{"id":62348,"date":"2022-04-28T09:00:00","date_gmt":"2022-04-28T13:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=62348"},"modified":"2022-12-12T17:23:12","modified_gmt":"2022-12-12T22:23:12","slug":"how-patch-policies-user-led-enrollment-change-organizations","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations","title":{"rendered":"Experience Matters: How Patch Policies &#038; User-led Enrollment Change Organizations"},"content":{"rendered":"\n<figure class=\"image is-16by9\">\n<iframe class=\"has-ratio\" width=\"300\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/_7cPpB7eCnY?rel=0\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen=\"\"><\/iframe>\n<\/figure>\n\n\n\n<p>My son Charlie is 8. He\u2019s an outgoing kid, loves to play, loves to tinker on devices, he\u2019s me, but smaller. Getting a chance to firm up some first principles is both the scariest part of being a parent \u2013 what if they glom on to the wrong thing? \u2013 and the best part of being a parent.<\/p>\n\n\n\n<p>He joined Scouts a few years back, and we\u2019ve been going most weeks since then.&nbsp;<\/p>\n\n\n\n<p>There\u2019s a whole curriculum around preserving the outdoors and engaging in conservation.&nbsp;<\/p>\n\n\n\n<p>As part of our weekly meeting, we recite the Outdoor code, and damned if it doesn\u2019t stick with these boys and girls.&nbsp;<\/p>\n\n\n\n<p>The Outdoor code says:<\/p>\n\n\n\n<p>I will do my best to:<\/p>\n\n\n\n<ul><li>Be clean in my outdoor manners.<\/li><li>Be careful with fire.<\/li><li>Be considerate in the outdoors.<\/li><li>Be conservation-minded.<\/li><\/ul>\n\n\n\n<p>It\u2019s a helpful reminder to our youngsters that being outdoors means taking responsibility for that space, being good stewards of the world in which we live, and giving the world around you due care and attention.<\/p>\n\n\n\n<p>It\u2019s awesome to watch this take hold with kids, and Charlie and his fellow scouts are slowly but surely becoming good conservators of the outdoors following that code.<\/p>\n\n\n\n<p>I got to thinking recently about what it means to have an IT Code. If you\u2019ve not yet seen my sessions from last summer and fall about <a href=\"https:\/\/tombridge.com\/2021\/10\/14\/macsysadmin-2021-user-trust-it-codes-of-ethics\/\">having an IT Code of Ethics<\/a>, and <a href=\"https:\/\/tombridge.com\/2021\/07\/08\/the-three-paragons-of-it-chidi-ted-jules\/\">what it means to do good IT in 2022<\/a>, then I\u2019ll point you at those resources.&nbsp;<\/p>\n\n\n\n<p>What does it mean to do IT \u201cright\u201d in 2022? In a post-pandemic world. In an ongoing pandemic world. In a remote-first world. In an office world.&nbsp;<\/p>\n\n\n\n<p>Overall, I keep coming back to the conversations that I have with Charlie about being responsible stewards of the world in which we live. We talk a lot about what it means to be considerate in the outdoors, and to be careful with fire.<\/p>\n\n\n\n<p>He\u2019s a Bear Scout this year, and that meant working with his den to teach them how to use a pocket knife without ending up in the nearby Emergency Room.<\/p>\n\n\n\n<p>I think that two decades of IT experience gave me a bit of a leg up there, because as much as IT professionals have to spend their time getting their coworkers not to run with metaphorical scissors, I could absolutely handle 10 8-year-olds with pocket knives, right?<\/p>\n\n\n\n<p>Well, no one went to the ER, and the first aid kit got only a bit of use. But all that led me to: \u201cWhat\u2019s the IT Code for 2022?\u201d<\/p>\n\n\n\n<p>I came up with:<\/p>\n\n\n\n<p>As an IT Professional, I will do my best to:<\/p>\n\n\n\n<ul><li>Preserve company data from carelessness and compromise<\/li><li>Protect my people from attack and their occasional inattention<\/li><li>Defend the integrity of our organization against bad policies, poor security, and short-sightedness.<\/li><li>Empower my people with knowledge.<\/li><\/ul>\n\n\n\n<p>This is the approach that we have to take as IT pros, to get the job done in 2022 as well as the start of the post-pandemic, yet still endemic, Covid times. These are principles that should apply to everything IT admins have to face, from interactions with coworkers, creation of systems lifecycles, and adoption of a new tool to data governance, IT audits and policy management.<\/p>\n\n\n\n<p>Today, there\u2019s a really critical thing I want to focus on: <a href=\"https:\/\/jumpcloud.com\/blog\/macos-patch-management\"><em>macOS<\/em> patch management<\/a>.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Patch Management and Your Organization<\/h2>\n\n\n\n<p>Staying on the most current version of the operating system is frequently called out as one of the best ways to avoid being breached by an attacker. When it comes to the process of staying patched, I tend to start with recommendations from experts. In the US that means the <a href=\"https:\/\/www.cisa.gov\/\">Cybersecurity &amp; Infrastructure Security Agency<\/a>, or CISA.