Windows Third-Party Software Patch Management Guide

This parameter set determines when the device will scan for available new patches.

• Schedule: Use the drop-down menu to choose the scan frequency.
• Days: If your scan interval is longer than daily, select which days of the week NinjaOne should perform the scan. Devices are patched only on the days selected. If you do not select any days, NinjaOne will display an error message.
• Time and Time Zone: Select the time of day and the appropriate time zone to perform the scan. By default, scans start at 8 A.M. local device time. This default only applies to new policies.
• Stagger over: Set a stagger interval to distribute patch installation times across your devices and avoid simultaneous updates. For more information, refer to NinjaOne Patch Management: Load Balancing Patch Installations With the Stagger feature.
• Scan immediately: Select this checkbox to run a scan immediately upon saving your settings.
• Apply immediately: Select this checkbox to have NinjaOne apply patches immediately when it finds them in a scan.

These settings specify when NinjaOne should apply the updates found while scanning.

• Schedule: Use the drop-down menu to choose the update frequency.
• Days: If your update interval is longer than daily, select which days of the week NinjaOne should perform the update. Devices are patched only on the days selected. If you do not select any days, NinjaOne will display an error message.
• Time and Time Zone: Select the time of day and the appropriate time zone to perform the update. By default, updates start at 5 P.M. local device time. This default only applies to new policies.
• Stagger over: Set a stagger interval to distribute patch installation times across your devices and avoid simultaneous updates. For more information, refer to NinjaOne Patch Management: Load Balancing Patch Installations With the Stagger feature.
• Run update immediately, if missed: Select this checkbox to run an update immediately.
• Pre-stage updates before the scheduled start: Select this checkbox to have NinjaOne prepare and position updates ahead of the scheduled update time.
• Maintenance mode: suppress Emails/SMS/Push notifications: Select this checkbox to prevent NinjaOne from sending alerts caused by actions occurring during the update (such as device reboots). You can refine this setting by selecting the Suppress condition alerts and Suppress notification channels checkboxes. Refer to NinjaOne Endpoint Management: Maintenance Mode for more information.

Choose how NinjaOne notifies users when NinjaOne needs to update software that cannot be patched in the background. Select from the following options:

• Notify the user, then close the software and update.
• Automatically close software and update.
• Do not close open software.

If you choose Notify the user, then close the software and update, you will be able to configure the following settings:

• Specify the prompt frequency, in minutes, between user prompts.
• Select the Force reboot after checkbox to set the number of prompts before NinjaOne automatically reboots the device.
• Select the Custom reboot dialog checkbox to replace the default prompt with your own text.

These settings let you specify reboot behavior after NinjaOne patches a device. You can configure settings for both logged-in and logged-out users.

Reboot options: Logged-in user:

Here you can configure the following settings:

• Prompt to reboot until reboot accepted: NinjaOne will display an on-screen prompt instructing the user to reboot and allow the update to complete.
  • Use the scheduling options to determine the prompt frequency.
  • Select the Force reboot after checkbox to set the number of prompts before NinjaOne automatically reboots the device.
  • Select the Custom reboot dialog checkbox to replace the default prompt with your own text.
• Notify the user, then reboot: Choose this option to send the user a notification, then automatically reboot the machine and complete the update. Refer to NinjaOne Endpoint Management: Notification Channels and Alerts for more information. Use the scheduling options to determine how long NinjaOne should wait before sending the notification and triggering the reboot.
• Automatically reboot: This option tells NinjaOne to simply reboot the device after the update installation completes. Use the scheduling options to determine how long NinjaOne should wait before rebooting the device.
• Do nothing: NinjaOne will not perform any automatic reboot actions on the device.
• Period: If you selected Prompt the user to reboot until reboot accepted, use these fields to specify the prompt frequency. Check the checkbox to force a reboot after a specific number of prompts.
• Reboot Dialog: Check this checkbox to add custom text to the reboot prompt.

Reboot options: Not logged in user:

Here you can configure the following settings:

• Attempt to reboot until successful: NinjaOne will keep trying to reboot the device, even if reboots fail, until it successfully completes the action. Use the scheduling options to determine the reboot attempt frequency.
• Reboot immediately: NinjaOne will reboot the device as soon as the update is ready.
• Do nothing: NinjaOne will take no action to reboot the device.

In this section, you can configure approval settings for all NinjaOne software not listed on the Software tab. Click the Critical patches and Recommended patches links to set NinjaOne to automatically approve, reject, or require manual approval for patches. The NinjaOne Agent defines these categories as follows:

• Critical: These patches address vulnerabilities that can be exploited by an unauthenticated remote attacker or that break guest or host operating system isolation, resulting in compromise without user interaction.
• Recommended: These patches have not been assigned a severity level.

Refer to NinjaOne Endpoint Management: The Software Inventory for more information.

Here, you can set NinjaOne to override your patching policy for specific patches. Click the link to open the Overrides list, then search for the patch name. Use the second drop-down menu to select whether to approve or reject the patch.

Examples of scenarios in which patches would appear in the Overrides section:

• If the category approval is set to Manual, and you then approve or reject the patch for the policy.
• If the category approval is set to Approve, and you then manually reject the patch for the policy.
• If the category approval is set to Reject, and you then manually approve the patch for the policy.

This option lets you automate the update process for WinGet-supported software.

• Select Update all available software to the latest version to set NinjaOne to update all applications that WinGet detects. This selection will bypass all application-specific approvals or rejections.
• If you select Attempt to update even if the current software's version is unknown, NinjaOne will update the applications even if it cannot discern their current version.

For more information, read WinGet (Windows Package Manager) Integration Guide.

Indicate which update engine is used to install or update the application (for example, NinjaOne or WinGet).

• NinjaOne: Fully managed by NinjaOne. We provide complete support for installation and update issues.
• WinGet: Uses Microsoft’s WinGet engine. Support is limited, as installation behavior is controlled by WinGet and the application vendor.