Would be cool if ITSM had a feature to check “last successful windows update” (I believe this is reported in Windows) and if it’s drastically behind other endpoints (or hasn’t received an update in 60 days, for example) it alerts with a Red X or whatever in ITSM device list.
Or in the interim even a procedure that could be run against all machines and would check this and email or open a servicedesk ticket if a machine hasn’t receive updates in 60 days or whatever.
With the new Wcry variant out, it would be nice to run something to know for sure updates are actually working. I have a feeling it isn’t always the case.