Remote Monitoring & Management Help

Patch Approval Lifecycle and Patch Identification Workflow for Multiple Devices

Patch Approval Lifecycle

Only those updates required by the device are recorded as missing and to ensure full visibility of the device's patch status all updates are reported on the Dashboard, regardless of how they were installed. Where the update does not include an install date and time on the Dashboard, it was not installed by Patch Management.

The following diagram covers the approval lifecycle of a patch from its discovery via the Patch Scan.

clip0660

Patch Identification and Installation Workflow for Multiple Devices

This section covers the identification of a patch whose type is not set to automatically approved in the policy (using Microsoft MS12-068 [KB2724197] as an example) and its approval via the Patch Approval Policy.

Patch Identification

Microsoft releases a Security Bulletin with further information, with the updates required for each Operating System in the relevant Microsoft Knowledge Base article:

clip0687 clip0688

Patch Selection and Approval

For multiple device the patch is approved for installation through the Patch Management Workflow or Approval Policy. Subsequently the patch is deployed based on the device's Installation Schedule or you can op to install it outside of the Installation Schedule. The patches are downloaded to a temporary repository folder then copied to C:\Windows\Patches where they are executed. At the end of the remediation process, the patch files are deleted from both locations.

Patch Management Workflow

  1. Log into the Dashboard
  2. go to Settings > Patch Management > Patch Management Workflow
  3. Search through the Approval Policy and select the target patch, to make its identification easier we would suggest filtering by Patch Name and/or Filter by Status.
  4. Click Proceed to choose the required action from Inherit, Approve, Ignore, Do Nothing, Reprocess failed or Uninstall (depending on the patch status).
  5. Click Next to choose the entity the action is to apply to (overall device type -Server or Workstation - down to the Client or Site level)
  6. Click Next again to use the existing installation schedule or create a specific schedule for this patch
  7. Apply

pm_wf_choose

Approval Policy

  1. Log into the Dashboard
  2. Go to Settings > Patch Management > Approval Policy
  3. Search for the target patch, to make its identification easier we would suggest filtering by Patch Name and/or Filter by Status
  4. Select the Patch and view its summary information. This provides an indication of the patch status across the devices it was discovered
  5. In Set Patch Policy, Choose the entity the action is to apply to (overall device type -Server or Workstation - down to the Client or Site level)
  6. Apply

pm_approval_choose

Visit Patch Approval Actions for information on the patch approval hierarchy.

View Patch Status

The current patch status on an individual device is viewed in its south pane Patches, while the Patch Overview Report provides insight into the patch status over multiple devices at all or specific Clients.

  1. Patch Overview Report
  2. Log into the Dashboard
  3. Go to Reports > Patch Management Reports > Patch Overview Reports
  4. Select the Client
  5. Choose the Report Format (HTML, CSV, CSV - Offline Mode or XML)
  6. Select the grouping (in this case Group by Patch)
  7. Choose the Patch Status to display (Missing, Pending, Installing, Installed, Failed, Ignored or Reboot Required)
  8. Generate to view or download the Report (depending on format selection)

clip0726 patch_lifecycle_report