Already a NinjaOne customer? Log in to view more guides and the latest updates.

Windows Third-Party Software Patch

reviewed by Ian Crego
  • Last Updated December 2, 2025

Topic 

This article discusses patch management for third-party Microsoft Windows applications in NinjaOne. It also explains how to activate, configure, and view patching activity.

Environment

  • NinjaOne Patching
  • Microsoft Windows

Description

NinjaOne Patch Management allows you to create patching policies that automatically scan for and apply new software patches for your Linux endpoints. 

 

Patch Management: Windows 3rd Party Software Patch Management (NinjaOne Inc. 02:30)

Select a topic to continue.

Patching Considerations

  • If a patch requires a reboot that has not yet been performed on a device, as specified in the reboot options, a Pending Reboot icon will be displayed on the device. Refer to Pending Reboots for more information.
  • If a reboot is pending, the patch scan and apply functions will not occur for this device until the reboot is completed and the Pending Reboot message is no longer displayed.

Enabling Software Patch Management

You must enable software patch management before you can use it to manage the patching of third-party applications. 

Important Note: Software patch management is currently only available for Windows devices and is therefore only an option in Windows policies.  
  1. In NinjaOne, click AdministrationPolicies, then choose a Windows policy from the Agent policies list.
Win3PP_UI_EnableNav.png
Figure 1: Administration → Agent policies (click to enlarge)
  1. Click the Software patching configuration tab, then click the Enable software patching toggle switch.
Win3PP_UI_EnableToggle.png
Figure 2: Enabling software patching (click to enlarge)

Configuring Software Patching Settings 

Options in the Settings tab include scanning and patching, required software installation, and maintenance. When you finish your configuration, click Save to apply the new settings.

Win3PP_UI_GeneralOptions.png
Figure 3: Software patching → Settings (click to enlarge)

General Settings Explained

Use the table below to learn more about each setting. 

SettingDescription
Scan schedule

This parameter set determines when the device will scan for available new patches. 

  • Schedule: Use the drop-down menu to choose the scan frequency.
  • Days: If your scan interval is longer than daily, select which days of the week the system should perform the scan. Devices are patched only on the days selected. If you do not select any days, the system will display an error message.
  • Time and Time Zone: Select the time of day and the appropriate time zone to perform the scan. By default, scans start at 8 A.M. local device time and updates start at 5 P.M. local device time. These defaults only apply to new policies.
  • Stagger over: Set a stagger interval to distribute patch installation times across your devices and avoid simultaneous updates. For more information, refer to NinjaOne Patch Management: Load Balancing Patch Installations With the Stagger feature.
  • Scan immediately: Select this checkbox to run a scan immediately upon saving your settings.
  • Apply immediately: Select this checkbox to have the system apply patches immediately when it finds them in a scan. 
Update schedule

These settings specify when NinjaOne should apply the updates found while scanning. 

  • Schedule: Use the drop-down menu to choose the scan frequency.
  • Days: If your update interval is longer than daily, select which days of the week the system should perform the update. Devices are patched only on the days selected. If you do not select any days, the system will display an error message.
  • Time and Time Zone: Select the time of day and the appropriate time zone to perform the scan. By default, scans start at 8 A.M. local device time and updates start at 5 P.M. local device time. These defaults only apply to new policies.
  • Stagger over: Set a stagger interval to distribute patch installation times across your devices and avoid simultaneous updates. For more information, refer to NinjaOne Patch Management: Load Balancing Patch Installations With the Stagger feature.
  • Run update immediately, if missed: Select this checkbox to run an update immediately.
  • Pre-stage updates before the scheduled start: Select this checkbox to have the system prepare and position updates ahead of the scheduled update time.
  • Maintenance mode: suppress Emails/SMS/Push notifications: Select this checkbox to prevent NinjaOne from sending alerts caused by actions occurring during the update (such as device reboots). You can refine this setting by selecting the Suppress condition alerts and Suppress notification channels checkboxes. Refer to NinjaOne Platform: Maintenance Mode for more information. 
Update notifications

Choose how NinjaOne notifies users when the system needs to update software that cannot be patched in the background. Select from the following options:

  • Notify the user, then close the software and update.
  • Automatically close software and update.
  • Do not close open software.

