We are updating workstations managed by ITS with Microsoft Systems Center Configuration Manager (SCCM). SCCM is a legacy framework that ITS uses to automatically install updates and patches to mostly older managed workstations. Updates and patches add features, fix bugs, and address vulnerabilities. Prompt and frequent patching is a security best practice and is required by UConn policy and standards. Delays leave university computers vulnerable to compromise and the concomitant loss of personal and university data.
Currently, workstation owners are notified when an update is available and are given the option to delay it for up to seven days. After the seventh day, patches are automatically installed during the next 3:00 am – 6:00 am daily maintenance window. Unfortunately, this can only happen if the device is powered on. Telemetry reveals that a significant number of laptops are not receiving critical patches. ITS is changing our process to better align with the state of the industry and match how InTune, the SCCM successor, manages patching. Starting on April 1st, any patches that have been pending for over seven days will be forced whenever the workstation connects to the UConn network.