I have a recurring #BigFix fixlet that is reapplied 1/day if the last #gpupdate was more than 24 hours ago. This helps mitigate off-site devices that may only have brief VPN connections. Failures help identify devices having issues.

BigFix #RelevanceLanguage: `( ( maximum of (time generated of it) of records whose (source of it contains "SceCli") of application event log < now - 24*hour ) OR ( not exists ( records whose (source of it contains "SceCli") of application event log ) ) )`

Note: If you do not have #DirectAccess or a similar solution, I would advise adding a relevance phrase to make sure the endpoint has a secure connection to a #DomainController... perhaps by IP range or subnet.

BigFix #ActionLanguage: `waithidden gpupdate /force`

#endpointManagement

Group Policy GPUpdate Commands

https://techdirectarchive.com/2020/02/26/group-policy-gpupdate-commands/

#GPO, #GPOUpdateSwitches, #GPOs, #GPUpdate, #Gpupdate/force, #GroupPolicyManagementConsole, #GroupPolicyObjects, #Grouppolicy, #Windows, #Windows10, #Windows11, #WindowsServer, #WindowsServer2019