Patch Approval Lifecycle and Patch Identification Workflow for Multiple Devices

Patch Approval Lifecycle

Only those updates required by the device are recorded as missing and to ensure full visibility of the device's patch status all updates are reported on the Dashboard, regardless of how they were installed. Where the update does not include an install date and time on the Dashboard, it was not installed by Patch Management.

The following diagram covers the approval lifecycle of a patch from its discovery via the Patch Scan.

clip0660

Patch Identification and Installation Workflow for Multiple Devices

This section covers the identification of a patch whose type is not set to automatically approved in the policy (using Microsoft MS12-068 [KB2724197] as an example) and its approval for multiple devices via the Patch Management Workflow mechanisms.

Patch Identification

Microsoft releases a Security Bulletin with further information, with the updates required for each Operating System in the relevant Microsoft Knowledge Base article:

clip0687 clip0688

Patch Selection and Approval

For multiple device the patch is approved for installation through the Patch Management Workflow. Subsequently the patch is deployed based on the device's Installation Schedule or you can op to install it outside of the Installation Schedule. The patches are downloaded to a temporary repository folder then copied to C:\Windows\Patches where they are executed. At the end of the remediation process, the patch files are deleted from both locations.

Patch Management Workflow

  1. Log into the Dashboard
  2. go to Settings > Patch Management > Management Workflow
  3. Search through the Approval Policy and select the target patch, to make its identification easier we would suggest filtering by Patch Name and/or Filter by Status.
  4. Click Proceed to choose the required action from Approve, Ignore, Do Nothing, Reprocess failed or Uninstall (depending on the patch status).
  5. Click Next to choose the entity the action is to apply to (overall device type -Server or Workstation - down to the Client or Site level)
  6. Click Next again to use the existing installation schedule or create a specific schedule for this patch
  7. Click Apply

Visit Patch Approval Actions for information on the patch approval hierarchy.

View Patch Status

The current patch status on an individual device is viewed in its South-pane Patches, while the Patch Overview Report provides insight into the patch status over multiple devices at all or specific Clients.

  1. Patch Overview Report
  2. Log into the Dashboard
  3. Go to Reports > Patch Management Reports > Overview Report
  4. Select the Client
  5. Choose the Report Format (HTML, CSV, CSV - Offline Mode or XML)
  6. Select the grouping (in this case Group by Patch)
  7. Choose the Patch Status to display (Missing, Pending, Installing, Installed, Failed, Ignored or Reboot Required)
  8. Generate to view or download the Report (depending on format selection)