How Model Technology’s Update Notification User Interface (UNUI) Improves Patching Compliance in Windows 10 Environments
By Jesse Walter
Published October 12, 2020
frustration-with-manual-updates-and-patching-user-compliance-work-from-home
Estimated Reading Time: 4 minutes

End-user control + organizational oversight = increased compliance and consistency

There are usually perfectly reasonable excuses for staff to postpone updates. Few people want to undermine their own productivity, especially when they’re in the zone. The problem, of course, is that many of those people fail to complete the update later. 

As more and more employees take advantage of the flexibility of remote work situations, IT admins increasingly need tools that accommodate the security and standardization of remote endpoints. Endpoint Manager provides controls to enforce best practices for security and standardization. But, without adequate oversight and automation, compliance is still an issue for organizations already struggling with Windows 10 continuous deployment.  

After working with quite a few companies in that same situation, we developed automated tools to cut down on update headaches for admins and staff, leading to increased compliance and security. 

Keeping Up to Date with Windows 10 Updates

The competing objectives of compliance and disrupting a user’s perceived (or actual) productivity is a constant balancing act for admins. There are challenges for both remote and on-prem workstations. While in an on-prem environment, backups, updates, and patches are scheduled for long after everyone has gone home, there are still opportunities for drift with new hires, acquisitions, new desktops and laptops, and more. In a remote environment, those overnight updates become nearly impossible to control. The entire organization then risks exposure to breaches and potential compliance holes. 

Remote users work at very different schedules and use the company-issued laptops at varying times throughout the day or evening. Your ideal downtime may be someone else’s time to burn the midnight oil. There’s also the massive issue of load: If everyone hits the servers and the VPN at the same time, updates can become sluggish, or even time out. 

One solution to an overburdened network is staggering client updates based on their schedule. Putting the controls back in their hands also facilitates independent work and meeting schedules. The less the updates impact users, the more and more they will comply with a continuous deployment environment.

So, what’s worked for our clients? If you empower the end-user with their own scheduling tools, we see time and time again that compliance shoots way up. Simple, easy-to-follow interfaces are designed to give admins oversight while providing more convenience for your end-users.

Model’s Objur Decreases Drift in Windows 10 Environments

We had so many requests from SCCM admins and infrastructure managers encountering the same basic set of challenges. Our team saw a need for a lightweight toolkit that admins can unpack quickly and use both to format new machines with greater automation and to execute updates and patches without hand-holding or manual schedules. 

We developed those tools for sizable enterprise clients, healthcare providers, and government agencies (among many others). Many of these clients are heavily regulated and have the real threat of fines and audits. The tools included with Objur include modules that manage different facets of the updating and patching processes. The goal for every client was the same: Focus on standardization, security, and productivity.

Standardization is difficult to maintain without oversight. We know that admins need the flexibility to maintain security without sacrificing on other projects that are related to product, business development, and client retention. (That’s a nice way of saying that continuous updates are a bit of a headache for everyone.)  

Giving End-Users Control While Maintaining Oversight

UNUI is nothing if not straightforward. The admin schedules an update and uses our suite of Objur tools to select the right users for that update. 

UNUI detects updates that are available to an endpoint, whether deployed via MECM or Windows Update for Business. Once an update is detected, a prompt is presented that allows the user to schedule update installation while still ensuring compliance deadlines are met.

The user can defer for a specific amount of time and a maximum amount of deferrals, pre-determined and customized by IT administration.

UNUI will also detect any pending reboots, either from a MECM update or application installation, or updates deployed via WUfB.
 
 
Objur UNUI defer installing updates in Windows

When a feature upgrade or Windows 10 version is made available, the user can schedule an upgrade time that fits their schedule, again while ensuring compliance deadlines are met. 

windows 10 upgrade UNUI

Summing Up

Objur is a straightforward toolkit that does more than merely improve the user experience for SCCM Windows and software updates. It also flags potential problems that could undermine the deployment schedule. In addition to oversight for onsite and offsite machines, you can create a reasonable accountability loop for admins and users to schedule and manage updates and patches. 

The results are refreshingly simple: Reduced drift in Windows 10 continuous deployment environments and increased compliance boosts productivity, cuts down on potential security holes, and cuts down on help desk tickets.

Contact us to find out more about how we can solve your standardization and compliance protocols.

Article By Jesse Walter
Jesse Walter is a Partner with Model Technology Solutions and the Vice President of Research and Development. He has an extensive background in Microsoft endpoint management tools, such as Microsoft Endpoint Configuration Manager and Intune, as well as a strong foundation in the Microsoft 365 Defender stack. Additionally, he enjoys automating repeatable operational tasks using PowerShell, and has developed several security tools using C#.

Related Posts