, the humanity!

Re: Fer cryin' out loud

[Tatsh]

I still get the issue where WinGet lists packages that don't have clear version numbering yet I want those but in order to update I must pass --include-unknown.

Re: Fer cryin' out loud

[Anamon]

I never had problems like that... probably lucky and not setting up Windows systems too often. But my first thought was also why they wouldn't leverage what they have with Winget for that. Integrating its update functionality into WU for the less tech-savvy might have been nice, instead of just adding another platform and channel. Not having several dozen auto-updaters running in the background or on boot is a worthwhile goal, but this sounds like it's going to require a lot of effort from the publishers, s

Re:

[thegarbz]

Winget is a package manager. It only manages packages you install through winget. What MS is doing here is providing a system for an program from any origin to use windows update to push updates. This isn't a bad thing and it could also interface nicely with winget.

You do you Microsoft

[RitchCraft]

It was a good run I guess. DOS 2.11 all the way up to DOS 6.22 and Windows for Workgroups 3.11, then Windows 98SE, onto Windows 2000 (my favorite), next to Windows XP, and finally to Windows 7. I've since moved on from your now relentless pursuit of over-reach.

Re:

[Tony Isaac]

So...do you have app auto-updates enabled on your iPhone or Android device? How is this any different?

Re:

[RitchCraft]

Nope, I don't install apps on my phone. I use my phone to make phone calls and text.

Re: You do you Microsoft

[jer2eydevil88]

I had to fix a 40 year old faucet today. I have no plumbing experience. An ai correctly identified the faucet and the steps to repair it from photos taken on my phone. While I admire your relentless pursuit of privacy, I choose knowledge.

Re:

[Anonymous Coward]

This might be the most pathetic thing I've ever read on ./ A dork boasting about how they needed to take pictures of their faucet and feed it to AI in order to fix it. The "I choose knowledge" bit is quite the cherry on top.

You've got to be a fucking idiot if you need to do ANY research to fix a sink. I hope you work in fast food because I wouldn't trust someone who can't figure out how to fix a sink with any job more complex than that.

Even before AI you could have typed into Google, "how to fix a faucet,"

Re:

[The Mighty Buzzard]

As a former plumber, you're not wrong. Aside from confusing PEX and PVC, there's very little to know about plumbing to make it work unless you just feel the need to learn to solder copper pipe. The only slightly complex bits are knowing the relevant building codes if you're going to have to get it inspected. You'd have to be pretty fucking retarded to not be able to figure a sink repair out on your own.

Re:

[thegarbz]

The "I choose knowledge" bit is quite the cherry on top.

The GP didn't know how to do something and used a tool that showed him the steps and method of doing it, successfully did it, and learned something in the process. Say what you want about their lack of knowledge in the first place, but they seem to have far more functioning braincells than you, who doesn't realise that doing and following instructions is literally the way we obtain knowledge as a species.

Re: You do you Microsoft

[pjt33]

You needed an AI to identify the faucet? Most five-year-olds can manage that...

Re:

[thegarbz]

There's a difference between identifying what the faucet is, and what the exact model of a faucet is along with the instructions for dissembling. Sure let your 5 year old have at it, tell us your results after your house is repaired.

Everything can be made to sound absurd if you take the simplest subset of the task. Oh you can see the text on the screen? My five year old can do that too! Why are you only as smart as my five year old!

Re:

[pjt33]

Complain to the people who modded my comment Insightful. I was aiming for Funny.

Re:

[Bert64]

The importance of privacy is being able to choose when to disclose information and when not to.
In your case disclosing photos of a faucet and receiving instructions is something you chose to do and it served a useful purpose. What people object to is background collection of information unrelated to the task at hand and sharing of that information with others - eg in order to provide faucet fixing instructions does the ai need your name? your location? your bank details? probably not, the location might be

Re:

[Khyber]

"I choose knowledge."

Then read a fucking book.

Re:

[thegarbz]

"I choose knowledge."

Then read a fucking book.

Why does knowledge only come in paper form? Do you not gain knowledge from reading something on a screen instead? If you don't know what my point is, try printing out this comment on paper and reading it again.

Re:

[RitchCraft]

You are the poster child for the reason Microsoft and other companies get away with the shit that they do. Hey, but you do you.

Re:

[RitchCraft]

Thank you. Now, get off my lawn!

