The Patch Management Dashboard is your ultimate tool for real-time compliance insights and effortless vulnerability mitigation. Effortlessly monitor and manage patching across all your devices, ensuring optimal security and performance with just a few clicks.

The Patch Management Dashboard provides compliance reporting at a glance, so you can:

• See your patching compliance status for all your sites.
  
  • Filter by site, folder, device type, device availability, and patch classification, to efficiently manage and view your patching coverage.
• See your patching compliance status for all your customers.
  • Filter by customer, folder, device type, device availability, and patch classification, to efficiently manage and view your patching coverage.
• See your most vulnerable devices, and seamlessly install missing patches on them.
• See top missing OS patches, the number of devices affected, and associated CVEs to prioritize patching efforts, before installing the missing patches.
• See failure feedback for patches that failed to install on devices, to effectively troubleshoot the issues and successfully reinstall the patches.
• Quickly access:
  • Devices missing critical patches.
  • Devices missing OS patches.
  • Devices that require a reboot to install pending patches.
  • OS patches pending review before installation.

 

Overview tab

Patching status

The patching status shows the percentage of devices that are fully patched and up to date. For example, if 80 out of 100 devices are fully patched, the progress bar will display 80%, regardless of how many patches are missing on the remaining 20 devices. You can also the number of fully patched devices in the top right of the tile.

You can filter by site, folder, device type, device availability, and patch classification.

You can filter by customer, folder, device type, device availability, and patch classification.

Hover your mouse over the:

• Progress bar: See the number of devices that are:
  • Fully patched: Click to go to the Patch management > Devices tab to see all devices that are filtered by 'Up to date'.
  • Missing patches: Click to go to the Patch management > Devices tab to see all devices that are filtered by 'Update required'.
• Donut chart: See the number of Windows PCs, Windows Servers, Macs, or Linux devices that are:
  • Fully patched: Click to go to the Patch management > Devices tab to see all devices that are filtered by 'Up to date' and 'Windows PC', 'Windows Server', 'Mac', or 'Linux'.
  • Missing patches: Click to go to the Patch management > Devices tab to see all devices that are filtered by 'Update required' and 'Windows PC', 'Windows Server', 'Mac', or 'Linux'.

If you've filtered the Overview tab, your filters will be applied when redirected to the Devices tab.

 

Top vulnerable devices

The Top vulnerable devices displays up to your top 10 most vulnerable devices, sorted by the number of available patches on each device. You'll see the:

• Device name: The name of the device.
• Device type: The operating system running on the device (Windows, Mac, or Linux).
• Missing patches: The number of patches missing on the device.

You can filter by site, folder, device type, device availability, and patch classification.

You can filter by customer, folder, device type, device availability, and patch classification.

The following actions are available:

• Redirect to agent: Click the device name to open the Agent console in a new tab.
  • If you've disabled multiple tabs, then the Agent console will open in your current tab.
• View available patches: Click the number pill in the Missing patches column to open the Patch management window for the device. From here, you can view and install available patches, and see previously installed patches. 
• See all devices: Click See all devices to go to the Patch management > Devices tab. Your current filters will be applied automatically. 

 

Top missing OS patches

The Top missing OS patches displays the most common missing patches (up to 10) that are missing from your devices, sorted by the number of devices affected. You'll see the:

• Patch name: The name of the patch. If applicable, click the KB link (e.g., '(KB11235813)') for more info.
• Classification: The patch class (e.g., Critical updates, Recommended, Feature packs).
• OS type: The operating system of the device (Windows, Mac, or Linux).
• Devices: The number of devices missing the patch.

 

Patch action center

The Patch action center contains 4 buttons:

• Devices missing critical patches: The number of devices missing critical patches. Click to go to the Devices tab (filtered by Update required and Critical updates).
• Devices missing OS patches: The number of devices missing OS patches. Click to go to the Devices tab (filtered by Update required).
• OS patches pending review: The number of OS patches that have not yet been installed. Click to go to the OS patches > Available patches tab.
• Devices pending reboot: The number of devices pending reboot (required to install certain patches). Click to go to the Devices tab (filtered by Update required and Pending reboot).

 

Devices tab

The Devices tab displays the devices. It's essentially a mirror of the Devices page, except that devices are automatically filtered by 'Update required', displaying only the devices that are missing patches. The 'Last patch scan' column shows the most recent time each device was checked for patches.

