Third Party Application Updates

Endpoint Patch Management

Patch Management ensures that University endpoints are consistently running the latest approved versions of operating systems, security patches, and common third-party applications. Protecting devices from vulnerabilities and ensuring compatibility with services.

Third Party Application Updates

Patches for commonly used applications are deployed as they become available from the vendor and have completed quality assurance testing. An application restart is frequently required to apply application updates. When possible, notifications display for any applications that require a restart to update.

Application patching intends to provide security enhancements, not interrupt production with feature changes. Feature changes are evaluated before release and communicated to users when they may be disruptive to productivity. Application updates are managed in three categories.

Independent

Application updates are released onto all managed endpoints as they become available from the vendor. Examples of Independent applications include Firefox, Chrome, Box Drive, and Zoom

Managed

Application updates undergo a pre-release pilot period on a subset of production endpoints before release onto all managed endpoints. Pre-release occurs 1 week before the full production release, allowing ITS time to identify issues with the latest release of the software, including version upgrades. Examples of Managed applications include Adobe products, SPSS, SAS, and Cortex by Palo Alto.

Service Dependent

Application updates install automatically following a service upgrade. Pre-release testing occurs as part of the release testing for the service itself. Examples of Service Dependent applications include SAP, BeyondTrust, CrashPlan, and Cisco AnyConnect.

Third-Party Application Deployment Cycle

Windows and macOS endpoints enrolled in Endpoint Management Services receive third-party updates through Patch Manager Plus (PMP) on Windows and Jamf Pro (Jamf) on macOS.

New third-party patches release on Mondays, Wednesdays, and Fridays. Applications silently update when they are not in use or at the next computer startup. A restart may be required for critical updates to install, notification and deferral will be provided to avoid loss of work.

Update Process

Windows

Third Party updates are applied on a weekly schedule. Application Updates will be automatically and silently installed when applications are closed or at system start-up.

In certain cases, a system reboot may be requested in order to complete patch installation. This reboot request will appear as depicted below.

Patch Manager Plus Restart Notification

macOS

Third Party updates are applied on a weekly schedule. Application Updates will be automatically and silently installed when applications are closed. If an Applicaiton is open, users will receive macOS system notifications that application updates are available.

At any time during the week a user can click on a notification or open Self Service to install the application update at a convenient time.

When open Applications need to quit for updates to Apply, you will see the following notification:

This Notification Center prompt will allow you to continue with the following options:

  • Update Now:
           
  • Postpone:
  • View Activity in Self Service:
         

After selecting "Update Now", you will be given additional for Applications that need to be closed:

While an Application is updating, a prompt will stay on-screen until the update is complete: