Scalefusion Agent Based OS Update Management - Configure Settings

Managing Windows OS updates is one of the critical pieces of managing Windows devices. It is important for organizations to define a policy that either automates or controls the various updates that Windows offers.

Windows Agent based Update & Patch Management feature is an automated patch management (scanning, assessment, deployment, monitoring and reporting) solution to keep all Scalefusion managed windows devices up-to-date with Windows OS updates thus keeping them secure.

With this feature IT Admins can manage Updates at Device level and Group level on Scalefusion Dashboard.

In this two-document series, first part describes the configurations needed to be done for Update Management and the second one covers the view of it and actions that can be taken on the updates.

What kind of updates can be managed?

Scalefusion managed Windows devices can detect and patch below types of Updates:

1. Software Updates

   1. Critical Updates

   2. Definition Updates

   3. Feature Packs

   4. Security Updates

   5. Service Packs

   6. Tools

   7. Update Rollups

   8. Updates

   9. Upgrade

   10. Quality updates

2. Driver Updates

Before You Begin

1. Users should be subscribed to Legacy or Modern Enterprise Plan.

2. Devices should be enrolled with Scalefusion.

3. Scalefusion MDM Agent's (for Windows) latest version (v6.0.0 or above) should be installed on devices.

4. Device configurations: Windows 10, and Windows 11 supporting 32-bit and 64-bit OS Update.

How does it work

1. Configure Settings for Agent Based OS Update Management from Scalefusion Dashboard

2. Based on the configurations, the Windows MDM agent queries and syncs the updates with the managed devices.

3. Get a summarized view of the status of updates, device as well as updates wise and perform certain actions on them like sync, install, uninstall, hide and also download CSV reports.

These are described in detail below

Configuring Settings for Agent Based OS Update Management

Global Level

1. Login to Scalefusion dashboard and navigate to Update & Patch Management > Windows OS Updates on left panel.

2. Click on Configure
   

   

   
   

3. The OS Update Management Settings dialog box opens where you can configure global settings for syncing updates.
   

   

   Setting	Description
   General Settings
   Enable Scalefusion MDM agent based Update Management	This is a toggle. Toggling this to ON only enables MDM agent based update management and allows to configure rest of the settings.
   Configure Update Sync Interval	Configure the time interval how often the agent queries and syncs the available OS updates to our backend. Following are the options to choose from: 12 hours (default) 24 hours
   Sync Driver Updates	If this setting is toggled on, the agent queries and syncs Windows driver updates also, along with Windows software updates.
   Disable Windows Automatic Update	Enabling this setting prevents Windows from automatically downloading and installing updates for the operating system and gives the user more control over when and how updates are installed.
   Disable access to check for updates	Enabling this prevents users from clicking the button Check for Updates or accessing the setting that prompts Windows to search for available updates. This is to stop users from performing any manual scan for updates. Windows Home does not support disabling the check for updates button or Windows automatic updates.
   Scheduling Settings
   Configure Update Schedule	Configure when the updates should be installed on device once they are initiated from the Dashboard. There are two options to choose from. Select any one of the following: Deploy Upon Approval: The updates will be deployed on devices as soon as they are initiated from Dashboard. Deploy according to the following schedule: The updates will be deployed as per the schedule you configure with following options: Update Time: Select the time of the day and the updates will be installed at that time Update Day: Select the day on which updates should be installed. Choose Daily if they have to be installed daily else select particular day/days from Monday to Sunday Update Week: Select a particular week or every week during the month, when updates should be installed
   Restart & Notification
   Force Reboot Devices after Updates	Configure what the device reboot behavior should be, once an update is installed, from the following options: Prompt for Reboot: Prompts for reboot whenever an update is installed Force after 5 minutes: Reboots the device automatically 5 minutes after installation of updates Force after 10 minutes: Reboots the device automatically 10 minutes after installation of updates This is dependant on the windows update whether it requires reboot or not You can also configure a message that is displayed to the users before the devices are rebooted. It can be composed in the text area below this setting
   Allow users to defer Reboot for	Specify the number of times users can postpone the reboot. By default it is set to 5 and you can postpone it to a maximum of 7 times. Here, you will get a pop-up with the option to reboot later. Points to Note: If the value is set to 0, the "Prompt users to reboot the device every" control will be disabled. If “Force after 5 minutes“ or “Force after 10 minutes“ is selected under “Force Reboot Devices after Updates“, then both “Allow users to defer reboot for“ and “Prompt users to reboot the device every“ options will be disabled.
   Prompt users to reboot the device every	Set the frequency (in hours) at which users are prompted to install the upgrade.
   Failure Handling
   Retry failed updates	Configure the number of retry attempts for a failed update. Can be from 0 to 5. The check is performed incrementally over a 5-hour period. By default it is set to 3.

4. After configuring the settings, click Save

5. If you have configured any deferral settings, the following screen will be displayed on the device where you get the button to Reboot Later
   

   

In Modern Management (MAK-MM) Multi-App Kiosk Mode, the deferral settings pop-up is displayed only if the taskbar is allowed.

Profile Level

These settings can also be configured at device profile level which will apply to the devices with that profile.

To configure Update settings at profile level:

1. Navigate to Device Profiles & Policies > Device Profiles

2. Create or Edit Windows Device Profile on which updates have to be configured

3. Go to Settings > Windows Updates

4. The settings can be configured under Scalefusion Agent-based Settings tab after toggling on Override Global MDM Agent Update Settings
   

   

   
   

Now that configuration is done, you can view the status of updates on the Dashboard and perform other actions. The next document explains it.