Missing patches represent a significant security threat to servers and workstations. Especially as after an update to fix a vulnerability becomes public knowledge, attackers will specifically target the exploit on unpatched devices. In line with security best practices to mitigate the impact of these types of attack it is always advisable to ensure computers are running the latest patches.

Patch Management requires approval before deploying patches and you can choose the default behavior for how patches are handled based on their severity. If the patch severity is set to automatically Approve, they are automatically deployed based on the Installation Schedule and do not require any manual intervention.

The title of this section depends on the Patch Management Configuration Method: Approval Policy (Patch Management Feature Policy) or Auto Approval (manual settings configuration: legacy).

In the Approval section choose whether to automatically Approve, Ignore or Manual (i.e. approve at a later date) missing security patches depending on their severity (Critical, Important, Moderate, Low or Other) from both Microsoft and Other Vendors.

This provides you with the flexibility to decide on how patches are handled in line with your processes. For example, company policy may dictate that critical patches are rolled-out as soon as possible, whereas all other severities are trialled in a sandbox environment before deployment.

When patches are set for automatically approval they do not show as missing in the Patch Status Check, but in the Patches tab as Pending.