Application Management Tools and Processes Need to Change
For all the progress made in endpoint management, cloud services and identity, application management remains one of the most misunderstood and underestimated areas of enterprise IT.
Many IT leaders believe they’ve effectively modernized simply because they’ve moved workloads to the cloud or adopted tools like Microsoft Intune. Beneath the surface, the same legacy assumptions and risks persist. The reality is that modern application delivery is not just about where applications are deployed from. It’s about how they are built, packaged, secured, updated, and controlled throughout their lifecycle.
This is where many organizations are still getting it wrong.
The Illusion of Application Delivery Progress
On paper, things look better than they did a decade ago. Many organizations have embraced package managers, patching platforms, and automation pipelines. Deployments are faster. Onboarding updates is easier.
But most of these improvements are layered on top of the same underlying foundation: traditional installer formats like EXE and MSI.
That’s the problem.
These formats were never designed for today’s environment: one defined by constant change, escalating cyber threats, and the need for rapid, reliable updates. Yet, they remain the backbone of application delivery in most enterprises.
What’s often missed is that modern tooling like Intune, like patching service and patch managers don’t fix the flawed inputs fed into them. Wrapping legacy installer media in a more convenient delivery mechanism doesn’t make it modern, it just makes it easier to distribute something fundamentally outdated and flawed.
The Application Update Problem No One Has Solved
The pace of vulnerability disclosure has accelerated dramatically. Vendors are pushing patches faster than ever and organizations are expected to deploy them just as quickly.
On the surface, this sounds like progress. In reality, enterprises continue to be reactive and are exposed to new layers of risk.
Fast updates mean less time for testing. Less time for validation. And more opportunity for things to go wrong.
We’ve already seen what happens when this balance fails. The outage caused by a faulty update from CrowdStrike’s Falcon sensor demonstrated how a single update can ripple across thousands of systems globally. More recently, issues with a Samsung application update reinforced the same lesson: speed without control is dangerous.
This puts IT leaders in an impossible position. Do you:
- Enable auto-updates and relinquish control to vendors?
- Or delay updates and increase exposure to vulnerabilities?
Neither option is acceptable.
Auto-updates, in particular, introduce a growing concern: supply chain risk. If an attacker compromises a vendor or intercepts an update mechanism, they inherit the trust relationship already established with your environment. In effect, your update pipeline becomes an attack vector.
The Application Security Risk Hiding in Plain Sight
Beyond updates, there’s a deeper issue that rarely gets enough attention: how applications are installed and exposed within the operating system.
Traditional installers typically deploy applications into system-wide locations, making their components broadly visible and accessible. This architecture was convenient in a simpler era but today, it creates unnecessary exposure.
From a security perspective, this is problematic. It increases the attack surface and provides more opportunities for malicious actors to discover, manipulate, or exploit application components.
From an operational perspective, it’s equally troubling. Many installer packages are inconsistent at best leaving behind files, folders, and registry entries that accumulate over time. This “OS rot” is not just untidy; it actively contributes to instability, conflicts, performance degradation and the potential for failed rollbacks.
When an update goes wrong – and increasingly, they do – rolling back cleanly is often impossible. Residual files interfere. Dependencies break. Systems drift further from a known good state.
The result is an environment that becomes harder to manage with every update cycle.
Why Past Failures Still Shape Today’s Application Deployment Decisions
If the problems are so clear, why do they persist?
Because developers and vendors have been resistant to modernizing the underlying packages they use for their applications which places the burden on IT teams and subsequently many IT leaders have tried to modernize before and been burned.
Previous generations of application virtualization and packaging solutions often struggled to support a significant portion of application portfolios. It wasn’t uncommon for 30% or more of applications to fail compatibility testing. The effort required to package, test, and maintain applications often outweighed the benefits.
That experience left a lasting impression.
Developers have resisted the sweeping changes required to make their applications conform with what Microsoft deems a modern application package due to the effort to bring their application into compatibility. At the same time, Microsoft brought support for EXE and MSI packages to the Microsoft Store which has placed less onus on vendors to make the leap with urgency.