Re:

[gweihir]

I have a small number of apps on my phone. After all, it is part of my security perimeter with the TOTP authenticator app. And no auto-updates, and in particular nothing from Microsoft.

So how do I ...

[rossdee]

opt out of this 'feature'?

Re:

[Tyger-ZA]

Install Linux?

Re:

[rwrife]

Linux already does this with sudo apt-get upgrade.

Re:

[Anonymous Coward]

Install a WSUS server? ;-)

Isn't that deprecated and no longer under development?

Re: So how do I ...

[Tatsh]

Yes. Microsoft wants everyone to move to their cloud for everything.

Wow!

[OrangeTide]

This is pretty impressive. I hope Ubuntu and Red Hat and Fedora and Debian and Gentoo and Arch consider allowing third party apps on their OS to be packaged and updates automatically ... ;-D

Thirty Fucking Years Late

[ewhac]

Congratulations, you feckless imbeciles. You've "innovated" general software package management a mere three $(GOD)-damned decades after Redhat and Debian did it.

While you're at it, why don't you "invent" a tiling window manager that can be driven entirely from the keyboard... Oh, [i3wm.org] wait... [hyprland.org]

Honestly... Why is anyone still voluntarily giving money to these chowderheads?

Re:

[Koen Lefever]

While you're at it, why don't you "invent" a tiling window manager

They did: Windows 1.0 [wikipedia.org] from 1983 (or 1985, depending on how you count) until 1987 (or 2001, again depending on how you count) was a tiling window manager.

Re:

[thegarbz]

No they didn't. This is an update broker, and has nothing to do with software package management. Fundamentally it is different from what Redhat and Debain offer. This is like the equivalent of you installing some binaries from a completely external source, and it requesting RPM to send it updates going forward (something that doesn't happen because RPM doesn't know what to manage unless it's installed through RPM.

Now if you actually knew what you were talking about you may make a comparison to Winget, whic

Re:

[Bert64]

YUM and APT have similar capabilities in that you can add external repositories for software that's not provided by the base distro, and then anything installed from those repositories will get updated at the same time as the base distro packages.

The same thing could happen - you could install random binaries which add an entry to your sources.list, or you could manually install a package file without using the built in repository download mechanism of the package manager. This scenario is uncommon because

Re:

[thegarbz]

add external repositories

Again, this is *NOT* what this is. We are not talking about installing any software from any repository PERIOD. We are talking about installing normal software from MSI packages, and having that software interfact with Windows updates to push updates to it going forward.

What MS are offering is a small subset of the functionality provided by apt, yum or similar package managers.

No you have a small subset of understanding. Comparing Apt to this is like comparing Apples to a Mars Bar, they aren't remotely similar. If you want to compare what MS offers in terms of apt, yum or similar then you should look at Winget - M

Re:

[bleedingobvious]

This is the most hilariously poor anti-MS rant yet.

Gud jerb. Make MS responsible for cruddy patching methodooligies of random devlopers who have *nothing* to do with MS. Gud jerb.

Re:

[AmiMoJo]

That's not what this is. Microsoft already has a package managed called winget that is more similar to what Linux distros use.

This is about delivering security updates to the majority of users who wouldn't bother updating at all if they were not prompted to do it. In fact even promoting isn't enough, which is why by default Windows just installs updates and force-reboots the computer.

Re:

[buck-yar]

security updates

Slippery slope. Microsoft considers collecting telemetry as a security update https://tech.slashdot.org/stor... [slashdot.org]

As if watching users every movement is "security" (maybe to their monopoly status) https://it.slashdot.org/story/... [slashdot.org]

Re:

[gweihir]

30 years late to the game and then doing things badly? That is about on-par for Microsoft.

HOORAY!

[zurkeyon]

Now EVERYONE can play after the sale games with the things you own! YAY! /Sarc Off...

NEW*

[daveron]

Microsoft releases newbuilt in backup solution, after previous new built in backup solution broke the existing new built in backup solutions.

Seamless notepad++ updates?

[ByTor-2112]

Holy shit can I finally get seamless, invisible, automatic notepad++ updates?

Replaces all those system widgets?

[jezwel]

Replacing all those widgets in my system tray with a Windows Update related process certainly seems to reduce attack vectors significantly, though I guess it will depend on where the update is stored - if they still point at some random URL I'd be quite disappointed.

