Controlling Patches for Remote Mac & Windows Laptops

Written by Cassa Niedringhaus on April 10, 2020

Share This Article

System patch management is critical because patches often fix bugs and address security vulnerabilities in operating systems. It’s even more important now as organizations shift to work-from-home models and admins secure remote system fleets. 


Manual patch management is infeasible for all but the smallest organizations, and it’s nearly impossible in distributed workforces. The challenge for admins, then, is to identify a solution that allows them to control and deploy patches from any location, for any operating system. 

That’s why JumpCloud Directory-as-a-Service allows admins to apply GPO-like Policies to major operating systems like macOS and Windows. In this post, we’ll detail how admins can use Policies to control the deployment of patches, as well as monitor patch and other system updates via a web-based Admin Console.

Cloud Patch Management Solution

JumpCloud manages systems the same way whether they’re in the office or remote. Via lightweight agents installed on machines, admins can deploy a wide range of Policies to their fleets. These Policies can be integrated into larger strategies around patch management and other security configurations. 

Here’s how patch management works for Mac and Windows systems:

Windows Laptops

For Windows laptops, admins can use a Policy to specify whether they will automatically install updates, minor or major, and whether they will prevent laptops from rebooting if users are in an active session. They can also specify the number of days to defer an update or pause installations. 

Given Microsoft’s regular cadence of “Patch Tuesday” updates, this policy can help keep admins from getting bogged down with OS updates across their fleet. 

Mac Laptops

For Mac laptops, admins can use a Policy to specify the number of days to defer minor OS software updates. Although Apple® doesn’t push patches as often as Microsoft, it’s still worth having a Policy in place to manage those patches as they arrive.

Because Apple is known to push major OS updates without an announcement, admins can also issue guidance to users about what notifications they might receive and how to handle them in the interim.

Commands for Mac & Windows

Beyond Policies, admins can achieve further granularity in their patch management by using JumpCloud’s Commands, which allows admins to schedule and run commands using PowerShell, Bash, and Shell from the Admin Console. 

Monitor Patches & Other System Status Updates

JumpCloud also offers a premium feature, Directory Insights, which allows admins to return telemetry about the machines in their fleet. Using System Insights, admins can identify out-of-date operating systems and verify that patches are installed. They can also identify if systems haven’t been updated to address zero-day vulnerabilities and take quick mitigation actions in response. 

Beyond patch and OS status, admins can return dozens of other data points about their remote fleets, including taking stock of security configurations, local user accounts, installed applications, and available memory and storage on each machine.

If you’re interested in exploring the product further, click here to learn more about JumpCloud’s comprehensive system management capabilities.

Continue Learning with our Newsletter