If you choose Notify the user, then close the software and update, you will be able to configure the following settings:

  • Specify the prompt frequency, in minutes, between user prompts.
  • Select the Force reboot after checkbox to set the number of prompts before NinjaOne automatically reboots the device.
  • Select the Custom reboot dialog checkbox to replace the default prompt with your own text.
Reboot options

These settings let you specify reboot behavior after NinjaOne patches a device. You can configure settings for both logged-in and logged-out users.

If an end user interacts with a reboot prompt, NinjaOne will display an activity in the activity feed. Refer to Device and System Activity Notification Feed for more information.

Reboot options: Logged-in user

Here you can configure the following settings:

  • Prompt to reboot until reboot accepted: NinjaOne will display an on-screen prompt instructing the user to reboot and allow the update to complete.
    • Use the scheduling options to determine the prompt frequency.
    • Select the Force reboot after checkbox to set the number of prompts before NinjaOne automatically reboots the device.
    • Select the Custom reboot dialog checkbox to replace the default prompt with your own text.
  • Notify the user, then reboot: Choose this option to send the user a notification, then automatically reboot the machine and complete the update. Refer to NinjaOne Platform: Notification Channels for more information. Use the scheduling options to determine how long NinjaOne should wait before sending the notification and triggering the reboot.
  • Automatically reboot: This option tells NinjaOne to simply reboot the device after the update installation completes. Use the scheduling options to determine how long NinjaOne should wait before rebooting the device.
  • Do nothing: NinjaOne will not perform any automatic reboot actions on the device.
  • Period: If you selected Prompt the user to reboot until reboot accepted, use these fields to specify the prompt frequency. Check the checkbox to force a reboot after a specific number of prompts.
  • Reboot Dialog: Check this checkbox to add custom text to the reboot prompt.

Reboot options: Not logged in user

Here you can configure the following settings:

  • Attempt to reboot until successful: NinjaOne will keep trying to reboot the device, even if reboots fail, until it successfully completes the action. Use the scheduling options to determine the reboot attempt frequency. 

  • Reboot immediately: NinjaOne will reboot the device as soon as the update is ready.

  • Do nothing: NinjaOne will take no action to reboot the device. 

ApprovalsIn this section, you can configure approval settings for all NinjaOne software not listed on the Software tab. Click the Critical patches and Recommended patches links to set NinjaOne to automatically approve, reject, or require manual approval for patches. Refer to NinjaOne Dashboards: Patching Software Inventory for more information.
Approval overrides

Here, you can set NinjaOne to override your patching policy for specific patches. Click the link to open the Overrides list, then search for the patch name. Use the second drop-down menu to select whether to approve or reject the patch.  

Examples of scenarios in which patches would appear under the Overrides section:

  • If the category approval is set to Manual, and you then approve or reject the patch for the policy.
  • If the category approval is set to Approve, and you then manually reject the patch for the policy.
  • If the category approval is set to Reject, and you then manually approve the patch for the policy.
winget

This option lets you automate the update process for WinGet-supported software.

  • Select Update all available software to the latest version to set NinjaOne to update all applications that WinGet detects. This selection will bypass all application-specific approvals or rejections.

  • If you select Attempt to update even if the current software's version is unknown, the system will update the applications even if it cannot discern their current version. 

For more information, read our WinGet (Windows Package Manager) Integration Guide.

Software Tab Actions and Settings

The Software tab is where you can select which applications you would like to include in NinjaOne's third-party patching. From here, you can also configure approval settings for critical and recommended patches and specify if you wish to use the current policy when installing the updates. 

When you enable software patching for a product, NinjaOne downloads all updates for that product on the machines affected by the policy. Those updates remain downloaded as long as third-party software patching is enabled for that product.

Adding Software to the Scheduled Patching List

To add new software to be installed and patched: 

  1. On the policy configuration page, navigate to Software patchingSoftwareAdd software.
Win3PP_UI_AddSoftware.png
Figure 4: Software patching → Software → Add software (click to enlarge)
  1. Select the checkbox for any new software, then click Add
Win3PP_UI_SoftwareLibrary.png
Figure 5: The Software library (click to enlarge)

Editing Patching Settings For Added Software

After adding new software, you can configure the approval and install settings for each patch type. 

  1. Select the software (or choose Select All), then click Edit.
Win3PP_UI_SelectEdit.png
Figure 6: Editing added software (click to enlarge)

In the Edit Software dialog box, configure the following options:

  • Critical patches: Select Approve, Manual, or Reject. Refer to the Patch Approval Options section of this article to learn more.
  • Recommended patches: Select Approve, Manual, or Reject. Refer to the Patch Approval Options section of this article to learn more.
  • Install application if not present: After adding software, you can configure NinjaOne to automatically install many supported applications if they are not already found on devices in the policy. Choose Yes to automatically install the application on machines where it is missing. If you select No, the installer for that software shows in the Rejected Software tab. You can approve it at a later time.
  • Enable self-service: This option makes the application available to allowed end users in the End User portal. The end users must be the assigned owners of the applicable devices.
Win3PP_UI_EditSoftwareModal.png
Figure 7: The Edit Software dialog box (click to enlarge)

Patch Approval Options

You can choose one of three options for Critical and Recommended patches:

  • Approve: Automatically approves all patches for the next update cycle.
  • Manual: Patches in this category appear in a "pending" state, requiring manual approval or rejection (for either the devices or the entire policy).
  • Reject: Automatically rejects all patches for that category.

Viewing Patch Scan and Installation Attempts

Viewing by Status in the System Dashboard

You can view patches found and patches installed in the dashboard's PatchingSoftware patches tab. Use the flyout menu to filter by patch status (Pending, Approved, Rejected, Installed, or Failed). Once a patch has attempted to install during an update cycle, you can view its details in the Software tab of the dashboard.

Win3PP_UI_SoftwareTab.png
Figure 8: Dashboard → Patching → Software patches (click to enlarge)

Viewing Patches by Release Date

Check the Release date column to learn the patch release date. If the manufacturer does not provide the release date, NinjaOne will use the first detected date instead.

Win3PP_UI_PatchReleaseDate.png
Figure 9: The Release Date column in the patch list (click to enlarge)

Viewing Applicable Devices for a Patch

At the System or Organization dashboard level, you can click the number in the Devices column to generate a list of the devices to which the patch status applies. For example, clicking the number for a patch in the Approved tab shows the devices for which it is approved (but not yet installed). 

Win3PP_UI_ClickNumber.png
Figure 10: Dashboard → Pending patches (click to enlarge)

Viewing Installed Applications

  1. Once configured, the applications will appear when you select Expand All. An 'N/A' install status indicates that the manufacturer does not support installation for that software. Refer to the list of supported products below for more information on which options support installations.

    3PP_UI_NASoftware.png
    Figure 11: Unsupported software in the Software list (click to enlarge)

Manually Scanning For or Applying Updates

On a Single Device

You can run a manual patch scan and update cycle on demand from any endpoint. To do so, navigate to the Device Overview, place your cursor over the Play action button, and select PatchingSoftware scan (to scan for new patches) or Software update (to apply existing patches).

Win3pp_UI_SingleDev.png
Figure 12: Run → Patching → Software update (click to enlarge)

On Multiple Devices

To scan and apply patches on multiple devices:

  • The devices must be the same type.
  • Software patch management must be enabled for the policy that governs the device.
  • Selected devices must be online.

Procedure

  1. In the Devices tab, select the checkboxes for the devices on which to run the scan and update cycle.
  2. Place your cursor over the Run button, then select PatchingSoftware UpdateSoftware scan (to scan for new patches) or Software update (to apply existing patches). NinjaOne will show the third-party patching status at the device level. If you have patches set to approve or reject manually, you can take those actions from the device overview.
PatchingWin3pp_MultipleDevs.png
Figure 13: Patching → Software Update (click to enlarge)

Supported Third-Party Software

ManufacturerSoftwareSupports InstallSupports Background Updates
Adobe Systems, IncAcrobatNoYes
Adobe Systems, IncDigital EditionsYesNo
Adobe Systems, IncReaderYesYes
Amazon

Correto.

If you enable patching for Amazon Corretto, machines under the policy that currently have Oracle JDK SE 8 installed will automatically be upgraded to the latest version of Corretto.

YesNo
Apache Software FoundationOpenOfficeYesNo
Apple Inc.BonjourYesNo
Apple Inc.Mobile Device SupportYesNo
Apple Inc.iTunesYesNo
Audacity Team, TheAudacityYesNo
Box, Inc.Box SyncNoNo
Canneverbe LimitedCDBurnerXPYesNo
Cisco Systems, Inc.WebEx Productivity ToolsYesNo
Citrix Systems, IncGoToMeetingYesNo
Document Foundation, TheLibreOfficeYesYes
Dominik ReichlKeePassYesNo
Don HoNotepad++YesNo
dotPDN LLCPaint.NETNoNo
Dropbox Inc.DropboxYesNo
Evernote CorporationEvernoteYesNo
Foxit CorporationEnterprise ReaderYesNo
Foxit CorporationPhantomPDFNoNo
Foxit CorporationReaderYesNo
GIMP Development Team, TheGIMPYesNo
GlavSoft LLC.TightVNCYesNo
Google Inc.ChromeYesYes
Google Inc.Earth ProYesNo
Igor Pavlov7-ZipYesNo
Inkscape Team, TheInkscapeYesNo
Jens KlingenGreenshotYesNo
Martin PrikrylWinSCPYesNo
Microsoft Corp..NET FrameworkNoNo
Microsoft Corp.ASP.NET Web FrameworksNoNo
Microsoft Corp.Exchange Server 2007NoNo
Microsoft Corp.Exchange Server 2010NoNo
Microsoft Corp.Exchange Server 2013NoNo
Microsoft Corp.Exchange Server 2016NoNo
Microsoft CorpExchange Server 2019NoNo
Microsoft Corp.Forefront Endpoint Protection 2010NoNo
Microsoft Corp.Internet ExplorerNoNo
Microsoft Corp.LyncNoNo
Microsoft Corp.Microsoft Advanced Threat AnalyticsNoNo
Microsoft Corp.Microsoft Azure Information Protection ClientNoNo
Microsoft Corp.Microsoft Azure Site Recovery ProviderNoNo
Microsoft Corp.Microsoft Dynamics CRM 2011NoNo
Microsoft Corp.Microsoft Dynamics CRM 2013NoNo
Microsoft Corp.Microsoft Dynamics CRM 2015NoNo
Microsoft Corp.Microsoft Dynamics CRM 2016NoNo
Microsoft Corp.Microsoft Dynamics CRM 2016 SHSNoNo
Microsoft Corp.Microsoft EdgeYesYes
Microsoft Corp.Microsoft Lync 2010NoNo
Microsoft Corp.Microsoft Lync Server 2010NoNo
Microsoft Corp.Microsoft Lync Server 2013NoNo
