Best Practices

So far I've got desktop/LAN devices all set up for wake on lan, along with a detect and deploy schedule, and I'm setting up patching for laptops, but I'm unsure what the best way to go about it is. Basically we have 75 or so users daily that fire up their laptops, launch Citrix Workspace, and use virtual apps via workspace all day. I obviously can't do a straight up deploy as it'll start updating (among other things) Citrix Workspace, and kill their session, so I guess that leaves two options:

Detect, Stage, On Demand Deploy: So I reckon it will download all patches to the device, and then initiate "Must reboot to apply updates" prompts. But, if they ignore the KACE agent prompts and simply shut down at the end of the day, will the patches still get applied? Or get stuck in a sort of staged limbo until they're online again?

Detect and Stage: This option is described as "Scans for compatible patches, and downloads the applicable files to the agent device for later deployment." Would that cause the patches to get applied at shut down? Or it would require a separate "Deploy" schedule to apply them at a later time.

I guess my problem mainly stems from the fact that they're basically logged in to, and actively using, Citrix Workspace from the time their laptop is online until they shut down, so trying to update it at some point is causing me confusion. I'd like to just stage the patches and then when they shut down have them be applied, but I'm not sure that's the case with the patch schedule types listed above. Any insight in to what others are doing in general is appreciated, thanks!