Managing Windows device updates

To better manage security patches, administrators can create compliance policies based on update status or time periods. Devices that fall out of compliance are blocked from accessing specified services and applications such as Office 365 or Tunnel. Compliance information can also be sent to AAD for integration with Office 365.

Device update management is based on one or more of the following update status:

  • Time of the last hotfix date
  • Last hotfix ID
  • Windows 10 build# on the device

View the update information in the Device Details page for selected devices.

This section contains the following topics:

This feature requires Bridge. See Setting up Bridge for details.

Setting hotfix options

This procedure describes how to set the hotfix options to obtain hotfix information such as the version and date.

Procedure 

  1. Log into the Admin Portal.
  2. Go to Policies & Configs > Configurations.
  3. Click Add New > Windows > MobileIron Bridge.
  4. Select Device Management to open the Device Management Settings page.
  5. Enter a name for the configuration.

    A description is optional.

  6. Go to the hotfix section and click one or both of the Allow check boxes for the following options:
    • View Last Hotfix Date: to view the date of the most recent Windows hotfix update.
    • View Last Hotfix ID: to view the ID of the most recent Windows hotfix update.
  7. Click Save.
  8. Select the newly added configuration in the Configurations table.
  9. Click Actions > Apply to Label.
  10. Select a label associated with devices to track updates for hotfixes.
  11. Click Apply.
  12. Go to Devices & Users > Devices.
  13. Open the details page of a device associated with the new label.
  14. Click the Device Details tab to track the hotfix updates in the following rows:
    • Last Hotfix ID
    • Last Hotfix Installed On (date)

Setting up a compliance policy for device updates

This procedure describes how to set up device compliance based on hotfix and Windows 10 build information.

Procedure 

  1. Log into the Admin Portal.
  2. Go to Policies & Configs > Policies.
  3. Click Default Security Policy.
  4. Scroll down to the Access Control > For Windows devices section.
  5. Select one or more of the following options and provide the required information, where appropriate.
  6. Click Save.

    The default policy will be applied to all Windows 10 desktop devices and labels, by default, to which no other policy has been applied.