🏆 Challenge: Modify a Policy to Meet Notification Requirements
Hi Community,
AXU has a challenge for you to solve!
Read the use case below and share your solution in the comments.
Scenario: You have the "Patch recently released macOS updates" policy scheduled which means you no longer have to tackle this task manually. When the policy runs, end-users receive notifications, but you have two important concerns:
1. You want to give your end-users the option to defer the update for a maximum of three days. 2. You need to ensure users restart their devices after patching completes. If they don't, you'd like to enforce a restart.
The Question: How would you modify this policy to meet both of these priorities?
Need guidance to complete this challenge? Visit these resources:
I would first set the “Enable Automatic Restarts after updates are installed” to On.
Set the Install Notification Settings to on before any update that requires a restart.
Give them a Deferral option of 24 hours, but let them defer it up to 3 times. This would have them be reminded once a day but they can keep deferring it if needed for up to 72 hours.
Enable Automatic Deferrals, but set the notification duration to 1.5 or 2 hours to count for a user being away from their desk or on lunch.
For enforcing restarts:
Set restart deferral options for 1, 2, or 3 hours. Let them defer it only up to one time.
Write a notification message letting the user know the PC needs to restart to apply updates, but that they can postpone it for the listed amount of time.
Again, Enable automatic deferrals but set the notification duration to about 1.5 to 2 hours to account for the user being away from their desk.
For our organization, this would probably work well, but I’d say it depends on the organization. Let me know if anything can be improved or if there are any other recommended methods.
Thanks!
Scenario: You have the "Patch recently released macOS updates" policy scheduled which means you no longer have to tackle this task manually. When the policy runs, end-users receive notifications, but you have two important concerns: The requirements:
1. You want to give your end-users the option to defer the update for a maximum of three days. 2. You need to ensure users restart their devices after patching completes. If they don't, you'd like to enforce a restart.
The Question: How would you modify this policy to meet both of these priorities?
It is recommended to Target the OS: Mac
*Optional if we decide to use Advance policy, we can target the package source also.
The solution: 1st We need to ensure that they can defer the update for 3 days Maximum in other words three times 24 hours. Knowing that 24 hours is the maximum a user can choose per deferral. Let’s put that into practice.
END USER NOTIFICATION
- Enable “Automatic Restart” - Enable Install notification settings - Check the option “Before an install that requires a restart”
INSTALL – NOTIFICATION MESSAGE
- Enable automatic deferrals (It would take the maximum value 24, if the user missed the notification) - Set hourly deferral to the maximum 24 hours and then set the maximum number of deferrals to 3. (To meet the deferral requirement of 3 days maximum)
Explication: 3X24h = 72 hours = 3 days For the notification duration we will leave the default value, it is not specified.
2nd requirement is to make sure the device is restarted after the patching is completed.
RESTART-NOTIFICATION MESSAGE
- Enable restart notification - Uncheck "Enable Deferral" to disable restart deferral (As per the requirements we don’t need to defer restart, the device needs to restart once the updates is completed)
For Installing the Update:
I would first set the “Enable Automatic Restarts after updates are installed” to On.
Thanks for sharing your detailed approach! I like that you're accounting for users being away from their desks. Have you found that setting the notification duration to 1.5-2 hours works well in practice, or do you sometimes need to adjust based on different teams?
I’d say adjusting based on teams is the best approach. Some teams seem to have more meetings or are away from their desks for longer periods of times. Adjusting based on what you feel is best for them and then adjusting policies accordingly over time if there are any tickets or complaints seems to be the best way. Hopefully this allows you to find the perfect sweet spot for each department.
Scenario: You have the "Patch recently released macOS updates" policy scheduled which means you no longer have to tackle this task manually. When the policy runs, end-users… SEE MORE
Thanks for walking us through each step! I’m curious if you have found disabling restart notifications to be effective, or if you ever encounter users needing more flexibility to restart on their own time?
Scenario: You have the "Patch recently released macOS updates" policy scheduled which means you no longer have to tackle this task manually. When the policy runs, end-users… SEE MORE
Thanks for walking us through each step! I’m curious if you have found disabling restart notifications to be effective, or if you ever encounter users needing more flexibility to restart on their own time?
In the current scenario, the restart notification is enabled, only the deferral is disabled. Users can defer the installation but not the restart. I am trying to meet the requirements in the given scenario (“You need to ensure users restart their devices after patching completes.”). However, in practice, I prefer to install silently, and notify about the restart, giving the end user option to defer the reboot at least once if it is a critical patch. For other updates, I enable notification and deferral for both the installation and restart.
@pplacide and @AOkanovic, we would love to thank you for participating by sending you an awesome, limited edition Lego set! Just check your messages here in the community where I’ll reach out on next steps :)