Getting OS updates installed on end user devices should be easy. After all, it’s one of the simplest yet most impactful ways that every employee can practice good security. 

On top of that, every MDM solution promises that it will automate the process and install updates with no user interaction needed.

Yet in the real world, it doesn’t play out like that. Users don’t install updates and IT admins won’t force installs via forced restart.

Let’s talk about the second problem first. Sure, you could simply schedule updates for all your users, and have them restart during non-work hours. But this inevitably leads to disruptions and lost work. This, in turn, leads to users (especially executives) who simply demand to be left out of your update policy. The bottom line is: any forced restarts without user approval will lead to data loss events, and that makes them so unpopular that they are functionally unusable.

There is another class of tools that claim to get users to install updates themselves, through “nudges.” These reminders pop up with increasing frequency until users relent or the timer runs out. This is an improvement, since it involves users in the process, but users still tend to delay updating as long as possible (which for some tools can be indefinitely).

At Kolide, OS updates are the single most common issue customers want us to solve. They come to us because we have a unique (and uniquely effective) approach to device compliance.

With Kolide, when a user’s device–be it Mac, Windows, Linux, or mobile–is out of compliance, we reach out to them with instructions on how to fix it.

The user chooses when to restart, but if they don’t fix the problem by a predetermined deadline, they’re unable to authenticate with Okta. (At present, Kolide is exclusive to Okta customers, but we plan to integrate with more SSO providers soon.)

If your fleet is littered with devices that stubbornly refuse to update, then consider these two principles:

1. You can’t have a successful patch management policy without involving users.
2. You can’t get users to install patches unless you give them both clear instructions and real consequences.

Installing OS updates is a top priority for both security and IT, and when you make it part of conditional access, you can finally get it done without massive lists of exemptions or massive piles of support tickets.

To learn more about how Kolide enforces device compliance for companies with Okta, click here to watch an on-demand demo.

Our thank to Kolide for sponsoring MacStories this week.

BetterTouchTool is a powerful macOS application that enables users to completely customize their various input devices such as Keyboards, the (Magic) Mouse and Magic Trackpad, the Touch Bar, the Siri Remote or even things like the Stream Deck.

Today let’s have a look at a new feature that has recently been integrated into BetterTouchTool and is getting more powerful with every update: Floating Menus / Widgets.

Imagine them as highly flexible, widget-like menus that you can place virtually anywhere on your screen. You can attach them to specific positions in specific windows, to specific screens, the current mouse position and many more. You can specify whether they float on top, stick them to your desktop or have them behave like normal windows (and more). 
They can always be visible, expand on mouse hover or be shown/hidden via any trigger in BTT.

You can find various Floating Menu examples on https://share.folivora.ai. For example have a look at the Notch menu, which is invisible by default but expands from your Macbook’s Notch on hover.  Another nice example is the “Mini Emoji Menu” preset, it places a little transparent dot on the left edge of the focused window. When hovered it shows multiple custom emoji which you can insert by clicking.

The documentation for this new feature is available here and you can always visit our community page to discuss or request features.

Try BetterTouchTool now (45 day free trial) or go and purchase a license with this 20% coupon code: MACSTORIESBTT2023 at https://folivora.ai. BetterTouchTool is also included a Setapp subscription.

Our thanks to BetterTouchTool for sponsoring MacStories this week.