Patch Settings

The Patch Settings component enables you to configure settings for the cloud-native patch process. This component contains the following:

  • Configurations tab: Enables you to view existing patch configurations and to add new configurations for use with patch deployments. You can use the default configuration to quickly get started, and you can specify your own custom configurations. Creating several configurations gives you the flexibility to assign different patch configurations to different agent policies.
  • Patch Groups tab: Enables you to add new patch groups and to manage existing patch groups. A patch group contains a particular set of patches that is used in deployment operations.


A configuration defines many characteristics of a patch deployment. You can specify what patches are deployed, whether a reboot will be requested of the target device, when the deployment occurs, and more. You may choose to use the default configuration behavior, which will deploy all critical security patches for Windows, or you can create your own unique configurations.

For information about creating a new patch configuration, see Creating a Custom Patch Configuration.

Patch Groups

A patch group is a collection of one or more patches. Patch groups are used to deploy a particular set of patches.

Example: Suppose your organization has a patch approval process under which you have certified four patches as being mandatory for your organization. By creating a patch group that contains only those four patches, you can be certain that those specified patches will be deployed.

Related topics

Patch Management Overview

Endpoint Vulnerability

Patch Intelligence

Deployment History