DeviceOn
  • Get Started
    • ⬇️Resources Download
    • 💡About DeviceOn
      • Feature Highlight
      • Cloud Versions
      • Agent Versions
      • Security Architecture
    • 🛠️Installation and Deployment
      • Server (Standard)
        • Windows
        • Ubuntu
        • Azure Marketplace
        • AWS Marketplace
      • Server (Enterprise)
        • Azure Kubernetes
      • Agent
        • Windows
        • Ubuntu
    • ⏲️Version History
      • Version 5.3.12
      • Version 5.2.4
      • Version 5.1.2
      • Version 5.0.3
      • Version 4.7.2
      • Version 4.6.3
      • Version 4.5.5
      • Version 4.4.2
      • Version 4.3.10
      • Version 4.3.3
      • Version 4.2.3
    • ❓FAQ
      • General
      • Technical
  • SECURITY STANDARD
    • ISA/IEC 62443
    • Compliance
  • User Interface & Functions
    • 💻Server (Standalone)
      • Server Management Tools
      • Background Service
  • 🖥️Agent
    • User Interface
    • Background Services
  • 🏠Web User Interface
    • Overview
    • Device Management
      • Device List
      • Real-time Monitoring & Rule Engine
      • Remote Control & Diagnostic
      • Device Data
      • Device Group
      • Task Management (Batch Control)
      • Provision & Configuration
      • Anomaly Detection
    • App Management (OTA)
    • Container Management
    • System Setting
    • Dashboard
    • Event Logs
    • Account Management
  • LAB
    • 📦Application (OTA)
      • Package and Deploy your Application
      • Security Update for Windows
      • Upgrade DeviceOn Agent in On-premises DeviceOn Server
  • 🔧Out-of-Band
    • Intel AMT
      • Local Management (iAMT)
      • Cross-Network Integration (Open AMT)
    • IPMI
    • AMD DASH
    • Advantech iBMC
    • Advantech EdgeBMC
  • 🌐System
    • Update DeviceOn Server to the Latest Version
    • Enabling Automated Backups and Restores from Backup Archives
    • Enable Passive Mode on FTP Server
    • Enable HTTPs for DeviceOn Web Service
    • License Management
  • ⚒️Managed Devices
    • Set up Device Thresholds and Enable Trigger Notifications
    • Set up the Application Watchdog and Enable Trigger Notifications
    • Visualize Device Data through Grafana Dashboards
    • Onboard Multiple Devices at Once
    • Securely Connect to DeviceOn using x.509 Certificates
    • Enable Windows Lockdown Features
Powered by GitBook
On this page
  • Prerequisite
  • Download Cumulative Update
  • Confirm the Update

Was this helpful?

  1. LAB
  2. Application (OTA)

Security Update for Windows

PreviousPackage and Deploy your ApplicationNextUpgrade DeviceOn Agent in On-premises DeviceOn Server

Last updated 10 months ago

Was this helpful?

Here is an example description of how to perform Windows Security Updates on endpoint devices using DeviceOn, for devices that do not have internet connectivity:

DeviceOn can be used to deploy Windows security updates to endpoint devices that are not connected to the internet. The user can first download the latest Windows security update files from the , such as KB1234567.msu. Upload these update files to the DeviceOn's App store.

Then in the DeviceOn console, create an Application and select the Windows update file as the content for that Application. In the Deployment page, configure the deployment targets, such as selecting the device groups or devices to update.

DeviceOn will then push the Windows security update as an Application to the configured endpoints. When the device receives the update, it will automatically install the Application to perform the Windows security update.

In this way, the Administrator can use DeviceOn to regularly deploy security updates to Windows endpoints that are not internet-connected, in order to ensure the systems remain secure.

Prerequisite

  • A running DeviceOn server.

  • A device which running on Windows operating system and installed DeviceOn Agent, that connects to DeviceOn server.

  • A cumulative update for your Windows version and Build number. It can be downloaded from . For example Windows 10 version 1809. Please make sure the Windows version and build number on your device matches the requirements for this cumulative update. Installing the wrong cumulative update can cause issues, so it's important to verify your current OS build before installing.

Download Cumulative Update

Review Microsoft's documentation for details and system requirements before updating. Verify your OS build meets the prerequisites. Follow any prep steps noted. Then download the latest cumulative update for your Windows version from the Microsoft Update Catalog. Confirm it matches your build.

Confirm the Update

I recommend validating the Windows security update on a test device first before packaging it for OTA deployment. Windows security updates (MSUs) support a silent installation mode with the /quiet parameter. You can add /quiet to the command in your script to enable unattended installation. For example,

windows10.0-kb5033911-x64-ndp48_fd9c7de7eff3906ed882d2a338030d33ea373ba5.msu /quiet

Testing the silent update on a sample device before wide rollout helps catch any potential issues and ensures the silent mode works properly. Once you've confirmed the silent update installs correctly, you can then package the script into an OTA update that can be deployed at scale.

If your systems need multiple KB security updates, I recommend creating separate OTA packages to deploy each patch individually. Only include one security update per OTA package. After installing each patch, reboot the device before deploying the next one. Updating one KB at a time and rebooting in between helps avoid potential issues from applying multiple patches together.

After deploying the security update, you can validate it installed properly by checking for the corresponding KB in the system. To do this, go to Settings > Update & Security > Windows Update and click on Update history. This will show all of the installed updates on the device. Look for the specific KB number of the security update you deployed and verify it is listed as installed.

📦
Microsoft website
Microsoft website