Windows Patch Management: Patch Availability

Topic

The following is a list of frequently asked questions regarding Microsoft Windows operating system (OS) patch availability within NinjaOne Patching.

Environment

• NinjaOne Patching
• Microsoft Windows

Index

Select a topic to continue:

• How does NinjaOne know what to patch?
• Why might a recently-released patch not be available?
• How can I install a patch if it is not available in NinjaOne?
• Why must I manually install patches unavailable through NinjaOne?

FAQ

How does NinjaOne know what to patch?

Microsoft distributes newly-released patches through Windows Update and makes them available to devices based on their configured servicing channel. Through patch management scans, NinjaOne can detect any updates that Windows devices can see during a normal local update scan. If a device cannot detect the patch, NinjaOne may not display it either.

Once NinjaOne finds a patch, it applies or rejects it based on the settings configured in the policy that governs the device. Running a patch scan locally on a device bypasses any Windows patch management policy settings configured in NinjaOne. In this case, patches will not be approved or rejected according to the policy settings.

Why might a recently-released patch not be available?

Microsoft gradually rolls out security updates to Windows devices over time, so there may be a delay between a patch release and its availability on devices. This time gap is why a patch may appear on one device but not another, even when running a manual update directly. NinjaOne cannot scan for and detect patches before Microsoft makes them available.

How can I install a patch if it is not available in NinjaOne?

If Microsoft has released a patch, but the device does not see the patch as available, you can install it manually by using one of the following methods:

• Run Windows Update manually on the devices to catch the patch as soon as it is available. You may have to repeat this process until the patch becomes available.
• Download the patch from the Microsoft Update catalog and manually install it through the command line or a custom script.
• Download the patch from the Microsoft Update catalog and manually install it via NinjaOne's Windows Updates - Install Out-of-Band Patch (MSU) automation template, available in NinjaOne at Administration → Library → Automation → Template Library. Refer to NinjaOne Endpoint Management: Automation Script Templates for more information about using automation script templates.

Why must I manually install patches unavailable through NinjaOne?

You must install these patches manually because NinjaOne gets its available patches through the same Windows Update service as Windows devices and cannot automatically install patches that Microsoft has not yet made available. Once the Windows Update service makes the patch available to NinjaOne, it will install it on your devices based on your device policy settings.

Additional Resources

• For a list of more frequently asked questions about Windows patch management, refer to Windows Patch Management: FAQ.
• Refer to NinjaOne Patching: Windows OS Patch Management to learn more about configuring Windows patch policies.