Are Your Clients Ignoring Critical Updates? Here’s How to Deal With It... | EP 101

[00:00:07] This is now, this is the problem with doing a cold open on the force because we had a great cold open and you didn't hit through it. My number one rule whenever I get onto any podcast with anyone is always, hey, before we even get started, just hitting record because you never know what I'm going to say. Maybe you'll use it. Maybe you won't. It's fine. But at least we'll have it recorded.

[00:00:27] I know. Today was a little different though because we were waiting for a guest that shall remain nameless because we don't know what happened, right? They just aren't here. My mom doesn't know how to use technology. Do not get mad at her. It's fine. It's fine. This is what the audience gets as a cold open now. Haha. Tough. Better near near near near.

[00:00:48] Helpd makes it easier for MSPs to deliver exceptional IT support. With on-demand services and a network of reliable technicians, Helpd helps you expand your service offerings without adding overhead. Fast, flexible, and built for MSPs, visit atmsp.link forward slash helped and see how they can help your business thrive.

[00:01:20] Navigating compliance requirements should not be a headache. With Compliance Scorecard, you can track, report, and manage all your clients' compliance needs in one place. You can stay ahead of audits, ensure client satisfaction, and reduce risks with ease. Start simplifying your compliance today at atmsp.link forward slash Compliance Scorecard. What's up, everybody? Welcome to the All Things MSP Podcast.

[00:01:48] The podcast for all things you, the MSP. I'm your host, Justin Esco. With me always is the man with the plan, podcast producer extraordinaire, Mr. Eric Anthony. What's up, buddy? Having a great time. Looking forward to a little time off. Nice. Don't worry. We're recording enough episodes to cover for a while. Yeah, I'm sure that was their first thought. Well, some of them. Some of them actually care what we do. I know. I do like it when people tell me that they care.

[00:02:17] Like when I talk to random MSPs, they're like, I've listened to you on the podcast. I'm like, oh, that's awesome. They're like, you sound dumb. All right, fine. Today is one of those episodes where we thought we had a plan and then the plan went sideways. So we threw away the plan. We're going to go something else. I do want to talk about something that I've been working on internally, which is how to deal with clients when it comes to software updates.

[00:02:47] Ah, very good. This is a good one, right? So we enforced a software update to go out earlier this morning. We set this rule three weeks ago. We have emailed multiple times, including three times this week. We have told them and showed them with graphics that there will be a notification top right corner of your screen.

[00:03:14] If you don't do it now, it's going to happen exactly at this time. It was like 8.16 in the morning. If you don't do it, we gave people the opportunity to update before the deadline. The deadline was 8.16 a.m. today. I get a phone call from a client going, I was in the middle of a Zoom meeting. My computer crashed. What the hell is going on? And he calls me and he was mad. And I was like, you guys, you saw those emails, right? You saw those notifications. Well, I get too many notifications.

[00:03:44] That's not my fault. Yeah. I, you know, there's a certain amount of client responsibility here. And I think you did everything you needed to do to make sure that they were properly notified. Right? Yeah. And in that case, like three weeks, three weeks is a long time. Yeah.

[00:04:12] And, you know, there was a way for them to prevent this from happening. And that was to just go ahead and get it done earlier. What's even funnier about this is that it was supposed to happen last week. So, Apple has this feature called DDM, declarative device management. It's the step up from MDM. It's MDM's, you know, new baby brother that is both stronger and more loved than the first child.

[00:04:41] The idea is that the system can report back. It doesn't need to be pinged. It doesn't need to be queried. It can report back on things. So, it should be able to do updates faster. And so, we set it up to release 15.2, which was the latest of us. And then the month, that was supposed to be last Friday. The last month, not this past Monday, the Monday before. 15.3 came out and it screwed the entire thing. So, we had sent out emails being like, this Friday you're getting these updates.

[00:05:09] And then we had to send another email going, sorry, next Friday because Apple borked it. So, yeah, plenty of warning. And it's not like it just happens. Like, there are, there's a notification on the top right corner with multiple times. Like, it's not like we did this in the blind. Yeah. They had to ignore this multiple times. Yeah. They had to ignore it multiple times. I'm just happy that we got, we got one person. That was it. One.

[00:05:39] So, that's pretty good in my opinion. Yeah. But like, I know from the people who manage PCs, setting Windows updates as like an enforceable rule. Because like one of the things that Mac is doing, that Apple is doing, is in 15.2, 15.3, they're actually putting a little bit of, I hate to say this, AI into their software updates.