From here, you can install available patches on each device

 

OS patches tab

The OS patches tab contains the 3 subtabs:

• Available patches: Displays a list of available patches. Click the number pill in the Devices column to install the patch on one, some, or all applicable devices.
• Failed patches: Displays a list of patches that failed to install. Click the number pill in the Devices column to view the devices (along with the attempted installation dates), and to reinstall the patch. You can also view patch failure feedback for each Windows device's installation attempt.
• Installed patches: Displays a list of installed patches. Click the number pill in the Devices column to view the devices (along with the installation dates).

 

Available patches

Install a patch across a single or multiple devices

 

Failed patches

Review and troubleshoot failed installations before reinstalling patches.

Note: Patch failure feedback is available for Windows devices.

 

To troubleshoot failed OS patch installations:

1. From Patch management (on the sidebar), click OS patches > Failed patches.

2. Click the number pill in the Devices column to view the devices on which a patch failed to install.

The OS patch window appears.

3. In the Installation status column, hover over the information icon to view patch failure feedback (error code, description, and mitigation steps).

Note: If a description and/or mitigation isn't displayed, we recommend searching the error code online to troubleshoot the issue.

4. Once you've finished troubleshooting, return here to configure the patch installation preference for any offline devices.

5. Select the devices.

6. Click Install.

 

Installed patches

View patches and the devices on which they're installed.

 

To view installed OS patches:

1. From Patch management (on the sidebar), click OS patches > Installed patches.

2. Locate the patch and click the number pill in the Devices column.

The OS patch window appears.

The OS patch window displays the patch name, classification, supported products, size, and if a reboot was required.

You can click the device or site name to open the agent console or Site page, respectively.

You can click the device or customer name to open the agent console or Customer page, respectively.

 

Filters

Overview tab

• Sites: Select sites from the dropdown menu. Default is 'All sites'.
• Customers: Select customers from the dropdown menu. Default is 'All customers'.
• Folders: Select folders from the dropdown menu. Default is 'All folders'.
  • Available only after selecting a site.
  • Available only after selecting a customer.
• Device type: Select device types (Windows PC, Windows Server, Mac, and Linux). Default is 'All device types'.
• Availability: Select device availabilities (Online, Offline, and Retired). Default is 'Online, Offline'.
• Classification: Select patch classifications. Default is 'All classifications'.

Hover your mouse over a filter to see all the selected options.

Click Reset filters to restore the default filter settings.

 

Devices tab

• Sites: Default is 'All sites'.
• Customers: Default is 'All customers'.
• Folders: Default is 'All folders'.
  • Available only after selecting a site.
  • Available only after selecting a customer.
• Patching status: Update required or Up to date. Default is 'Update required'.
• Classification: Select patch classifications. Default is 'All classifications'.
• More filters:
  • Device type: Windows PC, Windows Server, Mac, and Linux. Default is 'All device types'.
  • Device availability: Online, Offline, and Retired. Default is 'All availabilities'.
  • Patch status: Available, Postponed, and Failed. Defaults is 'All statuses'.
  • Reboot required: Filter by devices that require a restart for patches to install.

Hover your mouse over a filter to see all the selected options.

Click Reset filters to restore the default filter settings.

 

OS patches tab

• Sites: Default is 'All sites'.
• Customers: Default is 'All customers'.
• Folders: Default is 'All folders'.
  • Available only after selecting a site.
  • Available only after selecting a customer.
• OS types: Windows, Mac, and Linux. Default is 'All OS types'.
• Classification: Select patch classifications. Default is 'All classifications'.
• More filters:
  • Supported products: Select the operating systems and applications that support the patch (Windows and Mac only). Default is 'All products'.
  • CVE severity: Critical, High, Medium, Low, None. Default is 'All severities'.
  • Device availability: Online, Offline, and Retired. Default is 'All availabilities'.
  • Reboot required: Filter by devices that require a restart for patches to install.

Hover your mouse over a filter to see all the selected options.

Click Reset filters to restore the default filter settings.

 

Classification

You can filter the Overview, Devices, and OS patches tabs by all patch classifications, or select from the following:

• Windows: Critical updates, Security updates: Definition updates, Update rollups, Service pack updates, Feature packs, Updates, Upgrades, Hardware driver updates, Office updates, Tool updates.
• Mac: Recommended updates, Upgrades.
• Linux: Package upgrades.

 

Install patches

You can install available patches from multiple places within the Patch Management dashboard — each providing a unique approach:

• To install one or multiple patches on a device, see:
  • Overview tab > Top vulnerable devices
  • Devices page
• To install a patch on multiple devices, see Patch action center
• To install a patch on one or multiple devices, see OS patches tab

 

via the Top vulnerable devices tile

Install one or multiple patches on a single device.

