Patch Management ensures that University endpoints are consistently running the latest approved versions of operating systems, security patches, and common third-party applications. Protecting devices from vulnerabilities and ensuring compatibility with services.
OS Patch & Security Updates
Operating System (OS) patches and security updates deploy as they become available from the vendor and have completed quality assurance testing. An operating system restart is commonly required to apply the system update.
OS patches and security updates undergo a pre-release period on a subset of production endpoints, before scaled release onto all managed endpoints.
- Pre-release occurs one week before the production release, enabling ITS to verify the compatibility and functionality of the latest software version.
- Windows pre-release starts on the second Friday of each month. The production installation starts on the third Friday of each month.
- macOS pre-release starts on the Friday following release. The production installation starts on the second Friday following release.
Private Endpoints (Faculty/Staff)
Any desktop, laptop, or tablet assigned to a single user for their private use. Examples include Faculty, Staff, and Students.
- Required (Default) – Endpoints will download available updates every day and automatically restart outside of regular business hours (7pm–7am) if the computer is not in use. Active users will receive notifications to begin installation and restart immediately or defer to a convent time so that work is not interrupted.
- Voluntary – Endpoints will download available updates every day and prompt users to restart at a time of their choosing. Users can enable automatic restarts locally on their device if they choose.
Shared Endpoints (Lab/Classroom/Workstation)
Any desktop, laptop, or tablet that is not assigned to a single user but instead has multiple users. Examples include research or business workstations, lab computers, appliances, kiosks, and digital signs.
- Scheduled – Endpoints will download available updates every day and automatically restart on a pre-defined weekly schedule. Different schedules for sensitive devices, such as digital signs or specialty equipment, are available.
Download and Installation
Windows will automatically download and begin installing updates when they are made available. The download and installation process generally occurs beginning at noon each day. In the event the download and installation time is missed (such as the computer being powered off), Windows will pick a time when the system is powered on and begin downloading and installing at that time.
Once Windows Updates have been applied, a computer restart will be required to complete the installation. This restart will occur outside of active hours, which is defined as 7:00 am to 7:00 pm each day. A restart notice will appear in the lower right-hand corner of the Windows desktop. It is recommended to save your work and restart at a convenient time after receiving this message.
Software updates for macOS do not occur on a regular schedule. Updates for Mac App Store apps or other OS components that do not require a restart will be automatically applied when that specific component is not in use. macOS updates that do require a restart will generate a prompt for the user to acknowledge.
- A user can defer an update request a total of three times, for varying lengths of time ranging from 1 hour to 1 day.
- If a user is not present to acknowledge the update prompt, the update will be automatically deferred for one day.
- A user can start a software update at any time through Self Service or System Preferences.
- If the user is out of deferrals, the update will be applied automatically, following a 15-minute warning.
- If the Mac is idle outside of business hours, and at the login screen, updates will install automatically.
Below are two examples of the software update prompts a Mac user will receive.