[00:06:04] They're actually calculating when the best time to do your software update is. And it will do it in the background when the computer is not in use. So, let's just say like you take lunch every day from 12 to 1. If it knows it can run the update in an hour, it will have already pre-downloaded or whatever. And you're signed into the computer. It's going to capture that sign in, do the update, reboot your computer, sign you back into exactly where you left off. Basically like a restorative point. Right.

[00:06:35] And it will like slipstream those updates in there. But we got to get you to 15.2 to do that. I don't think that exists really in the Windows side of things. But like I know for a fact that like my Windows friends have a really hard time enforcing those software updates that need to be done. Yeah.

[00:07:00] I know that some of the RMM tools handle it a little bit better than Windows' own operating system. And that's one of the kind of the differences between Windows and Mac, right? Mac is a little more friendly when it comes to those things. And some of the RMM tools have made it more friendly. But, you know, the more interesting piece to me here, and I bet I can make a guess about this one particular user at this client.

[00:07:27] They probably push back on everything security that might be a little bit of an inconvenience. You know, everyone wants to feel like they're like a unique snowflake. And everyone's always so busy all the time. Like we're always taking our laptops on vacation and we're doing things like that. There's a little zinger for you. I saw that.

[00:07:53] But like, yeah, like nobody wants to give the time to the computer. This is why we have people of uptime of like 60, 90 days. They don't want to put the time in. They don't want to take the five minutes to like make their lives better. I had a client who like Google Chrome has basically said nine tabs. Like that's it. Like you go beyond nine tabs, you're in the wild, right?

[00:08:17] The amount of clients I have that have, you know, 50, 100 tabs open. I'm like, you're not being productive. Like you're just harming your computer at this point. And I do like the people who go, what if I have like four windows open with nine tabs each? I'm like, that's not how math works. Yeah. I'm guilty as charged right now, by the way, because I had to look, right? Yeah.

[00:08:43] I have at least one, two, three, four, four windows. And I guarantee you they at least all have 10 to 12 tabs open. Yeah, man. You're just, this is why your video to me is very like Max Headroom-ish. That and I forgot to reboot today before. Oh, that's true. We were close. Yeah. Yeah. Yeah.

[00:09:05] But going on the PC side, like enforcing those updates, even with like, you know, we use data to take care of those PCs. Like, and we schedule them. But like, I think the other problem is just the slew of updates for Windows, right? Because like when Mac releases 15.2 to 15.3, like all the other updates are pretty slipstream, right? Safari slipstreams, expert act slipstreams, it's not a big deal. So I think it also has to do with just like the mass of software updates that need to be done.

[00:09:34] So the question really comes down to is like, do you want to rule with an iron hand and like, be like, we're doing update, you know, what's it? It's like update Tuesdays, right? We'll stay a week behind on update Tuesdays, but Tuesdays is the day. But like, you're always going to be interfering with somebody. So like, what is the right methodology to do this? Because like, we got lucky. One person got mad, right? Like, but when you're in a big corporation, like you can't piss off 10% of your staff. That's not going to work.

[00:10:02] And I mean, look, people have been trying to get around this for years. RMM tools have been trying to use Wake on LAN so that they could wake computers up, you know, at night and do updates so that it didn't bother the users. They've tried to tell people, leave your computers on, on this particular day and we'll do updates overnight. But they always get stuck or there's always, there's always something that goes wrong with that. I always find, right?

[00:10:29] Look, patch management is the bane of every MSP's existence, I think. Yeah. Because no RMM tool can consider everything that's running on that machine at one time that may cause it to block or have, you know, an application open or, you know, not quite enough memory, not quite enough hard drive space.

[00:10:53] Whatever it is, there's just too many factors involved that have to be perfectly right before patch management will work perfectly right. I mean, case in point, when I was working at GFI Max Logic Now, whatever you want to call it, now called Enable.

[00:11:11] One of the best things that you could do to ensure that patch management had the greatest degree of success was actually schedule a reboot before you scheduled the updates to run. Yeah. The amount of problems that that fixed were incredible. But yet most people still wouldn't do it. Especially because nobody wants to reboot first.