To install missing patches via the Top vulnerable devices tile:

1. Click Patch management (on the sidebar) to view the Overview tab.

2. In the Top vulnerable devices tile (bottom left), locate the device and click the number pill in the Missing patches column.

The Patch management window appears.

3. In the Available patches tab, select the patches. Then click Install.

The installation request is sent to the agent. Check the Recent Processes report for updates.

 

via the Patch action center tile

Tiles in the Patch action center tile redirect to the Devices tab (to install patches or reboot devices in bulk) or OS patches tab (to install a single patch across multiple devices).

1. Click Patch management (on the sidebar) to view the Overview tab.

2. In the Patch action center tile (top right), select the desired action:

• Missing critical patches: Click to see devices missing critical patches.
• Missing OS patches: Click to see devices missing OS patches.
• OS patches pending review: Click to see OS patches that have not yet been installed.
  • Note: To see how to install patches via this tile, click here
• Devices pending reboot: Click to see devices that require a reboot for certain patches to install.

The Devices tab appears.

3. Locate the device and click Manage in the Available patches column.

The Patch management window appears.

4. In the Available patches tab, select the patches. Then click Install.

The installation request is sent to the agent. Check the Recent Processes report for updates.

 

via the OS patches tab

Install a single patch on one or multiple devices.

To install missing patches via the OS patches tab:

1. From Patch management (on the sidebar), click OS patches > Available patches.

Note: You can also click the OS patches pending review tile in the Patch action center or See all patches on the Top missing OS patches tile (both found on the Overview tab).

The OS patches tab appears.

2. Locate the patch and click the number pill in the Devices column.

The OS patch window appears.

The OS patch window displays the patch name, classification, supported products, size, if a reboot is required, installation preferences, and the associated list of devices.

3. Select the devices and your patch installation preferences. Then click Install.

The installation request is sent to the agents. Check the Recent Processes report for updates.

 

via the Devices tab

Install one or multiple patches on a single device.

Note: By default, the Devices tab is filtered by 'Update required', displaying only the devices that are missing patches.

To install missing patches via the Devices tab:

1. From Patch management (on the sidebar), select the Devices tab.

2. Locate the device and click Manage in the Available patches column.

The Patch management window appears.

3. In the Available patches tab, select the patches. Then click Install.

The installation request is sent to the agent. Check the Recent Processes report for updates.

 

Reboot devices

You can reboot individual devices or multiple devices at once to install pending patches that require a restart.

To reboot devices:

1. Click Patch management (on the sidebar) to view the Overview tab.

2. In the Patch action center tile (top right), click the Pending reboot tile.

The Devices tab appears (filtered by 'Reboot required').

3. Select the devices. Then click Reboot.

Note: To reboot a single device, click Reboot in the Reboot required column.

The Restart window appears.

You can restart the device now or schedule a one-time future restart. Learn more

4. Click Restart / Schedule.

The end user will be notified of the shutdown action via a toast notification, featuring the company name, unless they are already logged out.

 

Last patch scan

This field displays the date and time of the most recent patch scan for each device. It's visible on Devices page, and on the Patch Management Dashboard, within the Devices tab. The system updates patching information for online devices every hour. This includes updates to the dashboard and all relevant pages displaying device data.

 

CVE and CVSS

The CVE (Common Vulnerabilities and Exposures) and CVSS (Common Vulnerability Scoring System) columns help you quickly assess the severity of vulnerabilities and prioritize patching efforts to enhance your system's security.

Note:

• CVE and CVSS info applies to Windows devices.
• CVSS ratings are calculated using the CVSS 3.1 standard
• Patches display the highest CVSS rating from their associated CVEs. For example, if a patch includes 10 CVEs and 9 of them have a score of 1.1, but 1 has a score of 9.3, the displayed score will be 9.3.

CVSS severity ranges:

• Critical: Sound the alarms, this one's a biggie (9.0-10.0).
• High: Heads up, this needs your attention (7.0-8.9).
• Medium: Worth a look, but not urgent (4.0-6.9).
• Low: Just a tiny blip on the radar (0.1-3.9).
• None: All clear, no issues here.

 

View CVEs and CVSS ratings

To view a patch's CVEs and associated CVSS ratings:

1. From Patch management (on the sidebar), click OS patches > Available patches. 

Note: You can also view them via the Installed patches and Failed patches tabs.

2. In the CVEs column, click the number pill on the patch.

The OS patch window appears.

The patch's associated CVEs are displayed in order of severity. For more information, including exploitability and mitigation, click a CVE to go to a detailed vulnerability page on the Microsoft Security Response Center (MSRC) website.