I'm interested in how everyone manages the challenge of patching laptops that are only available while in use. When devices can't be patched outside of working hours, what strategies do you have to minimize productivity loss while keeping them updated?
5 Answers
It's essential to have a proactive approach. We configure systems to prompt users for updates hourly, and if they ignore it, the device will enforce a reboot after a deadline. This way, even if users let it slide, they're still getting patched.
We use Windows Update for Business and provide two days for users to reboot. Software installation notifications usually help, and while there have been complaints, managers often back us up when they realize users had plenty of time to do it beforehand.
The easiest solution is to patch them whenever they're available. If it's during work hours, then so be it. An unpatched device can pose a serious threat to overall productivity, probably more than restarting every month would.
If users complain about daytime patching, they need to get into the habit of keeping their devices on overnight. It's no different than desktops—it's part of whether they want their machines secure or not.
Using Intune is a great move! We give users a two-day notice to reboot their devices. If they don't, it automatically reboots itself. It really helps keep everyone on track without too much hassle.
I want to implement something like this. Right now I'm using a different config manager, but this Intune method seems way smoother.
We've got a similar setup, but we give users 12 hours to reboot on their own. Once those hours pass, the patching kicks in automatically.
Exactly! Users aren't the ones running the business; management is. If there are defined maintenance windows, then getting rebooted within those times is just part of the job.