For IT Leaders, many remember the time investment, the edge cases, the exceptions and the sunk cost of initiatives that didn’t deliver.
Scepticism is understandable. But it can also be dangerous.
Because while organizations hesitate, the risk profile of doing nothing continues to grow. Waiting on the vendors to make the change is a big gamble to take with your organizations network and customers’ data.
The Limits of “Modern” Application Management Alternatives
Even newer approaches have their limitations.
MSIX, for example, represents a step forward in theory. It introduces containerization concepts and cleaner installation practices. But in practice, many organizations and vendors find that a subset of their applications simply won’t work within its constraints. Microsoft has previously signalled that some of this compatibility gap is by design with developers encouraged to move away from certain bad practices of the past.
Similarly, moving application delivery into cloud-native management platforms like Microsoft Intune has exposed performance and reliability concerns at scale. Slow deployment times, inconsistent behavior, and limited visibility can frustrate even the most patient IT teams.
These limitations reinforce a false conclusion: that modern application delivery is inherently flawed.
It’s not.
But partial solutions, applied inconsistently, will always fall short.
Modernization Requires a Perspective Shift: From Application Deployment to Control
The core issue isn’t tooling, it’s mindset.
Too many organizations still think of application delivery as a deployment problem. Install the app. Patch the app. Repeat.
Modern application delivery is about control.
Control over where applications exist.
Control over who can see and access them.
Control over how updates are applied.
Control over how applications interact with the underlying system.
This requires a fundamentally different approach; one that treats applications as isolated, manageable entities rather than deeply embedded components of the OS. One that provides an option to tone down the isolation as required as to not exclude certain applications from delivery with the modern package format. A container technology fit for virtually any Windows desktop application is paramount for modernizing enterprise application management.
When done correctly, this approach delivers several key advantages:
- Updates become lower risk because they can be rapidly applied and rolled back cleanly.
- Security improves because application visibility is restricted to the people entitled to access by administrators.
- Operational overhead and costs decrease as application conflicts and environmental drift are minimized.
- Deployment speed and performance improves because applications are delivered dynamically rather than installed conventionally.
Moving Forward Without Repeating the Past
The good news is truly modern solutions have arrived.
Today’s application delivery platforms are capable of providing for both legacy formats like MSI and App-V, as well as newer standards like MSIX, a path forward while addressing the gaps that earlier technologies couldn’t solve. They can abstract applications from the OS, enforce isolation where needed, and integrate with existing management tools to improve performance rather than hinder it.
They also recognize a critical reality: enterprises don’t have the luxury of starting from scratch. Any viable solution must work across the full application estate – legacy and modern alike.
The Cost of Standing Still
The biggest risk facing IT leaders today isn’t adopting the wrong solution.
It’s continuing to rely on outdated ones.
Every delayed application update, failed rollback, and exposed application component adds to an invisible but growing burden. Over time, that burden translates into increased security risk, operational inefficiency, and reduced agility.
Modern application delivery is no longer optional. It’s foundational to maintaining control in an environment defined by constant change. It is time to consign painful migrations from one Windows OS to another or from one type of desktop to another to the dustbin of history and making application management dynamic today will make those future migrations care free.
A Call to Action for IT Leaders
Take a hard look at your current application delivery and management strategy. Don’t just evaluate the tools you are using, but the assumptions behind them.
Are you truly in control of your application lifecycle?
Are you relying on legacy mechanisms that were never designed for today’s challenges?
Now is the time to rethink, reassess, and modernize; not incrementally, but strategically.
How you deliver applications is just as important as the applications themselves.
Containerize Everything
Containerize everything to ensure any application can run on all Windows endpoints. By extending DevOps capabilities to Windows application management, Numecent’s Cloudpager platform enables you to rapidly deploy, update, rollback, recall, and meter across all physical and virtual Windows desktops in a highly automated fashion.
To see the platform in action, request a platform demonstration with our Technical Solutions team via the form below: