Re: [EXTERNAL] Re: [SECURITY] Remote domain joined computer updates

[John Virden <john.virden () MIAMIOH EDU>]

Hello Blake. From our Windows Team: "Because we use Microsoft Endpoint
Configuration Manager aka MECM (it used to be named System Center
Configuration Manager aka SCCM) we deploy and manage Windows updates
through it. With this, we deployed a Cloud Management Gateway to manage
internet based clients. If they are using MECM this can be a cost effective
way to do it possibly. Our Azure bill runs around $120 per month for this,
and this setup allows you to enforce patching as you would with on campus
clients, and you can direct these clients to download the updates directly
from Microsoft."

Happy to put you in touch with our team if interested.

Thank you,
John

On Thu, Aug 27, 2020 at 4:17 PM Hart, Michael <mhart20 () msudenver edu> wrote:

> MSUDenver used IBCM to make sure that devices don’t have to be on campus
> or connected to VPN to get updates.
>
>
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Blake Brown
> *Sent:* Thursday, August 27, 2020 1:41 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [EXTERNAL] Re: [SECURITY] Remote domain joined computer updates
>
>
>
> NOTICE: This email originated from outside the University. Please
> exercise caution when replying or opening links and attachments.
>
>
>
> Excellent tip... thanks!
>
>
>
>
> ------------------------------
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Seymour, Patrick <
> 000000ddbd4dcc33-dmarc-request () LISTSERV EDUCAUSE EDU>
> *Sent:* Thursday, August 27, 2020 12:37 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
> *Subject:* Re: [SECURITY] Remote domain joined computer updates
>
>
>
> *External Email*
>
> A quick and cheap option, one that requires them to visit campus one more
> time, is to create a configuration item in MECM/SCCM. You can test the
> connection to the WSUS server, and if that fails, remove the WSUS registry
> entries.  When the client comes back to campus, GPO will put the entries
> back. And then of course, they go home, the CI sees that the WSUS server is
> unreachable, and removes the entries again.
>
>
>
> Here’s a gist containing our detection and remediation scripts for this CI.
>
>
>
> https://gist.github.com/pseymour/150efeaec12a032c158579057a44c994
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Fpseymour%2F150efeaec12a032c158579057a44c994&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920154997&sdata=V5bj6RPfobYBDNjXd3808xEXAgU5ubxVfZQnsE3Q%2FJw%3D&reserved=0>
>
>
>
> --ps
>
>
>
> *Patrick S. Seymour* *|* Manager, Application Delivery
> Sinclair Community College *|* 444 West Third Street *|* Room 13-023Q
> (sometimes) *|* Dayton, OH 45402
> 937.512.2118 *|* patrick.seymour () sinclair edu
>
>
>
>
>
> *From:* The EDUCAUSE Security Community Group Listserv <
> SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Blake Brown
> *Sent:* Thursday, August 27, 2020 14:05
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Remote domain joined computer updates
>
>
>
> Good afternoon,
>
>
>
> We have run into an issue with staff who are using domain joined Windows
> computers at home due to COVID who cannot get Windows/AV updates due to
> GPO's, these users are not VPN users.
>
>
>
> One option is to ask them to return periodically to the campus for updates
> but I think we all know how that will play out. We would like to minimize
> our VPN/DUO licensing cost if possible, so we are looking for alternatives
> to meet this need. How is your college handling this?
>
>
>
> Thanks,
>
> Blake Brown
>
> Infrastructure Manager
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920154997&sdata=jxKawVMdzFib7aCN%2F062rH%2FgPEKbJBckA33kSilTIqY%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920164992&sdata=8HifjDyaEUtRVp8Lf9rr2aLxX%2BtHt2I6ybtRWSxBylY%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community
> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7Ca50b7844021f427aeee408d84ac13257%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637341540920164992&sdata=8HifjDyaEUtRVp8Lf9rr2aLxX%2BtHt2I6ybtRWSxBylY%3D&reserved=0>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community


-- 

John Virden

Assistant Vice President for Security, Compliance and Risk Management and
CISO

Miami University

325 Hoyt Hall

Oxford, OH 45056

john.virden () miamioh edu

O: 513-529-9252 | MiamiOH.edu

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community