I'm trying to figure out how everyone manages to keep their devices up to date with both Windows OS and third-party applications. Currently, we use Intune for OS patching and PatchMyPC for updating third-party applications, but it feels like quite the challenge! I oversee about 1,300 devices, and I've noticed that even with these tools, I'm only able to get around 80% of our systems updated consistently. This situation is worsened with so many users on laptops and frequent updates from applications like Microsoft Teams.
There are all sorts of issues that pop up—patch failures, random errors, and users leaving their laptops unused for extended periods. For instance, despite my best efforts, we often see only about 80% of the fleet successfully updated by the end of each month, only to repeat that cycle as new updates come in. Moreover, our reports show only half of the fleet is compliant with third-party apps like Adobe, with the rest either encountering errors or being offline for weeks. It's definitely stressful, and I can't imagine how larger organizations manage with even more devices!
7 Answers
I use Manage Engine Endpoint Central for both OS and third-party patching. I set it up to deploy approved patches over two weeks, which helps catch devices that are off or haven't restarted during the patching week. It's been reliable for our organization!
If you're looking for alternatives, have you checked out PDQ Connect? It's incredibly efficient for patch management.
Action1 is also a solid option! It's free for up to 200 endpoints, so it might be worth considering for smaller setups.
If I had to guess, your main issue might be staffing. With larger teams, it’s easier to manage updates across so many devices!
Honestly, 80% isn't too bad! You might want to check why the remaining 20% aren't getting updates. Are they encountering errors or just not being used? That could give you some insights to tackle the issue more effectively.
I let my RMM tool handle most of the update management. Sure, sometimes things go haywire and I have to manually trigger updates on a few machines, but it's way easier overall.
You'd be surprised, but 80% is actually decent, considering your user base. Try using Intune to analyze the 'last check-in date'. If you find a significant number of devices haven’t checked in for over a week, that might explain the discrepancies. Also, consider how long devices are on; if they’re only powered for short periods, patches might not install.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures