Introduction 

Keeping software up-to-date is the single most important thing you can do to mitigate cybersecurity threats. New exploits are being discovered every day, so you want to make sure you get security patches as soon as possible.

Windows 

Nobody likes updating Windows because updates can be intrusive and often require a restart. Users, given the choice, will delay updates as long as possible to avoid disruption. This is not acceptable.

The best solution is to force updates via enterprise policy. We don't have Active Directory or anything like that, but this can luckily be easily achieved using HotcakeX's Harden System Security app, which includes update enforcement in even the 1-star configuration. The policy will tell the machine to automatically download and apply the update, and require the user to reboot the machine within a certain period of time.

The next best solution that I know of is to manually log into each machine and update it yourself. Don't recommend.

For non-OS updates, encourage users to install software via winget rather than downloading .exe files, and install romanitho.winget-autoupdate, which checks for updates on each boot.

tetrataenite 

Updates happen magically in the background, and are applied at boot.