Patch Management Overview

This Article Applies to:

  • Business Hub

On the Patches page, you can view and manage all the software patches for your devices. Patch Management allows you to keep all your devices up to date with the latest feature and security patches for over 150 software vendors. This not only gives endpoint users all the latest features of their software, but also addresses the newest security threats. The Business Hub makes it easy to identify and deploy patches from a central dashboard.

Patch Management provides the following features:

  • Patches direct from vendor—Automatically retrieves patches for Windows and 3rd-party applications to keep your devices up-to-date
  • Flexible deployment schedules—Schedule and deploy patches at your preferred times, or manually deploy on-demand to groups and individual devices
  • Intuitive dashboard—Manage all patches and view summaries of applied, missing, and failed patches
  • Customizable patches—Select which software vendors, products, and severity of patches you would like to scan and install and create exclusions for applications you do not want to patch
  • Patch scan results—Learn more about missing patches including specific updates, bulletin links, release dates, descriptions, and more
  • Reports—Determine the health and security of device software and applications
  • Patch notifications—Receive notifications when a new patch is found to be missing from your device(s) or has failed to deploy

As part of the Patch Management process, you will need to decide when to scan, patch, and restart your devices, which devices to update, how to install patches, and which patches to install.

Patch Scanning

A scan must be done to check devices for what patches they need. Scanning devices for missing patches is essential to patch management to identify what patches should be installed.

Patch scanning is enabled for devices that have a Patch subscription applied to them. Results are displayed on the Patches page. To change the frequency and time the automatic patch scan runs, edit your policy. See Scanning Devices for Missing Patches for more information.

You can add Patch Management subscriptions to your devices using the process in Applying Licenses to Devices.

Patch Statuses

The status of each patch is listed next to its name, with different statuses displayed in different colors to indicate severity. All patches will show a tooltip when hovered over detailing the last date and time the status was updated as well as the deployment type (manual vs scheduled.) There will also be extra details listed for failed patches to help you determine how to resolve any patching issues.

  • Scheduled—when the Patch is scheduled using Policies
  • Missing—after a Patch Scan has completed and found missing patches
  • Ignored—possible reasons will be excluded due to settings, manually excluded, or rolled back
  • Deploying—progress will show the state of deployment, whether it’s downloading, installing, waiting for restart, or waiting for verification
  • Failed to deploy—possible reasons will be unable to download patch file, downloaded patch file validation failed, or patch installation failed
  • Deployed—when the Patch has been successfully deployed to the device via either manual or scheduled patching
  • Rollback—progress will show the state of the roll back, whether it’s uninstalling, waiting for restart, or waiting for verification

Patches List

The Patches page is separated into three tabs — Pending OS patches, Pending third-party patches, and Resolved patches.

The first two tabs display all Patch Management information in a table, with a summary in the buttons along the top for Missing, Scheduled, Downloading, Installing, Pending restart, and Failed to install patch statuses. The table lists all Patches available for the customer's/site's network along with the following information for each:

  • Patch type
  • Patch severity
  • CVSS score
  • When patch was released
  • Number of devices that need the patch
  • Current status of the patch
  • Action(s) that can be taken, if any

Pending OS patches

Pending third-party patches

The final tab displays patches that have been resolved — either by being ignored or successfully installed on the device. The two buttons at the top display the number of ignored patches and the number of installed patches. The table lists all resolved patches along with the following information for each:

  • Patch type
  • Patch severity
  • CVSS score
  • When patch was released
  • Number of devices that need the patch
  • Current status of the patch
  • Action(s) that can be taken, if any

Resolved patches