Currently, executive staff devices are exempt from automatic reboots following Windows updates, as outlined in the existing SOP for Windows Update Management via Intune Production. This exemption was intended to prevent work disruption but has resulted in delayed update compliance for these critical endpoints.
To address this, we propose modifying the update ring assigned to executive staff devices. The new configuration will enable automatic reboots after updates, but only within a defined maintenance window from 2:00 AM to 6:00 AM. This approach ensures devices receive essential security and quality updates promptly while minimizing the risk of interrupting executive workflows. The change will involve:
-
Updating the Intune policy for the executive staff device group to enable "Auto reboot before deadline."
-
Setting the maintenance window for reboots to 2:00 AM – 6:00 AM.
-
Communicating the change to impacted users in advance.
This change is necessary to maintain security and compliance standards across all company-managed devices, including those assigned to executive staff, while respecting operational requirements for minimal disruption.