Hey everyone! I'm interested in hearing how you system admins handle updates for auto-updating browsers like Chrome and Edge that still need user activity for updates. We're seeing many devices running outdated versions because users aren't using these browsers regularly. Is there a way to enforce updates without user interaction, aside from using WSUS or SCCM? Also, what about Zoom updates, since it installs on user profiles rather than a common location? I'd love to know what best practices you've found for managing these tricky little applications.
6 Answers
Using patch management software can really simplify this process. It allows you to automate updates without relying on users to be proactive.
Winget is a great option since it’s simple and free, but it lacks compliance reporting. Action1 might be more suitable if you have many endpoints; it’s really effective.
You can push configuration profiles in Intune or use Group Policies for Active Directory to manage browser updates. If you're on Intune, also consider using PatchMyPC for keeping third-party apps up-to-date.
Chrome and Edge both have built-in updating features. You can set Group Policies to require updates within a set number of hours. It’s best to prevent user installations and go for machine-wide deployments instead.
We've been using Action1 for quite a while, and it works really well. They provide good support and it doesn’t break the bank.
You might want to check out NinjaOne. It's designed for such tasks and can help manage your updates effectively.
Exactly! If you configure it right, users will get a notice about how many days they have to restart, and then it happens automatically. I have it set up for both Edge and Chrome, and I manage their patching frequency with MECM.