Usage guide: Operating systems - Stability, security, and compliance

Introduction

This library package will help you monitor and manage various operating systems to ensure their stability, compliance, and performance. This page will guide you through the structure of the content and how it can be used.

Please keep in mind this is a guide and represents just some of the potential insight and actions you can take. There are many use cases and specific troubleshooting scenarios that you might uncover in your environment.

Ensure your library pack is properly configured by following the steps highlighted in its configuration guide:

Configuration guide: Operating systems - Stability, security, and compliance

Pack structure

Visibility

The "Operating systems - Stability, security, and compliance" live dashboard acts as the starting point of this library pack. This dashboard provides a single environment for managing multiple aspects of operating system administration by:

  • Identifying devices with an unsupported operating system that are a risk within your environment.

  • Monitoring security patch installs to ensure that Windows devices are up-to-date and compliant.

  • Tracking the migration of Windows and macOS devices as newer versions of these operating systems become available.

  • Monitoring the security, health, and compliance of devices.

Advanced troubleshooting and remediation

For more in-depth investigations, you can rely on the results of specific data-gathering remote actions.

  • Get macOS updates and restart information (macOS only): This remote action allows you to get information about macOS devices - the number of days since the last restart, whether there are pending updates, a list of names of pending updates, and others.

  • Get firewall options (macOS only): This remote action allows you to get the status of your device firewall settings under System Preferences - Security & Privacy - Firewall on macOS devices.

  • Get XProtect status (macOS only): This remote action allows you to get the status of your device XProtect settings under System Preferences - Software Update - Advanced on macOS devices.

  • Get BitLocker information (Windows only): This remote action returns basic information on BitLocker protection status.

  • Get encryption information (macOS only): This remote action gets an APFS file system disk encryption and decryption information in addition to checking whether FileVault is enabled or not.

  • Test pending reboot (Windows only): This remote action checks to see if the device is waiting to reboot for an update.

Some of these data-gathering remote actions are used to populate the live dashboard and should already be scheduled. You can query the results by investigating KPIs from the Live dashboard or from your own investigations.

To resolve some of the detected issues, the following remote actions can be triggered when required:

  • Set firewall options (macOS only): This remote action configures the firewall settings under System Preferences - Security & Privacy - Firewall on macOS devices.

  • Set XProtect status (macOS only): This remote action configures the XProtect status under System Preferences - Software Update - Advanced on macOS devices.

  • Install Windows update (Windows only): This remote action installs a .msu patch on Windows devices.

  • Invoke Windows update (Windows only): This remote action restarts Windows Update and BITS services on Windows devices and forces the device to check for updates.

  • Set auto updates (macOS only): This remote action configures an additional macOS automatic update settings under System Preferences - Software Update - Advanced on macOS devices.

  • Enable BitLocker Encryption (Windows only): This remote action enables BitLocker encryption on the device's system drive.

Use cases

Identify areas of improvement

The dashboard's summary tab gives you a brief view of the devices and operating systems within the estate. Based on this information, you can navigate to the appropriate tab for more detailed troubleshooting.

Filters above the dashboard help you focus on a specific area, device, or platform type. The time picker can also be used to view data on a more granular or long-term time scale.

Monitor device compliance and security

The Compliance and Security tab displays a summary of devices' operating system vendor support status and security summary information.

Monitoring this data from devices is critical to ensure that devices do not have any known security breaches, are supported by operating system vendors, and comply with baseline corporate security policies.

The tab contains several KPIs and a breakdown by operating system name to help identify the problem area. The goal is to use these breakdowns in conjunction with the dashboard's global filters, exploration, and drill-down features to narrow down each non-compliance issue to the specific device or operating system version that is affected by the issue. These issues can then be resolved by updating the appropriate policy or by performing a remediation remote action.

Unsupported versions of the Windows and macOS operating systems shown on this tab are listed in the following custom field: “Operating System Version”.

Monitor devices stability

The Stability tab provides an overview of device health and stability, helping you find the most unstable devices and apply fixes to them.

The starting point for monitoring device instability is devices whose uptime exceeds a week. It is recommended to restart devices or perform a complete power cycle at least once a week.

The tab contains multiple breakdowns by issue type, operating system name, and trend lines. These issues can then be resolved by updating the application version or installing operating system patches that improve stability.

Monitor operating system update compliance

The Windows Update Compliance and macOS Update Compliance tabs provide an overview of the update compliance of supported versions of the Windows and macOS operating systems in your environment.

This information helps track devices that are not receiving updates or are stuck waiting to reboot. You can then take corrective action, such as reviewing the enterprise management software policy associated with the detected device group, or triggering a remote action to install missing updates, or changing the automatic update setting.

The target versions of quality and feature updates on these tabs are specified in the “Operating system target version“ custom field. These versions must be updated regularly to ensure accurate compliance data.


RELATED TOPICS

Last updated

#451: 2024.8-Overview of integration DOC

Change request updated