Microsoft Corp.Microsoft Monitoring AgentNoNo
Microsoft Corp.Microsoft SQL Server 2008No No
Microsoft Corp.Microsoft SQL Server 2008 R2NoNo
Microsoft Corp.Microsoft SQL Server 2012NoNo
Microsoft Corp.Microsoft SQL Server 2014NoNo
Microsoft Corp.Microsoft SQL Server 2014-2016 Product Updates for SetupNoNo
Microsoft Corp.Microsoft SQL Server 2016NoNo
Microsoft Corp.Microsoft SQL Server 2017NoNo
Microsoft Corp.Microsoft SQL Server 2019NoNo
Microsoft Corp.Microsoft SQL Server 2022NoNo
Microsoft Corp.Office 2003NoNo
Microsoft Corp.Office 2007NoNo
Microsoft Corp.Office 2010NoNo
Microsoft Corp.Office 2013NoNo
Microsoft Corp.Office 2016NoYes
Microsoft Corp.Office 2019NoYes
Microsoft Corp.Office 2021NoYes
Microsoft Corp.Office 2024NoYes
Microsoft Corp.Office 365NoYes
Microsoft Corp.Office Live MeetingNoNo
Microsoft Corp.SQL Server 2008NoNo
Microsoft Corp.SQL Server 2008 R2NoNo
Microsoft Corp.SQL Server 2014-2016 Product Updates for SetupNoNo
Microsoft Corp.Service Bus for Windows Server 1.1NoNo
Microsoft Corp.SilverlightNoNo
Microsoft Corp.SkypeYesNo
Microsoft Corp.Skype (Business)NoNo
Microsoft Corp.Skype for Business Server 2015NoNo
Microsoft Corp.System Center 2012 R2 - Operations ManagerNoNo
Microsoft Corp.System Center 2012 R2 - OrchestratorNoNo
Microsoft Corp.System Center 2012 R2 - Virtual Machine ManagerNoNo
Microsoft Corp.System Center 2012 SP1 - Operation ManagerNoNo
Microsoft Corp.System Center 2012 SP1 - Virtual Machine ManagerNoNo
Microsoft Corp.System Center 2016 - Operations ManagerNoNo
Microsoft Corp.System Center 2016 - OrchestratorNoNo
Microsoft Corp.System Center 2016 - Virtual Machine ManagerNoNo
Microsoft Corp.Visual BasicNoNo
Microsoft Corp.Visual StudioNoNo
Microsoft Corp.Visual Studio 2010NoNo
Microsoft Corp.Visual Studio 2010 Tools for Office RuntimeNoNo
Microsoft Corp.Visual Studio 2012NoNo
Microsoft Corp.Visual Studio 2013NoNo
Microsoft Corp.Visual Studio CodeYesNo
MozillaFirefoxYesYes
MozillaFirefox (ESR)YesYes
MozillaSeaMonkeyYesNo
MozillaThunderbirdYesNo
Opera Software ASAOpera BrowserYesNo
Pidgin TeamPidginYesNo
Piriform LtdCCleaner (Business)YesNo
RealNetworks, IncRealPlayer YesNo
RealVNC Ltd.ServerYesNo
RealVNC Ltd.ViewerYesNo
Simon TathamPuTTYYesNo
Stefan KüngTortoiseSVNYesNo
TechSmithSnagitNoNo
Tim KosseFileZilla ClientYesNo
Tim KosseFileZilla ServerYesNo
UltraVNCServerYesNo
UltraVNCViewerYesNo
VMware, Inc.Horizon View ClientYesNo
VMware, Inc.PlayerYesNo
VMware, Inc.VMware ToolsNoNo
VMware, Inc.WorkstationYesNo
VideoLANVLC media playerYesNo
win.rar GmbHWinRARYesNo
Wireshark FoundationWiresharkNoNo
Zoom Video CommunicationsZoom Client for MeetingsYesNo

Additional Resources

For a list of frequently asked questions about 3PP, refer to 3rd Party Software Patch Management: FAQ.

FAQ

Next Steps