Patch Policy (Application)

Policy Deployment automates recurring deployments to maintain endpoint security and compliance. Designed for hands-off, consistent application patching across your organization.

Configurations for application update policies are mostly similar to On-Demand Deployment (Application). In this guide, we will go through specific settings for application patch policy creation.

Navigate to Patch Management > Policy. Click on Create New Policy, select the Application Patches tab to begin.

Enable Application Patches Policy

Enable to activate recurring application policy deployment; disable to pause them.

Note Windows and Application patches are enabled by default. Please review and modify these settings to align with your patching policy.

Recurring Schedule

Define how often the policy automation should run.

Supported recurrence include:

  • Daily
  • Weekly on one or more selected days
  • Monthly on one or more selected days

Update Notification

Configure how endpoints handle applications that need to be closed before performing an update.

  • Notifies users to close or relaunch the applications in use, waits for end-users to close them, then proceeds with the update.

    • You can set how often the endpoint prompts the user (e.g., every 30-60 minutes)
    • You can set the number of prompts a user can skip before the system triggers an automatic reboot to enforce the updates.

  • Force close or relaunch applications for updates: Applications in use will be closed immediately when the update begins

Note This behavior only applies for applications that require closing before performing the update.

Application Selection

Only Condition-Based selection is supported for policy deployment. Automatically select all applications that match conditions (e.g., “critical severity”). If you set multiple condition, an application only needs to match one to be included.

Report

Configure notifications for deployment completion.

Add one or more email addresses (e.g., admins, security teams). Recipients get a summary with per-device status: Success, Failure, or Unreachable.

Assign Policy to Endpoint Groups

Policies can be assigned to groups of endpoints via Inventory > Groups.

  • Navigate to Inventory > Groups and select the desired group.
  • Open the Settings tab.
  • In Patch Management Policy section, select your policy from the dropdown menu and save your changes.

Once a deployment is created, navigate to Patch Management > Deployments to monitor the update process. Refer to Deployment Management (Application) guideline for detailed instructions.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Deployment Management (Application)
null
On This Page
Patch Policy (Application)Enable Application Patches PolicyRecurring ScheduleUpdate NotificationApplication SelectionReportAssign Policy to Endpoint Groups