Managed desktop admins should be able to curate what's updated and when, and this may also help with those annoying times where the manufacturer wants to use their "just compiled overnight' version for in-house training and expect it to be inst

Possibly positive

[CommunityMember]

The *concept* sounds interesting (allowing 3rd parties to no longer have to have their own background updater running in the background could be a net positive). I want to know more about the details.

Re:Possibly positive

[thegarbz]

allowing 3rd parties to no longer have to have their own background updater running in the background could be a net positive

3rd parties didn't need permission for that. There's no reason an update can't be downloaded and installed by the application running in the foreground. There's countless applications out there that maintain themselves up to date without some background service. Fuck Adobe and Google for normalising yet more shit running when not needed.

Re:

[bleedingobvious]

3rd parties didn't need permission for that. There's no reason an update can't be downloaded and installed by the application running in the foreground.

This is fandamentally not true in corporate environments. 3rd party nonsense is the bane of any technical team precisely because it expects to patch with local admin privilege and therefore triggers UAC. The only solution being enabling powershell and pushing the patch by policy , then checking in on status *or* visitng 10k+ devices to patch individually - which is nuts.

It's a major problem and has been for the longest time. This provides an opportunity for support teams to manage this far more effectively

Re:

[fuzzyfuzzyfungus]

The stuff that specifically tries to avoid needing admin rights can be a massive pain in its own way: just dump a copy in the user's profile, no special privileges needed, great. Ok, now that shared computer has a dozen different versions; which ones are just from old profiles and which ones are potentially signs of a broken update mechanism and in need of remediation? Also, since the update only happens in the user's context it can't happen when they aren't logged in; which means that the user either gets

Re:

[thegarbz]

This is fandamentally not true in corporate environments.

Corporate environments have centrally managed PCs with software that manages updates already. It's a completely different beast and the problem has long been solved in that environment without the need for software to work with Windows update. In fact Microsoft already manage this through a different corporate app called Company Portal.

Re:

[bleedingobvious]

Corporate environments have centrally managed PCs with software that manages updates already.

You're claiming that all production software is availble via CP? Really? Not only false but hilariously so.

No. X is not a productivity tool.

Re:

[Bert64]

The problem there is that the update only gets downloaded when you actually run the application in question. If you run it rarely, then it could end up significantly out of date by the time you run it again.
Having background updaters is a kludge aiming to solve this problem, while introducing new ones.

Re:

[fuzzyfuzzyfungus]

At this point it seems like there's almost nothing to say except that it depends on the details of the implementation.

A zillion ad-hoc update agents(more than a few of them clearly written in some haste with naïve assumptions about things like actually checking signatures properly; and basically all having their own distinct mechanisms for scheduling and scripting and the like) is fairly clearly the awful way to handle things, though an obvious organic development.

However, while the OS is sort of

Re:

[wings]

The *concept* sounds interesting (allowing 3rd parties to no longer have to have their own background updater running in the background could be a net positive). I want to know more about the details.

Yeah, I'd hate to miss out on my malware updates.

Yay

[deimios666]

The reliability and speed of the windows updater with the security of third parties.
What could possibly go wrong.

Re:

[thegarbz]

Question, what problem do you have with the reliability and speed of windows updater? It downloads updates as soon as they are available, and installs them basically without fail. Now what may fail is an individual update, that's ultimately a problem with the update package itself, not windows update.

The system itself is actually quite robust.

Re:

[bleedingobvious]

Exactly.

/. just prides itself on its long history of hating Windows and pushing MS FuD....

Re:

[Bert64]

Take a fleet of a few hundred systems which are automatically applying updates through windows update / wsus...
Confirm that windows update shows every box as being up to date.
Run a nessus patch audit scan against them.
Observe that there are a few random missing patches reported by nessus.

Now nessus does not query the windows update apis, it checks the individual files to see if their versions match the ones that should be installed by the updates. On any sizeable installation there will almost always be err

Re:

[John Allsup]

Hopefully what an update can do is restricted. It's never happened with apt, touch wood, but imagine if someone put rm -rf /* in an installer script in some third party repo.

Re:

[fuzzyfuzzyfungus]

TFA mentions that "Win32 apps that include custom installation logic" are supported. Unless that is...selectively true...and being overblown as part of release hype; it essentially means that what updates can do won't be restricted. MSI custom actions are basically whatever executable you want, executed at the (normally high) privilege level of the MSI install.

