8.7. Maintenance Schedule

XSTRA
XDEVICE – Windows OS – Maintenance Plan
Structured patching aligned to Microsoft release cadence, with staged rollout and verification.
Overview
Timezone: AEST (UTC +10)
At XSTRA, we maintain a structured, proactive approach to endpoint maintenance and security patching. Our monthly cadence is aligned to Microsoft Patch Tuesday (released at approximately 10:00 AM PT on the second Tuesday of each month), which typically corresponds to 3:00 AM Wednesday (AEST).
We combine daily security intelligence updates, automated patch deployments, and scheduled reboots with post-maintenance verification (log and integrity checks). This balances rapid security response with stability and minimal disruption. The schedule below is a guide; on occasion, restarts or remediation actions may occur outside the listed windows.
What this delivers
  • Staged rollout: Pilot group first, then full deployment.
  • Security-first: Defender definitions and urgent patches are applied without waiting for the monthly cycle.
  • Reduced end-user disruption: Heavy maintenance runs overnight with advance notifications.
  • Verification: Logs and outcomes are reviewed so failures are detected and remediated.
Windows Monthly Maintenance & Security Schedule
The table below shows the operational cadence used by XDEVICE. Times are in AEST. Clock icons highlight key run-times.
Cadence Target Group & Time Task Value Provided
Daily
Pilot (X0)
9:00 AM
XSTRA Application Updates + Security Intelligence
Automated update run for XSTRA proprietary tooling:
  • XAGENT
  • XPOSE
  • XMESSAGE
  • XPC (optional)
Also applies latest Windows Defender definitions and any urgent security fixes released outside the monthly cycle. 		Faster protection against emerging threats, improved reliability of XSTRA tooling, and reduced exposure between Patch Tuesday cycles.
Daily
Full Deployment
3:00 PM
XSTRA Application Updates + Security Intelligence
Same daily update workflow as Pilot, rolled across all managed endpoints. 		Continuous security posture improvement while preserving the primary monthly maintenance window for larger change sets.
2nd Thursday
Pilot (X0)
1PM, 3PM, 5PM, 7PM, 9PM, 9:55PM
User Notification (Leave Device On Overnight)
XMESSAGE is triggered to display a reminder to leave the device powered on overnight to support maintenance. 		Multiple reminders give users time to save work and plan ahead, reducing missed patching due to powered-off devices.
3rd Thursday
Full Deployment
1PM, 3PM, 5PM, 7PM, 9PM, 9:55PM
User Notification (Leave Device On Overnight)
Same notification workflow as Pilot, rolled across all managed endpoints. 		Consistent user awareness and fewer failed overnight runs caused by devices being switched off.
2nd Thursday
Pilot (X0)
10:00 PM
Restore Point + Cleanup (Pre-Patching)
  • Create a system restore point
  • Empty user recycle bins
  • Clear Chrome, Edge, and Firefox caches
  • Remove Windows temporary files and prefetch data
 Provides a rollback point for engineering remediation and frees disk space to ensure patching completes reliably.
3rd Thursday
Full Deployment
10:00 PM
Restore Point + Cleanup (Pre-Patching)
Same restore point + cleanup workflow as Pilot, executed across all managed endpoints. 		Consistent safety net and improved patch reliability at scale.
2nd Thursday
Pilot (X0)
11:00 PM
OS + Software Patch Management
OS Patch Management:
  • Critical, Security, and Definition updates
  • Update rollups, feature packs, service packs (where applicable)
  • Driver / hardware updates (as approved)
  • Microsoft Office updates (where applicable)
Software Patch Management:
  • Official Microsoft application updates via WinGet (Windows Package Manager)
Other:
  • Reboots where required to complete installation
 Improves security, stability, and compatibility. Pilot-first staging reduces risk before broad deployment.
3rd Thursday
Full Deployment
11:00 PM
OS + Software Patch Management
Same OS + software patch management workflow as Pilot, deployed to all managed endpoints after validation. 		Accelerates estate-wide patch compliance while protecting operational stability via staged rollout.
2nd Friday
Pilot (X0)
4:00 AM
Final Reboot (if required)
Ensures any pending updates complete and the device returns to a stable post-maintenance state. 		Confirms patch completion and stability with minimal user disruption.
3rd Friday
Full Deployment
4:00 AM
Final Reboot (if required)
Same final reboot workflow as Pilot, executed across all managed endpoints as required. 		Ensures consistent post-maintenance state across the fleet.
2nd Friday
Pilot (X0)
10:00 AM
Log File & Outcome Checks
XSTRA reviews execution logs for patching, software updates, restore-point creation, and reboot outcomes to identify success/failure states and trigger remediation where required. 		Proactive detection of failed updates, reduced drift, improved compliance posture, and documented outcomes for auditability.
3rd Friday
Full Deployment
10:00 AM
Log File & Outcome Checks
Same log review process as Pilot, performed across the full device estate. 		Ensures fleet-wide visibility and rapid remediation, maintaining a consistent and supportable endpoint baseline.
Additional Notes
Purpose of Key Maintenance Tasks
  • Daily critical updates: Supports rapid response to out-of-band security releases and updated Defender intelligence.
  • Staggered rollout: Pilot-first deployment reduces risk by validating patches before estate-wide deployment.
  • Software updates via WinGet: Uses the official Microsoft package manager to help maintain application currency and reduce known vulnerabilities.
  • Restore points: Provide a rollback option for engineering remediation if an update introduces instability.
  • Cleanup activities: Helps ensure sufficient free space and reduces patch failure risk due to disk constraints.
  • Reboots: Some updates require a reboot to finalise installation; reboots are scheduled outside business hours where possible.
  • Log checks: Confirms successful completion, identifies drift, and drives proactive remediation and documentation.
Patch Tuesday Overview
Microsoft typically releases monthly security and quality updates on the second Tuesday of each month at approximately 10:00 AM PT. Where urgent vulnerabilities are identified, Microsoft may release out-of-band updates outside this schedule.
Summary of Practices
  • Defragmentation and disk checks are not included as they are generally unnecessary for SSD-based endpoints.
  • Restore points are created prior to monthly patching windows as a precautionary safeguard.
  • Pilot group patching occurs first (2nd Thursday), followed by full deployment (3rd Thursday).
  • Core patching is scheduled overnight (11:00 PM) to minimise disruption.
  • Post-maintenance verification (log checks) is completed the following morning.
Operational Note
Where a device is offline during maintenance windows, XDEVICE will apply missed tasks at the next available opportunity. For best outcomes, users should leave devices powered on during notified maintenance periods.

Need more help with this?
© 2021–2026 XSTRA Group Pty Ltd (Australia). All rights reserved.

Thanks for your feedback.