Skip to main content
Version: 25.6

Configure patch policies

Patch policies set parameters for installing security patches and functional enhancements on devices. They allow defining the timing and scope of deployment, as well as exercising granular control over the update content, by approving or denying packages published by Microsoft, according to the organization's security and compatibility requirements.

Create a new patch policy

  1. Access Portal -> Patch -> Targets.
  2. Create a new target by clicking + New.
  3. Fill in the fields:
  • Name. Name of the new patch policy.
  • Report Group. Target device group for the new patch policy (can be more than one).
  • Microsoft Patch Policy. Microsoft patch policy to which the new patch policy will be linked. This field is optional.

create-patchPolicy

  1. Click on Save.

  2. The new patch policy information will appear on the screen.

    info-patchPolicy

Edit a patch policy

Once created, patch policies can be modified to define device behavior after updates, including options like automatic reboot or remote startup via Wake on LAN (WoL).

  1. Access Portal -> Patch -> Targets.
  2. In the table, select the patch policy you wish to edit.
  3. Click on Edit.
  4. Optionally, you can enable the following features:
  • Restart after patching. Enable automatic device restart after patch installation is completed.
  • Wake on LAN (WoL). Allows updates to run even when devices are in sleep or powered off modes. The system will automatically wake up over the network to apply the updates.
  1. Click on Save.

edit-patch-policy

Schedule patches

The patch policy allows scheduling the day and time for applying patches on devices associated with a report group, facilitating controlled maintenance.

info-patchPolicy

  1. Access Portal -> Patch -> Targets.
  2. In the table, select a patch policy.
  3. Click on the Schedule tab -> Edit.
  4. Define the schedule.
  5. Click on Save.

Delete a patch policy

  1. Access Portal -> Patch -> Targets.
  2. In the table, select the patch policy you wish to edit.
  3. Click on Edit -> Delete.
tip

For more information about update policies, please consult their documentation.

Microsoft patch policy

The previous steps detailed how to configure the timing, method, and targets of the patches. The process of approving or denying one or more patches from the Microsoft catalog is described below.

Create a new Microsoft patch policy

  1. Access Portal -> Patches -> Microsoft patch policies.
  2. Click New at the top right of the interface.
  3. Assign a name to the new policy in the form.
  4. Click on Save. The name of the policy you just created will appear in the table.

Approve or reject a Microsoft update

  1. Access Portal -> Patches -> Microsoft patch policies.

  2. In the table, select the Microsoft patch policy you want to view its details.

  3. Click on the Microsoft Updates tab.

  4. In the table, select one or more patches and choose an action:

    • Clicking Approve indicates that the update will be installed on the corresponding devices the next time an update process is executed according to the target configuration.

    • Clicking Reject indicates that the update will attempt to uninstall during the next update process on devices that have it installed, in accordance with the target configuration. Not all updates can be uninstalled; the execution of this process depends on the update status of the device and other factors. The result of the process will be available in the corresponding update task.

info

If a user defines a Microsoft patch policy but does not approve or reject a patch package manually or automatically, no installation or uninstallation activity will occur on the devices.

Automatic Approvals

It's possible to set up automatic approval rules to apply patches, even more than one within the same patch policy.

Create an automatic approval rule

  1. Access Portal -> Patches -> Microsoft patch policies.
  2. Click the name of the policy.
  3. Go to the Automatic Approvals tab.
  4. Click New and define the following fields:
  • Classifications. Distinguish updates by their category: Updates, Critical Updates, Security Updates, Upgrades, Definition Updates, Drivers, Feature Packs, and Update Rollups.
  • Products. Allows selection of the Microsoft product to which the update applies.
  • Days after release. Specify how many days after the release date the update will be automatically approved.
info

Flexxible recommends setting automatic approval rules whenever a new update policy is created, and not applying the new policy to the desired target until the updates you want as a starting point are approved. In this way, you can start from a scenario where all previous updates are approved for user devices.

tip

For more information about Microsoft update policies, please consult their documentation.