[00:11:39] I think like, you know, patch management in and of itself, like I want to specifically call it like patch management for software is obviously very different than for OSs. But actually, here's a funny one. We have a client, they live and die by Microsoft Word. They're always writing. They do never, they never quit Word ever. Right. And we started getting reports from them being like, I can't save documents. I have a document over it.

[00:12:09] I literally cannot save it. The save option is grayed out. Like, what do I do? And so like, we were like, just copy and paste it into a new document. And it would still gray it out. We're like, all right, copy and paste it into Google Docs or text editor or something just so you don't lose the data. Quit Word, relaunch it. Let's see if it fixes it. And of course it did. And we kept going. Like, a couple days later, it came up again from someone else. And we're like, what the hell is going on here? This doesn't make any sense.

[00:12:36] Because they left Microsoft Word open all the time, the Apple App Store from which we got Microsoft Word couldn't update the app. It actually updated the app in the background. And because the app didn't quit, it didn't actually give it, you know, whatever timing it needed to make the new version take over. So they were stuck in this like a Magmus, like half updated version that didn't have save enabled, right? Once they quit. Same thing with Google Chrome.

[00:13:03] Like, Chrome updates 14 times a day at this point. And every time it does, we push a notification. And it's ugly. I hate this notification box. I've yelled at my team about this. And it says click here to quit Chrome. Like, Chrome needs to be updated. Click here to update it. When you click it, it quits Chrome. But like so many users will immediately just click the Chrome icon again without waiting five minutes to like let the update happen. And they're like, why do I keep getting prompted? It's like, because you need a little bit of patience.

[00:13:36] I'm just convinced that people who use computers don't have patience anymore. I think that's true. I think because the problem is that like computers have gotten so fast that we're not, we don't remember when like it took a while for things to work. Like, you know what I just heard in my brain? What? I heard dial up modem sounds. I was going to say like, you remember how long it took to open up Microsoft Word on like a 286? Mm-hmm.

[00:14:07] I do. And now we have it all in our pocket. Like I can run Word on my phone. And it's instantaneous. Instead of playing pun ball. But yeah. Like the lack of that patience, I think, has really contributed to the inability of us as IT people to like do our jobs to ensure these computers get updated.

[00:14:35] I do want to pass the buck. I think Apple and Microsoft need to come up with better ways of doing this. And don't get me wrong. It's not like I don't understand the technical. Right? I get that like they have to shut it. They have to be able to reboot because they're like inserting code into the kernel at the core level and whatever. But there's got to be a better way to do that. I don't know. I don't know.

[00:15:03] It's an interesting question to poise to people who develop operating systems for a living. I would suspect that it has to do with something around they don't want any software on that machine to be able to modify those pieces of code. And so it has to be done in a reboot process where no other code can be in existence until the operating system is done doing the secure things that it needs to do.

[00:15:33] Right. I mean, there's a lot of reasons, but I think we need to bring this back to you is like, all right, listeners, if you're doing patch management, what methods are you using to keep your clients happy? Like how many times is my three weeks plus all those notifications that the Mac gives enough? Because clearly I missed one or two people.

[00:15:55] Like what are you doing to make it more clear about updates? That's what I want to know. I want to know what everyone's doing because this is a learning lesson for me as well. Like we're trying to make a big push. And don't get me wrong. We got a good amount of our fleet to update tonight. Like I would say more than 70% of our fleet updated today, this morning with no problems. It was like the two people.

[00:16:23] It was like one guy who called about him and an employee who clearly didn't just, they just didn't read the email. And what was really funny was we set the update to go off at 8.16 in the morning. And I was on a call with my director of technology, Luke, and they called around noon. And I was like, or no, it was like 11.30. And I was like, what the hell? I realized they're on the West Coast. Like we didn't consider West Coast in the timing. It's still 8.16 in the morning.

[00:16:52] Why would they be on a Zoom call at 8.16 in the morning general? But like they were on a call with East Coast people because it was 11 o'clock our time. Well, and that makes sense. And, you know, I would love to hear from our listeners, A, what they think the best patch management system is out there right now. I know that there are a variety of them, whether they're included in an RMM tool or not.

[00:17:19] But more importantly, along the lines of Justin's situation here today, what do you do to communicate those patches and the necessary reboots out to your clients? And how much of a headache is it? Like how many of your clients are not compliant? Because that's really what it is, right?

[00:17:45] I mean, this is about clients not doing what they need to do to keep themselves safe so you're forcing it and it being inconvenient for them. They don't want to do it because they think it's our job as the IT person. But like, you know, it's a 90-10 split, right? Like I'll do as much as I can. But like I have a couple of computers that won't update. I can't get – the update doesn't show up on my side.

[00:18:12] I've gone to the user and said, hey, go click these buttons and reboot your computer. And they'll do it and it's fine. Wonderful. 10 out of 10, no notes. But like you get those people who are like, I don't know where the Apple menu is. I'm like you've been using it forever, man. I think patch management – but I think patch management, let's take it to another level, right? So we have the OS problem where we need to reboot in order to be able to do updates. We need to be able to update software. That makes sense as well.

[00:18:38] I'm always curious about updating software that is not part of your rollout, right? Updating that software. Because once clients have rights to their computer, they install whatever they want. So the question is like how are you ensuring that the software that they're installing that you're not managing is being updated also?

[00:19:10] Yeah. I mean good question. I mean I think that's where the RMM tools come in a lot. I mean obviously they can't do everything because they have to program certain applications in to be updated. They can't just detect everything. That's the problem. But that's also – It needs to be able to detect everything. Detecting is one thing.

[00:19:36] I know for Windows it can detect all the software applications, but it can't necessarily update them. Same with the Mac. The Mac – like an MDM software can detect – I can read all the software that's on that device. I can only update the stuff that I push, right?

[00:19:52] And it gets even funkier when you start doing things like BYOD because if you do a BYOD where the user manually enrolls like their phone using a managed Apple ID on the Apple side, this is such a weird thing. Check this out. Now, if you do account user-driven enrollment, which is a Mac thing – sorry, it's an iPhone thing.

[00:20:21] This is – PCMSPs need to know this because all their employees use iPhones because Android sucks. If you have a managed Apple ID, an Apple business manager, and that user signs in with their managed Apple ID on their phone, you can, using the proper MDM, the right setups, push software to their personal devices. Here's where it gets weird. Let's say you use Dropbox as your file share solution for the company, okay?

[00:20:49] The user also uses Dropbox for their personal photo storage, right? If Dropbox is installed on their phone and I try to install a managed version of Dropbox, it will just fail and it will not tell you that it failed. It will just go into the – it will Batman smoke its way out. I don't know. I got nothing. Like, I'll see Dropbox is installed on a device because I can –

[00:21:17] So you'll think it worked. Right. I can query the whole device. But I can't patch manage, update it because it's not owned by the management software. It's the user installed in themselves. It's such a weird conundrum. So that brings up kind of another part of this, right? And that is admin rights for users on computers. Now, this is not as much a thing in the Mac world, much more of a thing in the Windows world.

[00:21:45] And it's just another reason why I think it's very important in the Windows world to not give users administrative rights so they can't install their own software. Because if they install software that then you can't patch, are you really managing the device? And I would say no. I think there's also – like, there's a real big break between the ideals of what is managed and what is not, right?

[00:22:15] Like, we take care of computers, right? We're outsourced IT support, really. We take care of their computers to the best of our ability, best efforts. But so many of our clients – and I'm going to get a lot of – I'm going to get a lot of hate for this. So many of my clients just are admins on their machines because it's fine. And, like, they do stuff all the time.

[00:22:43] But, like, it's not that the devices aren't under management. They are. And we support them to as best we can. But, like, they can go off the rails at any time. Well, although, can they change the – can you force the setting and not allow them to change the setting where they can't install any software that's not in the App Store? No.

[00:23:12] On a Mac, if you're an admin, you can install whatever you want. I can – well, I know what you're saying. There is a security setting in Mac that says only allow apps from the App Store. Is that what you're talking about? Like, the privacy and security thing? It's App Store or App Store and known developers. I bet you we probably could do only App Store.

[00:23:38] But then we can't – we can't, like, let – they won't be able to, like, install Zoom. Not that we wouldn't push Zoom. But, like, Zoom's not in the App Store. Which is the number one reason why I've been fighting Apple when Apple retailer, like, the business teams sell Apple business essentials to customers. And I go, don't sell that. They go, why? I go, because you can't install whatever you want to install. They go, yeah, you can. Everything's in the App Store. I go, go see if Zoom's in the App Store. Apple only uses WebEx for their conversations. They don't use Zoom.