Probably some legitimate use cases that simply can't be answered within the more tightly specificed MSI logic(and absolutely a boon to swift-but-s

Re:

[wildstoo]

True, but that's always been the case for MSIs with custom actions - this doesn't change anything except allowing WU to "orchestrate" these installs alongside other Microsoft updates, which is - to me - a desirable feature. Each app having its own custom updater and update schedule is shit; Adobe Reader will update at some random time, Chrome at some other random time, etc. Yes, we could disable automatic updates in these apps and manually deploy updates ourselves but then the onus is on us to deploy these

Re:

[buck-yar]

One problem is developers love to tinker with everything, especially UI, sometimes to the dismay of the user, and the user wants to stay with a particular version. We've evolved into a world where developers don't fork, they drag the users all along with them throughout any evolution of the product. I would agree with you that staying updated is in general a good strategy, security and general fixes. The problem is that programmers never limit themselves to just that. They always end up changing things that

Re:

[fuzzyfuzzyfungus]

I don't fundamentally disagree with you; I was just making a narrow reply to the "Hopefully what an update can do is restricted" comment, since the statement that it will support MSIs with custom actions tells us, even without further documentation, that there will not be such restrictions.

That's not great; but when the status quo is a small zoo of shit updaters(and some slightly scary attempts to allow controlled amounts of escalation of privilege so the updaters work for people running as non-admin eve

The Criticality of Auto-Update

[geekmux]

Every auto-update process is going to become absolutely critical in the future as we rely more on the growing capability of AI to protect our devices in damn near real-time. We’re talking about AI-controlled defense mechanisms responding automatically to the next-gen zero-hour attack by writing patches/updates and then subsequently auto-updating those patches as quickly and efficiently as possible. This is all done in minutes or even seconds instead of hours.

If we think we won’t need to respond that quickly in the future, think again. We will, because AI will be the entity attacking. We’ll be lucky if we can keep up. Zero-hour wasn’t a typo.

Does it make sense that Microsoft leads the way? Perhaps, since Corporate Business refuses to divest itself of its addiction to Microsoft OS.

Re:

[buck-yar]

What is your level of paranoia based on? I haven't been hacked since the 90s when Winnuke could bluescreen a Win95 PC by sending to port 139. And if I am, I have a list of backup images to be up and running in less than 5 minutes. This fear of being hacked seems incredibly overblown.

Re:

[geekmux]

What is your level of paranoia based on? I haven't been hacked since the 90s when Winnuke could bluescreen a Win95 PC by sending to port 139. And if I am, I have a list of backup images to be up and running in less than 5 minutes. This fear of being hacked seems incredibly overblown.

Here's a test for you and just about every other seasoned human on the planet who's had the luxury of growing old.

You're 3 years old, sitting there beaming with arrogant pride over the fact that you just figured out how to "tie" your own shoes when in reality all you figured out was how to tie them in a knot. Now let's imagine your 13-year old self is peering in on all this. Do you think your 13-year old self is looking at that with the same pride while armed with a decade of reality and wisdom, knowing d

Re:

[buck-yar]

My past self did not having a piece of critical information, if it differs from current thinking. There's usually one key distinction, or knowledge, bit of information that makes all the difference. The previous way of thinking wasn't stupid or smart, it just was without whatever led to the change.

The root cause of this is software that is too bloated and complex, if it constantly needs updating and fixing. Maybe instead of pushing out beta-testing mature code to everyone, they should go back to how it wa

Re:

[gweihir]

Hahahaha, no. If software quality ever becomes this abysmally bad (some say that for many things Microsoft it already has), then there is no way to fixt things. You can just throw it all away and start over.

Re:

[geekmux]

You can just throw it all away and start over.

You’ll notice the largest pimp of corporate desktop OSes has never done that. Ever.

Notice they’re still the largest pimp.

Not exactly the popular advice outside of the bankruptcy liquidation office.

Re:

[gweihir]

True. These people usually continue to party until everything blows up. And it will.

Re:

[rwrife]

You're right, you need to go offline when you don't need stuff from the Internet, kind of like using dial-up modems.

Finally!

[JThundley]

Finally! I've always thought that error messages from failed application updates were too helpful.