Patch Management Policy automates recurring deployments to maintain endpoint security and compliance. Designed for hands-off, consistent patching across your organization.
Navigate to Patch Management > Policy and select Create New Policy to begin.
Configurations for Policy are mostly similar to On-Demand Deployment. In this guide, we will go through specific settings for automation policy deployment.
Enable OS Patches Policy
Enable to activate recurring deployment; disable to pause them.
Recurring Schedule
Define how often the policy automation should run.
Supported recurrence include:
- Daily
- Weekly on one or more selected days
- Monthly on one or more selected days
Patch Selection
Only Automated Patch Selection is supported for policy deployment. Includes patches that match criteria (e.g., "critical severity"). If you set multiple criteria, a patch only needs to match one to be included.
Report
Configure notifications for deployment completion.
Add one or more email addresses (e.g., admins, security teams). Recipients get a summary with per-device status: Success, Failure, or Unreachable.
Once a deployment is created, navigate to Patch Management > Deployments to monitor patching process. Refer to Deployment Management guideline for detailed instructions.
Assign Policy to Endpoint Groups
Policies can be assigned to groups of endpoints via Inventory > Groups.
- Navigate to Inventory > Groups and select the desired group.
- Open the Settings tab.
- In Patch Management Policy section, select your policy from the dropdown menu and save your changes.
