Distributing OS patches to Windows devices (for BigFix agents only)

Information for customers who use BigFix® or Unified Endpoint Management (UEM) for patch management (MaaS360® platform release 10.75 and earlier). The OS Patches (Windows) page lists the operating system patches that are missing from your Windows devices and the devices that currently have an active operating system patch scheduled for distribution to the device.

Before you begin

To distribute Java patches, follow these steps:
  1. Use your Oracle license to download the Java patches from the Oracle website at https://www.oracle.com/downloads/index.html.
  2. Upload the Java patches to the Enterprise Patch Repository server at Security > OS Patches (Windows) > Enterprise Patch Repository. Make sure the Enterprise Patch Repository server is publicly available and is updated with the latest Java patches.

About this task

Use the Patch Distribution action to schedule a time to distribute OS patches to individual Windows devices, a group of Windows devices, or to all Windows devices.

Procedure

  1. From the MaaS360 Portal Home page, select Security > OS Patches (Windows).
    A list of the patches that are missing for the Windows operating system is displayed. A patch record is displayed for devices that are missing OS patches or if an OS patch is scheduled for distribution to the device.
  2. From the Patch Name list, go to an OS patch and then click Distribute. The Distribute Patch window is displayed.
    Viewing an example of configuring Deployment Settings during patch distribution
  3. Click the Deployment Settings tab, and then configure the following options:
    Option Description
    Deploy Immediately Patch settings are immediately deployed to a device when MaaS360 determines that an OS patch is missing from a device.
    Distribute over Specific Period The OS patch is distributed to a device within a certain time period, such as 1 hour, 4 hours, 12 hours, or 1 day to avoid network latency. You can also distribute an OS patch immediately.
    Action Expiry (in days) The number of days until an OS patch Distribute action on a device automatically expires. OS patches are not distributed to a device if cumulative updates are enabled or the latest OS patch is applied to a device that includes or supersedes a previous OS patch. Leave this field blank to set the distribution to never expire.
  4. Click the Distribution tab, and then configure the following options:
    Viewing an example of configuring Distribution Settings during patch distribution
    Option Description
    Prompt for Restart The device is restarted after an OS patch is applied to a device. Note: Some patches might automatically restart a device after an OS patch is applied to the device.
    Restart Message Title The name of the restart message that notifies a user that a device must be restarted after an OS patch is applied to the device.
    Restart Message The message that is displayed to a user when a device is restarted after an OS patch is applied to the device.
    Allow Delay Restart The amount of time (configured in the Deadline for force restart option) before a device is restarted after an OS patch is applied to the device.
    Deadline for force restart The user is forced to restart a device after an OS is applied to the device.
    Distribute to The OS patch is distributed to a specific device, a device group, or all devices.
  5. Click Distribute.

Results

The OS Patch distribution for selected Windows devices is complete.

What to do next

Export the OS Patches (Windows) reports to a CSV file or as an Excel spreadsheet. The OS Patches (Windows) reports provide the overall status of patch compliance in the environment by listing all the OS patches that are missing from devices. The report also displays a count of all the devices that are missing specific OS patches. Click the link to display a list of devices that are missing a specific patch.