Objective
Patches for commonly used applications are deployed as they become available from the software vendor and have completed quality assurance testing. Application patching intends to provide security enhancements, not interrupt production with feature changes.
A detailed walk through for the update processes for Windows and macOS endpoints can be found below:
An application restart is frequently required to apply application updates. When possible, notifications will display for any applications that require a restart to update. Feature changes are evaluated before release and communicated to users when they may be disruptive to productivity. Application updates are managed in three categories:
- Independent - Application updates are released onto all managed endpoints as they become available from the vendor. Examples of Independent applications include Firefox, Chrome, and Zoom.
- Managed - Application updates undergo a pre-release pilot period on a subset of production endpoints before release onto all managed endpoints. Pre-release occurs 1 week before the full production release, allowing ITS time to identify issues with the latest release of the software, including version upgrades. Examples of Managed applications include Adobe products, SPSS, and Palo Alto Cortex XDR.
- Service Dependent - Application updates install automatically following a service upgrade. Pre-release testing occurs as part of the release testing for the service itself. Examples of Service Dependent applications include SAP, BeyondTrust, and Palo Alto GlobalProtect.
Users
- All University faculty, staff or students with a University-managed desktop, laptop or tablet
- Users of University-managed shared endpoints - labs, classrooms, conference rooms or kiosks
Third-Party Application Deployment Cycle
Windows and macOS endpoints enrolled in Endpoint Management Services receive third-party updates through Patch My PC via Configuration Manager (SCCM / MECM) on Windows and Jamf Pro (Jamf) on macOS.
New third-party patches release on Mondays, Wednesdays, and Fridays. Applications silently update when they are not in use or will prompt the endpoint device user to close the application if necessary. A restart may be required for critical updates to install, notification and deferral will be provided to avoid loss of work.
Update Process - Windows
Private Endpoints (Faculty/Staff)
Application Updates will be automatically and silently installed when applications are closed or will prompt the endpoint device user to close the application if necessary. Endpoint device users may "Snooze" the update notification for up to 5 days in the event they are not able to install the update when prompted.
While application updates are being installed, you may receive the following notice. Please wait a few minutes for the update to complete the installation and try opening the application again.
Installation Deadline
Application Updates are required to be installed within 5 days of being offered. Once this deadline is reached, endpoint device users will receive a notification to close the application within the specified time before the application is automatically closed for updates to occur.
Shared Endpoints (Lab/Classroom/Conference Rooms) or Kiosks (Digital Signage/Walk-up Stations)
Application Updates will be automatically and silently installed during established maintenance windows. Shared endpoint device users will not typically see third-party application patching notifications.
Maintenance Windows
Shared endpoint devices running Windows will have a maintenance window from 10:00 pm to 7:00 am daily by default. An alternate 12:00 am to 6:00 am daily maintenance window is available by request. Third-Party Application Updates will only be installed during this time window unless manually ran via Software Center.
Update Process - macOS
Third Party updates are applied on a weekly schedule. Application Updates will be automatically and silently installed when applications are closed. If an Application is open, users will receive a system notification that application updates are available.
At any time during the week a user can open Self Service to install the application update at a convenient time.
When open Applications need to quit for updates to Apply, you will see the following notification:
This prompt will allow you to continue with the following options:
After selecting "Update Now", you will be given additional for Applications that need to be closed:
While an Application is updating, a prompt will stay on-screen until the update is complete:
When postponing an update, you will receive a prompt with a multiple selection drop-down similar to the following: