Northwestern IT Endpoint Device Management employs a variety of different technologies for managing University owned computers. Our primary Windows management platform is Microsoft Endpoint Configuration Manager (MECM). The MECM environment was built with Co-management capability, which allows certain management workloads to be moved into Microsoft Intune. Both MECM and Intune are extremely effective, top-tier solutions for patch management and other management needs. We have also integrated the PatchMyPC service within both platforms. PatchMyPC allows us to easily automate updates for third-party software products such as Microsoft Office, Zoom, Adobe, Chrome, and hundreds of other products. The combined toolset provides a comprehensive approach for delivering operating system, security, and third-party software updates in a reliable and timely cadence.
What looks different about patch management using Intune?
Monthly operating system security updates will appear and be delivered through the native Windows Update feature instead of MECM Software Center
Navigate to settings ->Windows Update
Third party updates will appear in the Company Portal app instead of MECM Software Center
In the Company Portal navigate to "Downloads & Updates"
If the window is shrunk down, you might only see the down arrow…
Here you'll see a list of applications that are installed, or in the process of installing. Any application that starts with [Update] is an application update sourced from Intune, meaning that the device has the app installed or in the process of being updated. Apps without [Update] in front means it was originally sourced from MECM.
Updates Requiring App Closure
Apps that require the application to close before updating will provide a special toast notification.
These third-party software notifications have a 15-minute countdown by default. You can choose to close immediately or snooze the countdown. There is 6 hours allotted between snoozes with a total of 24 hours to close an app before it is closed automatically. If you don’t take any action, it will force close after the initial 15-minute countdown.
What to expect with firmware and driver updates using Intune?
Computer firmware (BIOS/UEFI) and driver updates improve hardware stability, performance, and security.
Within a few days of enabling firmware and driver updates through Intune, you may see a notification that updates are available.
Clicking the pop up, or going to Settings --> Windows Update, will reveal the related updates.
Example:
These will eventually install automatically and may require a reboot. You’re encouraged to install them at your earliest convenience so that any reboot requirement has the least interruption to your productivity.
If a reboot is required, you will have 24 hours to defer it before the reboot is forced.
Firmware (ex. Bios) updates will take a little longer than normal and will apply immediately upon the computer restarting. Please follow the instructions and leave the device plugged in. IMPORTANT: Do NOT turn off the computer during the bios update.
Firmware/Bios updates are generally only needed once or twice a year and will be timed with the monthly patch cycle moving forward. If you experience any problems with your computer, please contact NUIT support.