We use a tool called Rapid7 Insight agent to collect and report on device risk in the organization. This tells us if Chrome has vulnerabilities and have published fixes that require us to deploy an update for the application. This applies to other apps as well, like Firefox, Adobe, Java, any app.
What would be cool is to feed information from Rapid7 into Patch My PC and then have options within Patch My PC to deploy or package or react to app update vulnerabilities detected by Rapid7.
Those are all good points. We do not use ADR rules in our org as we have scaled down our use of SCCM and basically don’t use the platform for any tasks.
But it sounds like the feature that Adam mentioned with the Publisher for Intune will be a good middle ground!
The platform we integrate with, ConfigMgr or Intune, is responsible for deployments. The Publisher mostly just creates the apps/updates.
You can use ConfigMgr Automatic Deployment Rules (ADRs) to conditionally create deployments for any update(s) if they are of certain classification or contain a CVE. Soon, we will be releasing the same functionality into the Publisher for Intune (here's the doc, not yet a released feature).
Why would this be a patch my pc issue compared to your ADR`s, and using the update publisher. We also use R7, and this does not seem like a needed add.
This is a great idea. Anything that improves automated processes, improving response times in reaction to known risks, would be a WIN in my book. With proper templates and controls and exceptions options of course. :)