Microsoft patch policies

While Targets allows you to define when, how, and to whom updates are applied, from this section you can define what gets updated; that is, you can manage the approval or denial of the installation of one or more updates from the Microsoft catalog on an organization's devices.

Create a new update policy

1. Access Portal -> Updates -> Microsoft Update Policies.
2. Click New at the top right of the interface.
3. Assign a name to the new policy in the form.
4. Click on Save. The name of the newly created policy will appear in the table, in addition to the following fields:

• Update policy targets. Targets configured with a Microsoft update policy.
• Automatic approvals. Indicates if the automatic approvals setting is Enabled or Disabled.
• Actions. Contains the View Details button, to access five configuration scopes:

• Details
• Microsoft patches
• Automatic approvals
• Non-cataloged Updates
• Non-cataloged Automatic Approvals

Details

Shows specific information about the policy being consulted:

• Name. Name of the policy.
• Targets. List of targets linked to the policy.
• Creation Date. Date when the policy was created.
• Created by. User who created the policy.

The Edit button opens a form to change the name of the policy or to delete it, if desired.

Microsoft patches

Shows a table with the list of Microsoft updates available for the linked target. The fields contain the following data:

• KB. Unique identifier assigned to the Microsoft update package. Some drivers or firmware do not have an assigned KB.
• Revision description. Link that directs to detailed information about the Microsoft update.
• Status. Approved, Rejected, or Pending.
• Product. Microsoft product to which the update applies.
• Severity. Level of urgency detected for executing the update.
• Release Date. Date from when the update is available.
• Classification. Category that corresponds to the update.
• Last Update. Date and time the list was last updated.

Above the table, there are several filtering options that allow listing the available updates according to Classifications, Products, Superseded, or Release Date.

It is also possible to search by character strings or filter by their Pending Approval, Approved, or Rejected status.

Approve or reject a Microsoft update

To approve or reject an update, select one or more entries available in the table and choose the desired action.

• Clicking Approve indicates that the update will be installed on the corresponding devices the next time an update process is executed according to the target configuration.

• Clicking Reject indicates that the update will attempt to uninstall during the next update process on devices that have it installed, in accordance with the target configuration. Not all updates can be uninstalled; the execution of this process depends on the update status of the device and other factors. The result of the process will be available in the corresponding update task.

info

If a user defines a Microsoft update policy but does not manually or automatically approve or reject an update package, no installation or uninstallation activity will be generated on the devices.

Automatic Approvals

It is possible to configure automatic approval rules to apply updates, even more than one within the same update policy.

Create an automatic approval rule

1. Access Portal -> Updates -> Microsoft Update Policies.
2. Click the name of the policy.
3. Go to the Automatic Approvals tab.
4. Click New and define the following fields:

• Classifications. Distinguish updates by their category: Updates, Critical Updates, Security Updates, Upgrades, Definition Updates, Drivers, Feature Packs, and Update Rollups.
• Products. Allows selection of the Microsoft product to which the update applies.
• Days after release. Specify how many days after the release date the update will be automatically approved.

The fields of this section's table contain the following data:

• Classification. Category of the update. It can be Updates, Critical Updates, Security Updates, Upgrades, Definition Updates, Drivers, Feature Packs, and Update Rollups.
• Products. Name of the product to which the update applies.
• Days after release. Numeric value indicating how many days after the release date the update will be automatically approved.
• Actions. Contains the View detail button, which opens a form to edit the automatic approval rule.

info

Flexxible recommends setting automatic approval rules whenever a new update policy is created, and not applying the new policy to the desired target until the updates you want as a starting point are approved. In this way, you can start from a scenario where all previous updates are approved for user devices.

Unlisted updates

The global list of pending updates on the device can be consulted at Microsoft Updates; however, there are certain patches that the device may report as pending, but do not appear on that list.

Unlisted Updates correspond to these cases. These are pending updates that could be related to Microsoft features, but do not have an exact match with the entries in the Microsoft Updates list.

info

The list of unlisted updates is displayed at the tenant level.

The fields of the table contain the following data:

• KB. Unique identifier assigned to the Microsoft update package. Some drivers or firmware do not have an assigned KB.
• Revision description. Link that directs to detailed information about the Microsoft update.
• Status. Approved, Rejected, or Pending.
• Product. Microsoft product to which the update applies. In this type of updates, it is possible that the product is not informed since, at times, the data is not provided by the devices.
• Severity. Level of urgency detected for executing the update.
• Release Date. Date from when the update is available.
• Classification. Category that corresponds to the update.

Above the table, there are several filtering options to list the available updates according to Classifications, Products, or Date of arrival.

It is also possible to search by character strings or filter by their Pending Approval, Approved, or Rejected status.

Approve or reject an unlisted update

To approve or reject an unlisted update, select one or more entries available in the table and choose the desired action.

• Clicking Approve indicates that the update will be installed on the corresponding devices the next time an update process is executed according to the target configuration.

• Clicking Reject indicates that the update will attempt to uninstall during the next update process on devices that have it installed, in accordance with the target configuration. Not all updates can be uninstalled; the execution of this process depends on the update status of the device and other factors. The result of the process will be available in the corresponding update task.

Unlisted automated approvals

It's possible to set up automatic approval rules to apply unlisted updates.

Create an automatic approval rule for unlisted updates

1. Access Portal -> Updates -> Microsoft Update Policies.
2. Click the name of the policy.
3. Go to the Unlisted automated approvals tab.
4. Click New and define the following fields:

• Classifications. Distinguish updates by their category: Updates, Critical Updates, Security updates, Upgrades, Definition updates, Drivers, Feature packs, and Updates Rollups.
• Products. Products reported by the devices.
• Include updates without products. By checking this option, updates that don't have a product will be considered.
• Days after arrival. Specify how many days after the update arrives in the list it will be automatically approved.

The fields of this section's table contain the following data:

• Classification. Category of the update. It can be Updates, Critical Updates, Security updates, Upgrades, Definition updates, Drivers, Feature packs, and Updates Rollups.
• Products. Reported product name.
• Include updates without products. Indicate whether the automatic approval rule includes updates without products.
• Days after arrival. Numeric value indicating how many days after the update arrives in the list it will be automatically approved.
• Actions. Contains the View details button, which opens a form to edit the automatic approval rule being viewed.

info

Unlisted Updates and Unlisted Automatic Approvals are available starting from version 25.6 of FlexxAgent.