Patch Management
Ivanti Neurons for Patch Management is a cloud patching solution. It combines the real-time insights of the Ivanti Neurons Platform with the asset information of Ivanti Neurons for Discovery and the actionable intelligence for risk-based prioritization to drive an adaptive security strategy. Comprehensive patch management capabilities are provided for your Windows, macOS, and Linux devices and includes the ability to patch products from both Microsoft, Apple and third-party vendors.
To access Ivanti Neurons for Patch Management, navigate to Patch Management in the Ivanti Neurons Platform.
Ivanti Neurons for Patch Management comprises the following components, depending on your license:
- Compliance Reporting: Enables you to determine your current compliance status and see how you are trending over time.
- Deployment History: Provides a way to view the status of recent deployment operations. You can zero in on exceptions and quickly troubleshoot any issues.
- Endpoint Vulnerability: Provides a central view of device patching for your environment with device health and risk-based metrics.
- Patch Intelligence: Gathers and aggregates data to help manage, prioritize and streamline patching in your environment. It provides a clear picture of your threat landscape with prioritized, risk-based metrics.
- Patch Settings: Enables you to configure patch configurations and patch groups for the cloud patch management workflow. A default configuration that remediates all critical security patches can be used to quickly get you started, or you can create a custom patch configuration to meet the unique compliance thresholds in your organization.
- Patch for Intune: Extends Microsoft Intune implementations to include third-party product management capabilities.
Be sure you have the Access Control needed to use Patch Management.
Requirements
There are a number of requirements to use Patch Management.
Required URLs, IP addresses and ports
You must add a number of web URLs to your firewall, proxy and web filter exception lists. The URLs are used to download patch content from third-party vendors.
For the complete list of URLs that you should add, see Required URLs, IP addresses and ports.
Microsoft Windows and Microsoft Office
To successfully deploy patches with the Ivanti Neurons Agent to Windows devices, do not disable the Windows Update service, but set it to either Manual or Automatic. In addition, set the Windows Update setting on each target device (Control Panel > System and Security > Windows Update > Change settings) to Never check for updates. For more information, see this article on the Ivanti Community.
If you are patching Office 2019 or Office 365 that use Click-to-Run technology, see How Ivanti patches Office Click-to-Run installations on the Ivanti Community (opens in a new window) for information about how Patch for Neurons patches these installations.
macOS
For Apple Silicon Macs and Intel Macs with the Apple T2 chip, Ivanti Neurons for Patch Management needs a role account to manage operating system patches on the device. This means that when Ivanti Neurons for Patch Management first deploys an operating system patch to a device of this type, a dialog appears asking the local administrator to create an administrative role account for Ivanti Neurons to use on the device. Instructions are provided on screen. If you have FileVault enabled, the administrative role account you create will appear on the login screen after reboot.