The Patch Management Dashboard is your ultimate tool for real-time compliance insights and effortless vulnerability mitigation. Effortlessly monitor and manage patching across all your devices, ensuring optimal security and performance with just a few clicks.

Overview tab

The Overview tab gives you a snapshot of patching status, highlights vulnerable devices, and links to key workflows like installing critical patches or rebooting devices.

Patching status

The patching status shows the percentage of devices that are fully patched and up to date. For example, if 80 out of 100 devices are fully patched, the progress bar will display 80%, regardless of how many patches are missing on the remaining 20 devices. You can also the number of fully patched devices in the top right of the tile.The following actions are available:

• See devices that are fully patched: 
  • Click the progress bar to see all devices filtered by 'Up to date'.
  • Click a donut chart to to see devices that are filtered by 'Up to date' and the selected device type (Windows PC, Windows Server, Mac, or Linux).
• See devices that are missing patches:
  • Click the progress bar to see devices filtered by 'Update required'.
  • Click a donut chart to see devices filtered by 'Update required' and the selected device type (Windows PC, Windows Server, Mac, or Linux).

Patch action center

Tackle patching from two angles — manage devices that need updates or focus on the patches themselves. Whether you're installing critical patches, rebooting devices, or retrying failed patches, you've got multiple ways to keep everything up to date.

The following actions are available:

• Devices missing critical patches: Click to install one or many critical patches on a single device via the Devices tab. For more info, see Patch management: install patches and software updates
• Devices missing OS patches: Click to install one or many OS patches on a single device via the Devices tab. For more info, see Patch management: install patches and software updates
• Devices pending reboot: Click to reboot one or many devices to complete patch installations via the Devices tab. For more info, see Patch management: reboot devices
• Devices missing software updates: Click to install one or many software updates on a device via the Devices tab. For more info, see Patch management: install patches and software updates
• Failed OS patches: Click to see OS patches that failed to install and retry installing them, in bulk or individually, on affected devices. For more info, see Patch management: review failed patches
  • Note: Patch failure feedback is available for Windows devices. 
• Available OS patches: Click to see available OS patches and install them via the OS patches > Available patches tab. For more info, see Patch management: install patches and software updates

Top vulnerable devices

The Top vulnerable devices displays up to your top 10 most vulnerable devices, sorted by the number of available patches for each device. You'll see the:

• Device name: The name of the device.
• Device type: The operating system running on the device (Windows, Mac, or Linux).
• Missing OS patches: The number of OS patches missing on the device.

The following actions are available:

• Go to Agent Console: Click the device name to open the Agent Console.
• View available OS patches: Click the number pill in the Missing OS patches column to open the Patch management window for the device. From here, you can install available patches, and see previously installed patches. For more info, see Patch management: install patches
• See all devices: Click See all devices to go to the Patch management > Devices tab, where you can install the available patches on each device.

Top missing OS patches

The Top missing OS patches displays the most common missing patches (up to 10) that are missing from your devices, sorted by the number of devices affected. You'll see the:

• Patch name: The name of the patch.
• Classification: The patch class (e.g., Critical updates, Recommended, Feature packs).
• OS type: The operating system of the device (Windows, Mac, or Linux).
• Devices: The number of devices missing the patch.

The following actions are available:

• Install missing patch on devices: Click the number pill in the Devices column to open the Patch window. From here, you can install the missing patch on one or many devices. For more info, see Patch management: install patches
• View patch details: If applicable, click the KB link (e.g., "(KB11235813)") attached to the patch name to learn more about it.
• See all OS patches: Click See all OS patches to go to the OS patches > Available patches tab, where you can install multiple patches across multiple devices.

Devices tab

The Devices tab displays devices that need an update (the Update required filter is selected by default). You can select 'Up to date' to view devices that are fully patched and check the date of their last patch scan, ensuring everything is current and secure.

Device and patching information: 

• Device name: Displays the device name (you can update it via the Device page).

• AI: Click the icon () to open AI Copilot and troubleshoot device issues. Learn more

• Last login: Shows the last logged-in user and time. (Format: MM/DD/YYYY, HH:MM:SS AM/PM)

• Availability: Indicates if the device is online or offline.

• Device type: Identifies the device type (e.g., PC, Server, Mac, Linux).

• Site name: Displays the site name.

• Customer name: Displays the customer name.

• Folder name: Displays the folder name (if assigned).

• Available patches: Indicates if patches are available (and how many). Click Manage to install or view installed patches.

• Last patch scan: Shows time since the last scan (e.g., "5 hours ago," "16 mins ago").

• Pending reboot: Indicates if a reboot is needed to complete patch updates. Click to restart the device now (or schedule it for later).

Note: Landing here from the Overview tab will automatically adjust the default filters based on the button or source clicked.

The following actions are available within the Devices tab:

• Manage available patches: Install available patches and view previously installed patches. For more information, see Patch Management: install patches
• Reboot devices: Reboot devices to complete patch updates. For more information, see Patch Management: reboot devices
• Export to Excel: Click Export (top right) to export the device list as an .xlsx file (Excel).
  Note: AI and Available patches data won't be included.

OS patches tab

Available patches

Displays a list of available patches, which you can install on single or multiple devices — whether one patch at a time or in bulk.

Note: When bulk installing patches, we recommend reviewing the target devices beforehand. A bulk update could trigger unexpected reboots, impact performance during work hours, or apply patches to devices you didn’t intend to update.
A confirmation window will appear before proceeding with any bulk installation (multiple patches, multiple devices, or both).

