What is Endpoint Configuration Manager and why are we using it?
With the exception of faculty, staff and loaner devices that frequently travel off-campus, Windows desktops and servers that remain on-prem utilize the patch management solution from Endpoint Configuration Manager (formerly SCCM). This solution allows SJU to keep all on-prem Windows devices up to date and compliant with audit and security requirements, and keeps devices patched with available Windows Updates and to help mitigate any vulnerabilities.
A primary goal of using this application is to have better control over security patches and updates that are being released continuously by Microsoft. Many times, users do not install these updates in a timely fashion, which leaves the computer and data vulnerable. OIT is required to ensure that SJU computers are being updated and rebooted regularly.
When are updates installed, and why might my computer force me to restart?
Ideally software updates are installed automatically after hours when you are not actively using it. This requires that the machine be left on overnight at least once a week every week while on campus. If computers are not on campus and not left on overnight than they will eventually hit the software deadline--perhaps even while you are using it. The deadline is determined by how out-of-date your computer is. To prevent random restarts, we encourage you to manually update your computer. In settings choose "Windows Update". Then select "Check Online for Updates from Microsoft Updates". Install all "critical" and "important" updates, then when those are installed, restart your computer. If a computer falls several months behind, it is possibly that more than one restart will be necessary. Even worse, a machine substantially behind on updates will fall out of the reach of our patch management system and then manually updates will be required. In summary, manually keeping your machine up-to-date will help keep it from random or inopportune restarts.