Learn
Documentation
Support
Community

Usage guide: Windows OS compliance

This page outlines various ways to use the pack, including use case examples.

Administrators can refer to the Configuration guide: Windows OS compliance to set up and customize the installed content.

This library pack will help you monitor and manage Windows operating systems to ensure their stability, compliance, and performance.

Library pack uses

Jump to Use cases on this page to see relevant scenario applications.

Use the library pack content for the following purposes.

Visibility

The "Windows OS compliance" live dashboard acts as the starting point of this library pack. This dashboard provides a single environment for managing multiple aspects of operating system administration by:

  • Identifying devices with an unsupported operating system that are a risk within your environment.

  • Monitoring security patch installs to ensure that Windows devices are up-to-date and compliant.

  • Tracking the migration of Windows devices as newer versions of these operating systems become available.

  • Monitoring the security, health, and compliance of devices.

Advanced troubleshooting and remediation

For more in-depth investigations, you can rely on the results of specific data-gathering remote actions.

  • Get BitLocker information (Windows only): This remote action returns basic information on BitLocker protection status.

  • Test pending reboot (Windows only): This remote action checks to see if the device is waiting to reboot for an update.

Some of these data-gathering remote actions are used to populate the live dashboard and should already be scheduled. You can query the results by investigating KPIs from the Live dashboard or from your own investigations.

To resolve some of the detected issues, the following remote actions can be triggered when required:

  • Install Windows update (Windows only): This remote action installs a .msu patch on Windows devices.

  • Invoke Windows update (Windows only): This remote action restarts Windows Update and BITS services on Windows devices and forces the device to check for updates.

  • Enable BitLocker Encryption (Windows only): This remote action enables BitLocker encryption on the device's system drive.

Use cases

In addition to the relevant use cases covered below, you may uncover other troubleshooting scenarios specific to your environment.

Identify areas of improvement

The dashboard's summary tab gives you a brief view of the devices and operating systems within the estate. Based on this information, you can navigate to the appropriate tab for more detailed troubleshooting.

Filters above the dashboard help you focus on a specific area or device. The time picker can also be used to view data on a more granular or long-term time scale.

Monitor device compliance and security

The Compliance and Security tab displays a summary of devices' operating system vendor support status and security summary information.

Monitoring this data from devices is critical to ensure that devices do not have any known security breaches, are supported by operating system vendors, and comply with baseline corporate security policies.

The tab contains several KPIs and a breakdown by operating system name to help identify the problem area. The goal is to use these breakdowns in conjunction with the dashboard's global filters, exploration, and drill-down features to narrow down each non-compliance issue to the specific device or operating system version that is affected by the issue. These issues can then be resolved by updating the appropriate policy or by performing a remediation remote action.

Unsupported versions of the Windows operating systems shown on this tab are listed in the following custom field: “Operating System Version”.

Monitor devices stability

The Stability tab provides an overview of device health and stability, helping you find the most unstable devices and apply fixes to them.

The starting point for monitoring device instability is devices whose uptime exceeds a week. It is recommended to restart devices or perform a complete power cycle at least once a week.

The tab contains multiple breakdowns by issue type, operating system name, and trend lines. These issues can then be resolved by updating the application version or installing operating system patches that improve stability.

Monitor operating system update compliance

The Windows Update Compliance tab provides an overview of the update compliance of supported versions of the Windows operating systems in your environment.

This information helps track devices that are not receiving updates or are stuck waiting to reboot. You can then take corrective action, such as reviewing the enterprise management software policy associated with the detected device group, or triggering a remote action to install missing updates, or changing the automatic update setting.

The target versions of quality and feature updates on these tabs are specified in the “Operating system target version“ custom field. These versions must be updated regularly to ensure accurate compliance data.

RELATED TOPICS

Last updated

© Nexthink

Privacy policyResponsible Disclosure Policy