The following actions are available within the Available patches tab:

• Install one or many patches on one or many devices: Install available patches across your devices. For more information, see Patch Management: install patches
• Review CVEs: Review the associated CVEs, showing the highest CVSS v3.1 score among the CVEs related to a patch. For more information, see CVE and CVSS
• Export to Excel: Click Export (top right) to export the device list as an .xlsx file (Excel).
  Note: AI and Available patches data won't be included.

Failed patches

Displays a list of patches that previously failed to install. You can retry installing failed patches as-is or first review the failure feedback for Windows devices to identify and fix the issue before reinstalling.

Note:

• Patch failure feedback is available for Windows devices.
• When bulk installing patches, we recommend reviewing the target devices beforehand. A bulk update could trigger unexpected reboots, impact performance during work hours, or apply patches to devices you didn’t intend to update.
  • A confirmation window will appear before proceeding with any bulk installation (multiple patches, multiple devices, or both).

The following actions are available within the Failed patches tab:

• Review failed Windows updates: Install available patches across your devices. For more information, see Patch management: review failed patches
• Review CVEs: Review the associated CVEs, showing the highest CVSS v3.1 score among the CVEs related to a patch. For more information, see CVE and CVSS
• Export to Excel: Click Export (top right) to export the device list as an .xlsx file.
  Note: AI and Available patches data won't be included.

Installed patches

Displays a list of installed patches. Click the number pill in the Devices column to view the devices (along with installation dates) or uninstall Windows patches

Filters

Overview tab filters

• Sites: Select sites from the dropdown menu. Default is 'All sites'.
• Customers: Select customers from the dropdown menu. Default is 'All customers'.
• Folders: Select folders from the dropdown menu. Default is 'All folders'.
  • Available only after selecting a site.
  • Available only after selecting a customer.
• Device type: Select device types (Windows PC, Windows Server, Mac, and Linux). Default is 'All device types'.
• Availability: Select device availabilities (Online, Offline, and Retired). Default is 'Online, Offline'.
• Classification: Select patch classifications. Default is 'All classifications'.
• Customer rank: None, Silver, Gold, and Blocked. Learn more

Devices tab filters

• Sites: Default is 'All sites'.
• Customers: Default is 'All customers'.
• Folders: Default is 'All folders'.
  • Available only after selecting a site.
  • Available only after selecting a customer.
• Patching status: OS up to date, OS update required, Software up to date, Software update required. Default is 'OS Update required' and 'Software update required'.
• Classification: Select patch classifications. Default is 'All classifications'.
• More filters:
  • Device type: Windows PC, Windows Server, Mac, and Linux. Default is 'All device types'.
  • Device availability: Online, Offline, and Retired. Default is 'All availabilities'.
  • Patch status: Available, Postponed, and Failed. Defaults is 'All statuses'.
  • Reboot required: Filter by devices that require a restart for patches to install.
  • Customer rank: None, Silver, Gold, and Blocked. Learn more

OS patches tab filters

• Sites: Default is 'All sites'.
• Customers: Default is 'All customers'.
• Folders: Default is 'All folders'.
  • Available only after selecting a site.
  • Available only after selecting a customer.
• OS types: Windows, Mac, and Linux. Default is 'All OS types'.
• Classification: Select patch classifications. Default is 'All classifications'.
• More filters:
  • Supported products: Select the operating systems and applications that support the patch (Windows and Mac only). Default is 'All products'.
  • CVE severity: Critical, High, Medium, Low, None. Default is 'All severities'.
  • Device availability: Online, Offline, and Retired. Default is 'All availabilities'.
  • Reboot required: Filter by devices that require a restart for patches to install.
  • Customer rank: None, Silver, Gold, and Blocked. Learn more

Hover your mouse over a filter to see all selected options.

Patch classifications reference

You can filter the Overview, Devices, and OS patches tabs by all patch classifications, or by:

• Windows: Critical updates, Security updates: Definition updates, Update rollups, Service pack updates, Feature packs, Updates, Upgrades, Hardware driver updates, Office updates, Tool updates.
• Mac: Recommended updates, Upgrades.
• Linux: Package upgrades.

Last patch scan

This field displays the date and time of the most recent patch scan for each device. It's visible on Devices page and the Patch Management Dashboard, within the Devices tab. The system updates patching information for online devices every hour. This includes updates to the dashboard and all relevant pages displaying device data.

CVE and CVSS

The CVE (Common Vulnerabilities and Exposures) and CVSS (Common Vulnerability Scoring System) columns help you quickly assess the severity of vulnerabilities and prioritize patching efforts to enhance your system's security.

Note:

• CVE and CVSS info applies to Windows devices.
• CVSS ratings are calculated using the CVSS 3.1 standard
• Patches display the highest CVSS rating from their associated CVEs. For example, if a patch includes 10 CVEs and 9 of them have a score of 1.1, but 1 has a score of 9.3, the displayed score will be 9.3.

CVSS severity ranges:

• Critical: Sound the alarms, this one's a biggie (9.0-10.0).
• High: Heads up, this needs your attention (7.0-8.9).
• Medium: Worth a look, but not urgent (4.0-6.9).
• Low: Just a tiny blip on the radar (0.1-3.9).
• None: All clear, no issues here.

To view a patch's CVEs and associated CVSS ratings:

1. From Patch management (on the sidebar), click OS patches > Available patches. 

Note: CVE and CVSS info is also available via the Installed patches and Failed patches subtabs.

2. In the CVEs column, click the number pill on the patch.

The OS patch window appears.

The patch's associated CVEs are displayed in order of severity. For more information, including exploitability and mitigation, click a CVE to go to a detailed vulnerability page on the Microsoft Security Response Center (MSRC) website.