[00:24:06] So, like, I'm like, WebEx is, maybe. But Zoom isn't. And they're like, oh. Every time. Every time. So annoying. Well, there are good things and bad things. I mean, and, you know, full transparency. I use a Mac. Like, that's – I switched from Windows to Mac almost 10 years ago. And honestly, would absolutely never go back. Yeah.

[00:24:33] The ecosystem and the conveniences that I get are too valuable for those few inconveniences that exist. Don't get me wrong. I understand. I understand why people use PCs. Like, I get it. Yeah.

[00:24:52] I don't get it in the context of – like, I get it if you need to use Excel or if you need to use some, like, hardcore scientific programming stuff that doesn't exist on the Mac. Right? And this has always been the big, long fight. Like, why – the Mac, the Apple Mac – what am I thinking of? Like, the percentage of ownership is, like, always been low. Like, how much of the market they own has always been low. But at the same time, there's not enough software to the Mac to make it go higher.

[00:25:21] But there's not enough Macs out there for software developers who want to make software for the Mac. You know what I'm saying? Yeah. So, what gets me – and I know we're a little off topic of updates. But, like, what gets me is, like, I have a client who's 50-50. Right? Like, a 50% Mac, 50% PCs. And I'll sit at someone's PC. And it's a totally, like, relatively new PC. It's totally fine. And I go to hit the open the Chrome button. And then I just sit there, like, the thinker just waiting and waiting. And so, I hit Chrome again. And I'm waiting. I'm waiting. I'm going to hit Chrome again.

[00:25:51] And then I have four minutes later, Chrome opens up three or four iterations of the application. Not just Windows, but, like, three or four iterations of the application. And I'm like, this is why we need PC MSPs. Because Windows is built in such a crap-ass way. Oh, yeah. I mean, at the end of the day, I think, you know, this is a case of security versus convenience when it comes to updates.

[00:26:20] I think that, you know, you can make some of the people happy all the time. But you will never make all the people happy all the time. And you have to do the best you can. And I think one or two users out of your entire patch of clients, I think that's a success, sir. Yeah. I think one out of, I think we had 300 plus devices update today. I'll take the win. Yeah.

[00:26:50] Please do. Tell us how you're doing your patch management and how you're enforcing your rules with your staff. Let us know at facebook.com slash group slash allthingsmsp. Don't watch this one. This one was, there's nothing really fun to watch. But if you want to, youtube.com slash at allthingsmsp. You're listening to it, but we're on other podcasting tools. So tell your friends to go get the All Things MSP podcast on their favorite podcasting tools. Leave a comment, leave a review.

[00:27:15] If they're watching this, if they're watching this part, they've already watched the entire episode. So thank you for hanging in there. We really do appreciate it. And most of them are not like this. So make sure you go and watch the next one or the previous one if the next one's not out yet. Or you know what? Better yet, start at the beginning. No, don't do that. We're on episode three.

[00:27:42] This is that point where like in the, like you should just be like, you can choose that one or that one. And then like just let the YouTube box show up above a picture of one of us. Anyway, today's been a day. It happens. Look, it happens to the best of us. But I hope everyone has a great week and I hope you get your patch management done. That's Eric. I'm Justin. Bye. All right. Let me stop the recording because, you know.

[00:28:17] Thank you for listening or watching the All Things MSP podcast. If you liked this episode, go ahead and give us a thumbs up. Hit that like button and consider subscribing to catch all our weekly episodes. And from your host extraordinaire, Justin Eskar and myself, Eric Anthony, your humble producer and All Things MSP founder, thank you very much for spending your time with us. If you are not aware, All Things MSP started as a Facebook group and now supports over 6,000 members.

[00:28:44] We also have a LinkedIn page for those of you who don't do Facebook. And make sure to check out our YouTube channel for even more content. A special thank you to our elite sponsor, CoreView, helping you manage your Microsoft 365 tenants instead of them managing you. Thank you to our premier sponsors, EasyDMark, Helped, Gozinta, MoveBot, and SuperOps. And thank you to the rest of our sponsors. Without sponsors, we could not do what we do for the MSP community.

[00:29:14] Please consider checking them out. The All Things MSP podcast is a BizPow LLC production. The views and opinions of the hosts and guests are their own and do not reflect the thoughts and opinions of any employer, vendor, sponsor, or random taxi driver in the Metro DC area. Be sure to join us next week for another exciting episode.