The current Defendpoint client installer is updating around 30000 clients in our enterprise environment. Since around summer 2018 the installation logic changed in a way that a reboot is pending after the update is complete. Without the reboot certain Defendpoint rules might not be triggered.
Forcing the reboot after the update is not possible, because the user will most likely be at work (approx. 95% of our computers are laptops and are only turned on during business hours), and a reboot will delete any unsaved data. To avoid that we are not forcing the reboot immediately but latest after 6 hours.
However this is still not a great user experience, because in that 6 hours the Defendpoint client is not 100% reliable.
Change the Defendpoint client install logic in a way that it will perform the update after the next reboot BEFORE user logon (machine startup phase) and force the reboot after the update is complete. This will prevent the user from any further interaction and greatly enhance the overall user experience and at the same side avoid a timeframe where the Defendpoint client waits for the reboot and is not working correctly.