&nbsp; In the UK, that would be <a href=\"https:\/\/www.ncsc.gov.uk\/\">National Cyber Security Centre<\/a>, or NCSC, who release the <a href=\"https:\/\/www.ncsc.gov.uk\/cyberessentials\/overview\">Cyber Essentials security standards<\/a> for any business that wants to work with a public entity.<\/p>\n\n\n\n<p>CISA in the US has some clear guidelines on where to start:<\/p>\n\n\n\n<ul><li>Enable automatic software updates whenever possible.&nbsp;<\/li><li>Do not use unsupported EOL software.<\/li><li>Always visit vendor sites directly rather than clicking on advertisements or email links.<\/li><li>Avoid software updates while using untrusted networks.<\/li><\/ul>\n\n\n\n<p>If we take these one by one, there are some caveats that I can already hear you forming as IT professionals.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Enabling Automatic Software Updates<\/h3>\n\n\n\n<p>Automatic updates are great. When they work perfectly. Recent surprises in new versions of macOS have come with challenges related to the removal of the system python framework, and recent versions of applications like Google Chrome have changed codesigning certificates. This can result in unexpected behavior for your admins, and give you some frustration to balance out.&nbsp;<\/p>\n\n\n\n<p>Of course, shortly after that, you may get a zero day in Chrome, and suddenly you\u2019re making many more difficult decisions.<\/p>\n\n\n\n<p>A fleet set to automatically upgrade may come with problems you wish you could work around with some warning.<\/p>\n\n\n\n<p>Enabling automatic updates is definitely a choice you can make as an administrator, but there are tradeoffs. You may find out about bugs after they have reached the entirety of your production fleet, and that may have negative consequences for your department\u2019s reputation in the eyes of your coworkers.<\/p>\n\n\n\n<p>Apple\u2019s own documentation \u2013 here I refer to <a href=\"https:\/\/developer.apple.com\/videos\/play\/wwdc2021\/10129\/\" target=\"_blank\" rel=\"noreferrer noopener\">last summer\u2019s session on updating macOS<\/a> \u2013 indicates that admins often need time to evaluate the state of a given update.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"234\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/04\/apple-documentation-patching.png\" alt=\"\" class=\"wp-image-62351\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/04\/apple-documentation-patching.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/04\/apple-documentation-patching-300x137.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>You\u2019ll note here that Admin Testing begins <strong>during the beta cycle. Yours definitely should, too.<\/strong><\/p>\n\n\n\n<p>Catching changes that are in the release notes is one thing, but having a working device on the bleeding edge will help you understand the severity of changes, as well as provide necessary feedback, will keep you <em>at least<\/em> one step ahead of potential disruption.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Do not use End-of-Life (EOL) Software<\/h3>\n\n\n\n<p>Apple famously doesn\u2019t declare a timeframe on the end-of-life of its major releases. One could ask: Is macOS Mojave end-of-life?<\/p>\n\n\n\n<p>Well, the update schedule sure says so. The OS still functions, of course, but it hasn\u2019t seen an update in more than 220 days. It\u2019s dead, but Apple has definitely never said so.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"512\" height=\"219\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/04\/macos-release-schedules.png\" alt=\"\" class=\"wp-image-62352\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/04\/macos-release-schedules.png 512w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/04\/macos-release-schedules-300x128.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/figure>\n\n\n\n<p>Howard Oakley of the blog Eclectic Light Company <a href=\"https:\/\/eclecticlight.co\/2021\/09\/22\/how-long-does-apple-support-macos\/\">has some good dissection on the end of life versions of various macOS releases<\/a>. Since Apple never declares EOL, it only stops updating, and even then not all software updates make it to all release trains of macOS, so admins are left operating by rule of thumb rather than by specific manufacturer-lead declarations.<\/p>\n\n\n\n<p>In addition, some common <a href=\"https:\/\/jumpcloud.com\/blog\/patch-management-vs-vulnerability-management\">patch vulnerabilities<\/a> that have been addressed on macOS Monterey have yet to be released for macOS Big Sur, and likely <strong>never will be.