Already a NinjaOne customer? Log in to view more guides and the latest updates.

Windows Patch Management: Patch Availability

  • Last Updated March 9, 2026

 

Topic

The following is a list of frequently asked questions regarding patch availability with NinjaOne's Windows patch management tool.

Environment

Description

 

How Does NinjaOne Know What to Patch?

When Microsoft releases a new patch, it is distributed through Service channels. If the device is able to detect the update in question during a normal, local update scan, NinjaOne would be able to detect those patches during the next patch management scan as well. If the device cannot detect the patch, then NinjaOne will not display it either, as NinjaOne utilizes the results and data from Windows Updater.

NinjaOne will only detect patches if they are available when a Windows Patch scan is run. It is important to note that when running a patch scan locally on a device, doing so will bypass any Windows patch management policy settings configured in NinjaOne (so, patches would not be either approved or rejected according to the configured policy settings).

 

What Happens if a Patch is not Available?

In limited cases, there may be a delay between when a security update is released by Microsoft and when that patch is available directly through Windows Update. Microsoft slow rolls patches to all Windows devices over time. This is why you will see it available on one device but not another, even if you run a manual update directly on the devices. Click here for a list of Security Updates from Microsoft.

Patches are typically added to the Windows Update catalog on the second Tuesday of every month. Before these patches are added, NinjaOne will not be able to pick them up during a scan cycle. Click here for a list of recent patches that are available via Windows Update, and in turn, NinjaOne's patch management functionality.

 

How can I install a Patch if it is not Available in NinjaOne?

If the Windows Update service on the device does not see the patch as available from Microsoft yet, this will have to be done manually.

If you do not want to wait for the device to be told by Microsoft it is available for that device, there are a couple options:

  1. Run Windows update manually on the device(s) in an effort to catch the patch as soon as it is available — this may have to be done several times if the patch is still not available for that device.
  2. Download the patch from the Microsoft Update catalog and manually install it via command line or a custom script.

 

Why Does This Have to be Done Manually?

NinjaOne does not have or keep a repository of patches that is used to deliver patches to devices. NinjaOne uses the local Windows Update service on the individual device, which in turn contacts Microsoft servers to find out what patches are available for it based on many different variables. Once the update service gets its catalog of available patches, NinjaOne then will tell the device when to install them based on your settings inside the NinjaOne console.

 

For a list of more frequently asked questions about Windows patch management, please see Windows Patch Management: FAQ.

 

 

FAQ

Next Steps