Home Compliance & Certification Endpoint OS Autoupdate Guide

Endpoint OS Autoupdate Guide

Last updated on Sep 25, 2025

1. Purpose of this Guide

This artefact demonstrates that your company’s laptops, desktops, and servers are configured to receive and install OS updates automatically. Cyber compliance requires this because timely patching is one of the strongest shields against attackers exploiting known flaws.

2. What You Will Submit

You will need:

  • screenshot from a device showing that automatic OS updates are enabled.

  • The screenshot should clearly show:

    • The operating system (Windows, macOS, Linux).

    • Auto-update settings switched “On.”

    • (If visible) that security patches are included.

3. How to Collect / Obtain / Generate This Evidence

Windows 10/11:

  1. Open Settings → Update & Security → Windows Update.

  2. Click Advanced options.

  3. Ensure “Automatically download and install updates” is enabled.

  4. Screenshot the page showing this toggle or confirmation.

macOS:

  1. Go to System Settings → General → Software Update.

  2. Confirm Automatic Updates is enabled (includes OS updates and Security Responses).

  3. Take a screenshot of this view.

Linux (Ubuntu example):

  1. Open Software & Updates → Updates tab.

  2. Ensure “Install security updates without confirmation” is enabled.

  3. Capture a screenshot showing this setting.

MDM Platforms (e.g. Microsoft Intune, Jamf):

  • Navigate to Update Policies.

  • Capture the screen showing that automatic OS updates are enforced across managed devices.

4. Evidence Format

  • Accepted file types: PNG, JPG, PDF.

  • Suggested naming format:
    YourCompanyName_EndpointOSAutoupdate_YYYY-MM-DD.png

5. What “Good” Looks Like

  • Screenshot clearly shows the auto-update toggle enabled.

  • The setting applies to the OS itself, not just apps.

  • If captured via MDM, it shows organisation-wide enforcement.

  • Ideally includes last checked/last updated date for proof of recency.

Why it matters: auditors want assurance that vulnerabilities are patched without relying on someone remembering to click “Update now.”

6. Tips

  • Capture from an actively used device to show it’s applied in practice.

  • Redact personal identifiers (like usernames in OS settings) if they appear.

  • If using MDM, a policy-level screenshot is stronger than one from a single device.