<\/strong><\/p>\n\n\n\n<p>The only thing we\u2019re left to know is this: the most secure version of the Operating System is the latest one, followed by a fully patched version of the previous operating system. Two versions previous may get updates, but there\u2019s no clear rationale behind the updates delivered to the n-2 version, and no clear vulnerability score at which we should expect an n-2 security update.<\/p>\n\n\n\n<p>This leads us to the First Law of Patch Management:<\/p>\n\n\n\n<p><strong>\u201cThe second-most secure computer is one that is fully patched. The first is one that\u2019s off and in your desk drawer\u201d<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Visiting Vendor Sites Directly, and Avoid Software Updates on Untrusted Networks<\/h3>\n\n\n\n<p>When it comes to patching macOS, the only place to get updates is directly through Apple, fortunately. With the system volume being signed &amp; sealed starting in Big Sur, the only way to update the OS is via Software Update or a properly signed package from the App Store.&nbsp;<\/p>\n\n\n\n<p>This is also fairly anodyne when it comes to macOS. Due to codesigning and integrity checking at multiple points throughout the process, Apple updates, while requiring network access, don\u2019t necessarily require highly secured networks to download. Apple covers all of that work for you, thankfully. This advice is substantially less important for Mac Admins.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Why is patching so important?<\/h2>\n\n\n\n<p>I\u2019m not here to scare you, because being scared leads to making decisions from fear and not strength. However, things are rough out there. This is the golden age of cyber crime, and it\u2019s your job as an admin to do what you can. The number of vulnerabilities discovered in key software products is on the rise. 2017 and onward has shown a substantial increase in <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-a-zero-day-attack\">zero-day vulnerabilities<\/a> that have been found in key software applications and operating systems.\u00a0<\/p>\n\n\n\n<p>In the States, we have a saying: \u201cIf you and your friend are walking through the woods and you come across a bear, you don\u2019t have to be faster than the bear; you just have to be faster than your friend.\u201d<\/p>\n\n\n\n<p>The stakes are high, there\u2019s no question. Worse, more than half of businesses don&#8217;t even know where to start in the event of a security problem. So you can see where this is going: where more businesses are being attacked internally and they&#8217;re not even sure where to start.<\/p>\n\n\n\n<p>If you\u2019re here to learn about Patch Management, you\u2019re in the segment of businesses that know they need help, and you\u2019ve come to see more about how JumpCloud can help you. Good. That\u2019s a good start.&nbsp;<\/p>\n\n\n\n<p>Before we talk about how JumpCloud\u2019s patching solution works for macOS, we have to talk about how Apple intends for OS Patching to work.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Does Apple Intend for Patching To Work?<\/h2>\n\n\n\n<p>At Worldwide Developers Conference 2021, Apple announced improvements to patching macOS via the Mobile Device Management protocol. This improved method would take advantage of the <code>ScheduleOSUpdate<\/code> MDM command with a new set of capabilities associated with the <code>MaxDeferrals<\/code> key. This would allow Mac Admins to send an update command, allow a number of deferrals, and then enforce the update.<\/p>\n\n\n\n<p>Apple is depending on users acting on the small notifications that the operating system provides. They\u2019re depending on their new mechanisms working each time. Unfortunately, there have been challenges with this feature working in the field.&nbsp;<\/p>\n\n\n\n<p>Until the release of macOS 12.3.1, it was difficult for an MDM to understand fully where devices were in the deferral cycle, as well as getting those updates to apply correctly. Of course, if your organization can\u2019t adopt Monterey immediately, or has good reasons to stay at the previous release for stability, none of these new features will work for you. You still need to stay up to date, though, so what are you supposed to do?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Should Patching for macOS Actually Work?<\/h2>\n\n\n\n<p>There\u2019s no denying that a <a href=\"https:\/\/jumpcloud.com\/platform\/cloud-device-management\">mobile device management solution<\/a> is required for this part of the admin\u2019s job. You cannot manage Macs effectively without the MDM layer, and that\u2019s been true for nearly half a decade at this point. Some profiles \u2013 especially those that delay the rollout of a given operating system release \u2013 require MDM in order to be installed. In addition, the commands that can act as a forcing function for upgrades require an MDM to deliver. There\u2019s no question that MDM is the right way to approach this.<\/p>\n\n\n\n<p>In addition to being driven by your MDM, admins need to push for user-driven updates. Your coworkers should get a say, if not the final one, in the patching of their devices. Updates are disruptive, lengthy, and not risk-free, so letting your users be in charge of the timing is important in getting your coworkers\u2019 buy-in for a given update. That\u2019s not to say they should be given the ability to skip necessary updates; your organization\u2019s security policy still has to be given primary focus, and coworkers who fail to abide by those policies should face organizational consequences.&nbsp;<\/p>\n\n\n\n<p>With these bounds set, we can start to look for a solution to handle patching macOS that aligns with our core principles:&nbsp;<\/p>\n\n\n\n<ul><li>It needs to include a user\u2019s consent&nbsp;<\/li><li>It needs to be schedulable<\/li><li>It needs to support delays; and, most importantly<\/li><li>It needs to support automation&nbsp;<\/li><\/ul>\n\n\n\n<p>If you have to readjust the update policy every time Apple releases something new, you\u2019re going to be spending a lot of time adjusting when you could just be testing the release.<\/p>\n\n\n\n<p>More than what we\u2019ve discussed thus far, though, your organizational culture needs to be tolerant of update delays when they occur. If someone\u2019s late to a meeting because they\u2019re applying the latest update, thank them for looking out for your company\u2019s security rather than scolding them and thus sending the mixed message that they shouldn\u2019t be doing these updates during the workday. Caring about security means making room for people to patch their devices.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Patching in Rings: Making Processes That Work<\/h2>\n\n\n\n<p>Two choices that you have to make as an IT admin is <strong>when<\/strong> to patch, and <strong>who<\/strong> goes first. You <em>could<\/em> decide that the most current operating system is where <strong>everyone<\/strong> belongs, all the time, and you accept the risk of deploying software that doesn\u2019t operate properly. You <em>could<\/em> decide to delay <strong>everyone<\/strong> for at least 90 days to prevent messing with software that doesn\u2019t operate properly, and accept that a missed security flaw could be exploited and allow an attacker to gain control of some or all of your devices.<\/p>\n\n\n\n<p>It\u2019s not a pleasant dilemma, is it? Do you prioritize security, or do you prioritize operations?<\/p>\n\n\n\n<p>There\u2019s an answer here, and it\u2019s all about tiered access. We take our model from the Linux Kernel and <a href=\"https:\/\/en.wikipedia.org\/wiki\/Protection_ring\" target=\"_blank\" rel=\"noreferrer noopener\">protection rings<\/a>. There\u2019s a highly privileged group of skilled users who can handle some small amount of inconvenience and who have immense systems knowledge, and we can start there. That\u2019s you and your team, as the IT admins. From there, we can broaden the approach and pick key users of line-of-business software packages that perhaps IT doesn\u2019t have the specialized knowledge to test. Once they give the all clear, you can move to the vast majority of systems that represent general adoption of the new updates. And last but not least, you can patch the trailing devices who maybe shouldn\u2019t be updated with rapidity.\u00a0<\/p>\n\n\n\n<p>Using a ring model will not only allow you to expose your organization to the new updates without risking your whole team\u2019s productivity, but it is a great way to test the validity and functionality of software updates without \u2013 and I\u2019m using a technical term here \u2013 YOLO\u2019ing new software to production. Good testing rubrics will give you a pathway to success regarding the functionality of any given update. Building a list of tasks that your expert users can test for you, and that tests the bounds of line-of-business software activities, will help you identify which updates are safe to apply, which may require patches of other apps, and which aren\u2019t ready for public distribution.&nbsp;<\/p>\n\n\n\n<p>Making a strong written procedure guide is a great way to ensure that updates get reviewed in a timely manner, and that your organization is protected not just against security vulnerabilities, but also against problematic updates damaging your workflows.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Returning to the Code<\/h2>\n\n\n\n<p>At the beginning of this I talked about creating an IT Code for organizations to follow. Protecting your coworkers and your company is a delicate art, but it\u2019s a necessary one. Stewarding your organization\u2019s values into production policies will give you a chance to show your coworkers that you\u2019re doing everything you can to keep them safe and balance their work experience with the operating conditions and security needs of your company.&nbsp;<\/p>\n\n\n\n<p>Providing a good experience for patch management will simultaneously make your devices more secure and make your coworkers appreciate your attention to detail and execution. Treating their schedules with respect, as well as instilling the internal values related to patch management\u2019s requirements, is an important thing for any systems admin to do.<\/p>\n\n\n\n<p>Building your values into your policies is a cornerstone to managing IT well. It\u2019s not something that some IT operations think about much, however. Blind adherence to individuated policies that are developed in a vacuum is a good way to run a department that your coworkers will do anything <em>not<\/em> to engage with. Running a human-centric IT department, however, pays dividends in other ways, such as enhanced trust, better cooperation, better communications, and more frictionless IT experiences. Which is why I\u2019ll close with a good set of guideposts to get you there:<\/p>\n\n\n\n<p>As an IT Professional, I will do my best to:<\/p>\n\n\n\n<ul><li>Preserve company data from carelessness and compromise<\/li><li>Protect my people from attack and their occasional inattention<\/li><li>Defend the integrity of our organization against bad policies, poor security, and short-sightedness.<\/li><li>Empower your people with knowledge.<\/li><\/ul>\n\n\n\n<p>Great experiences make IT a seamless experience, which everyone will appreciate.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As I ask myself \u201cWhat\u2019s the IT Code for 2022?\u201d a few core principles stick out. When it comes to patch management, the focus here is on the end user. <\/p>\n","protected":false},"author":130,"featured_media":52686,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[23],"tags":[],"collection":[2778],"platform":[],"funnel_stage":[3016],"coauthors":[2600],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Patch Policies &amp; User-led Enrollment Change Organizations<\/title>\n<meta name=\"description\" content=\"As I ask myself \u201cWhat\u2019s the IT Code for 2022?\u201d a few core principles stick out. When it comes to patch management, the focus here is on the end user.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Experience Matters: How Patch Policies &amp; User-led Enrollment Change Organizations\" \/>\n<meta property=\"og:description\" content=\"As I ask myself \u201cWhat\u2019s the IT Code for 2022?\u201d a few core principles stick out. When it comes to patch management, the focus here is on the end user.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-28T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-12T22:23:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1495\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tom Bridge\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tom Bridge\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations\"},\"author\":{\"name\":\"Tom Bridge\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/5935e2735a68fac72d21ccf02a28b8dc\"},\"headline\":\"Experience Matters: How Patch Policies &#038; User-led Enrollment Change Organizations\",\"datePublished\":\"2022-04-28T13:00:00+00:00\",\"dateModified\":\"2022-12-12T22:23:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations\"},\"wordCount\":2815,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg\",\"articleSection\":[\"Best Practices\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations\",\"url\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations\",\"name\":\"How Patch Policies & User-led Enrollment Change Organizations\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg\",\"datePublished\":\"2022-04-28T13:00:00+00:00\",\"dateModified\":\"2022-12-12T22:23:12+00:00\",\"description\":\"As I ask myself \u201cWhat\u2019s the IT Code for 2022?\u201d a few core principles stick out. When it comes to patch management, the focus here is on the end user.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg\",\"width\":2560,\"height\":1495,\"caption\":\"patch on road\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Experience Matters: How Patch Policies &#038; User-led Enrollment Change Organizations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/5935e2735a68fac72d21ccf02a28b8dc\",\"name\":\"Tom Bridge\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/ae63862e9ed639062dd6f667f7d1568d\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6e9324bdaf95703f13145c57c61d4aef?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6e9324bdaf95703f13145c57c61d4aef?s=96&d=mm&r=g\",\"caption\":\"Tom Bridge\"},\"description\":\"Tom Bridge is JumpCloud\u2019s Principal Product Manager for Apple technologies. He has spent more than 20 years in IT roles at SMB and Medium Enterprise organizations as a consultant. He has degrees in Political Science and Music from Denison University, and a Masters in History of Science &amp; Technology from Virginia Tech. He lives in the District of Columbia with his wife Tiffany, son Charlie, and 25-lb cat Macro.\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How Patch Policies & User-led Enrollment Change Organizations","description":"As I ask myself \u201cWhat\u2019s the IT Code for 2022?\u201d a few core principles stick out. When it comes to patch management, the focus here is on the end user.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations","og_locale":"en_US","og_type":"article","og_title":"Experience Matters: How Patch Policies & User-led Enrollment Change Organizations","og_description":"As I ask myself \u201cWhat\u2019s the IT Code for 2022?\u201d a few core principles stick out. When it comes to patch management, the focus here is on the end user.","og_url":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations","og_site_name":"JumpCloud","article_published_time":"2022-04-28T13:00:00+00:00","article_modified_time":"2022-12-12T22:23:12+00:00","og_image":[{"width":2560,"height":1495,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg","type":"image\/jpeg"}],"author":"Tom Bridge","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Tom Bridge","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations"},"author":{"name":"Tom Bridge","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/5935e2735a68fac72d21ccf02a28b8dc"},"headline":"Experience Matters: How Patch Policies &#038; User-led Enrollment Change Organizations","datePublished":"2022-04-28T13:00:00+00:00","dateModified":"2022-12-12T22:23:12+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations"},"wordCount":2815,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg","articleSection":["Best Practices"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations","url":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations","name":"How Patch Policies & User-led Enrollment Change Organizations","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg","datePublished":"2022-04-28T13:00:00+00:00","dateModified":"2022-12-12T22:23:12+00:00","description":"As I ask myself \u201cWhat\u2019s the IT Code for 2022?\u201d a few core principles stick out. When it comes to patch management, the focus here is on the end user.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/08\/patch-on-road-1-scaled.jpg","width":2560,"height":1495,"caption":"patch on road"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/how-patch-policies-user-led-enrollment-change-organizations#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Experience Matters: How Patch Policies &#038; User-led Enrollment Change Organizations"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/5935e2735a68fac72d21ccf02a28b8dc","name":"Tom Bridge","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/ae63862e9ed639062dd6f667f7d1568d","url":"https:\/\/secure.gravatar.com\/avatar\/6e9324bdaf95703f13145c57c61d4aef?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6e9324bdaf95703f13145c57c61d4aef?s=96&d=mm&r=g","caption":"Tom Bridge"},"description":"Tom Bridge is JumpCloud\u2019s Principal Product Manager for Apple technologies. He has spent more than 20 years in IT roles at SMB and Medium Enterprise organizations as a consultant. He has degrees in Political Science and Music from Denison University, and a Masters in History of Science &amp; Technology from Virginia Tech. He lives in the District of Columbia with his wife Tiffany, son Charlie, and 25-lb cat Macro."}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/62348"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/130"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=62348"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/62348\/revisions"}],"predecessor-version":[{"id":73044,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/62348\/revisions\/73044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/52686"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=62348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=62348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=62348"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=62348"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=62348"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=62348"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=62348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}