Understanding Policies: System Update/Configure Windows® Updates

Written by Zach DeMeyer on December 10, 2019

Share This Article

With JumpCloud® Policies, admins automate their system security management needs with only a few clicks. The macOS® System Update Policy and Configure Windows® Update Policy allow you to fine-tune how OS updates roll out across your system fleets.

What are the System Update and Configure Windows Updates Policies?

macOS System Update Policy

The macOS System Update Policy allows IT organizations to determine when new macOS updates are implemented fleetwide. The policy institutes a configurable deferment time period (in days) between when an update is released and when it is applied to an organization’s macOS system fleet(s).

Configure Windows Updates Policy

The Configure Windows Update Policy is analogous to macOS System Update Policy, but it gives finer control over the nature of updates for the Windows OS. The Policy allows IT admins to automate their control of both major and minor updates.

Like the macOS System Policy, this Policy enables configurable deferment time period (in days) for recent updates. Additionally, IT admins can specify the time, day of the week, and frequency of both update types. Beyond that, admins can use the Policy to implement routine restarts, ensuring that updates take hold on systems.

Why Use These Updates?

New OS updates can often be a double-edged sword for IT admins. Although they come with interesting new features and bug fixes, they can also come with lost functionality due to compatibility issues with hardware and software, as well as potentially disastrous zero-day vulnerabilities.

Lost Functionality

When a new update drops, end users leveraging older systems or other hardware might find that said hardware might not operate properly after updating. The same can be said for applications and other software as well. 

For example, in the recent macOS update, Catalina™, Apple® decided to alter a couple key functionalities. A widely reported one was the omission of iTunes, which caused some consternation among Mac users, but an even more impactful one was the removal of 32-bit application support. Many systems require 32-bit applications, so this update potentially hamstrings users that need them, making work considerably more difficult for IT admins and end users alike.

Zero-Day Vulnerabilities

New updates undergo rigorous testing and often include patches to existing security flaws, but they can also create additional vulnerabilities. Microsoft® continuously releases patches to their Windows OS to cover bugs and other security flaws. Sometimes, however, in patching up one such hole they accidentally create another. This kicks off a vicious cycle of patching until the vulnerability chain is eventually broken, only to be renewed by a new OS version.

By using the above policies, IT organizations can limit their systems to ensure that, even if an OS update is available, end users can’t install it themselves. Doing so foregos the potential loss of functions, or worse — vulnerabilities that an update might present.

How to Use the Policies

IT admins can leverage Policies in the JumpCloud® Directory-as-a-Service® admin portal with a few simple clicks. They can apply these policies on a per-system basis as needed, or en masse through user and system Groups. With Groups, IT organizations can lump together selections of users and/or systems that have similar traits (i.e. department, location, OS, etc.). Applying Policies to a Group allows IT admins to implement the Policies at scale, making the job of protecting systems as easy as clicking a checkbox and saving changes.

Get Started with Update Policies

You can try the macOS System Update and Configure Windows Updates Policies by checking out the Policies section of your JumpCloud admin portal. 

Not a JumpCloud Customer?

If you aren’t using JumpCloud Directory-as-a-Service, but are interested in a fully cloud-based directory service with cross-platform GPO-like capabilities and much more, consider giving JumpCloud a try today. Signing up for an account grants you unlimited access to the Directory-as-a-Service product and 10 users to get you started, all absolutely free with no credit card required.

Zach DeMeyer

Zach is a Product Marketing Specialist at JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, music, and soccer.

Continue Learning with our Newsletter