Skip to content

Endpoint Patch Compliance Chase

Example prompt: "Every Monday, look at our device fleet and tell me which laptops are running an out-of-date OS or browser, send each person a friendly reminder to install the updates, and give me a short list of anyone whose machine has been more than a month behind."

The Problem

Most patch compliance dashboards have a number on them and nobody who looks at it daily. The OS shipped a security update three weeks ago, the device-management console knows which laptops are still running last month's version, and the security policy says everything should be updated within seven days — but the gap between "the dashboard knows" and "the person whose laptop it is actually reboots" is filled by nothing, because nobody on the IT team wants their Monday to start with sending forty individual DMs that say "please reboot." So the dashboard sits at 70% green and an auditor reads it as "broadly compliant" until the next CVE arrives and the seventh-place laptop turns out to be the CFO's.

How GloriaMundo Solves It

We build a workflow that runs every Monday morning. An integration step reads the device compliance register from the IT sheet — a row per active laptop with the assigned user, the current OS version, the current browser version, and the date of the last successful update. A code step joins that against the current supported-version table on the same sheet (a fortnightly manual refresh from the IT lead, or a separate import from the device-management export) and flags any device more than two minor versions behind on OS, more than three versions behind on the primary browser, or with a last-update date older than 21 days. A conditional step splits the flagged list into a first-nudge band, a second-nudge band (already nudged in the last fortnight), and an over-month-overdue band. For first nudges, an LLM step drafts a short Slack DM to each device owner naming the device, the version it is on, the version it should be on, and a one-line instruction to install and reboot before the end of the day. For second nudges, the LLM drafts a slightly firmer version with the date of the first nudge included. For over-month cases, the workflow does not nudge — it raises a Jira ticket to the IT lead with the device, the user, the line manager, and a draft message for the lead to send personally. Glass Box preview shows the flagged list, the bands, and the drafted nudges before anything goes out.

Example Workflow Steps

  1. Trigger (scheduled): Every Monday at 09:00.
  2. Step 1 (integration): Read the device compliance register and the current supported-version table from the IT Google Sheet.
  3. Step 2 (code): Join the register against the supported-version table and flag any device more than two minor OS versions behind, more than three browser versions behind, or with a last-update date older than 21 days.
  4. Step 3 (conditional): Split the flagged list into a first-nudge band, a second-nudge band (already nudged in the last fortnight), and an over-month-overdue band based on the chase log.
  5. Step 4 (LLM): For first nudges, draft a short Slack DM to each device owner naming the device, the current version, the target version, and a one-line instruction to install and reboot before the end of the day. For second nudges, include the date of the first nudge.
  6. Step 5 (integration): Send each Slack DM, log the nudge date back to the chase log, and fall back to Gmail for owners who are not on the Slack workspace.
  7. Step 6 (integration): For over-month cases, raise a Jira ticket to the IT lead with the device, the user, the line manager, and a draft message for the lead to send personally.

Integrations Used

  • Google Sheets — the device compliance register, the supported-version table, and the chase log of who has been nudged when
  • Slack — the DM channel for first and second nudges to device owners
  • Gmail — the fallback email path for owners who are not on the Slack workspace
  • Jira — the escalation tickets to the IT lead for devices that are more than a month overdue

Who This Is For

IT operations leads at companies that issue managed laptops to staff and where a device-management console exists or is exportable to a sheet, but the compliance dashboard is read once a month rather than acted on every week. Typically 50 to 500 staff with a hybrid or distributed workforce.

Time & Cost Saved

Sending forty individual nudges by hand is the kind of job that takes an hour a week and slips for the same reason it would for anyone — there is always something more interesting to do on a Monday morning. The workflow runs the nudge weekly without the friction, and the saving is not in the IT lead's hour but in the shift from a 70%-green dashboard with a long tail of forgotten devices to a 90%-plus dashboard with a short, actively-managed list of cases that need a personal conversation.