What's New

Patch deployments can be scheduled for endpoints identified as missing updates in automatically created Compliance Baseline Patch Groups. This capability helps remediate devices that did not receive their regularly scheduled patches due to unforeseen issues, such as being offline or experiencing network connectivity problems. For more information, see Continuous Compliance.

Checkpoints are lightweight, incremental Microsoft patches that deliver only code changes since the previous update. Ivanti Neurons for Patch Management consolidates checkpoint chains into a single deployment, requiring just one reboot. For more information, see Checkpoint Patch Chains.

Ivanti Neurons for Patch Management now supports exporting grid records for up to 100,000 endpoints. The export experience has been enhanced with filtering capabilities, notification tiles, and dedicated export status report pages. For more information, see Endpoint Vulnerability- Export.

Ivanti Neurons for Patch Management now supports Ubuntu 22.04 and Ubuntu 24.04. Added contentless support for scanning and deploying Ubuntu patches. See Supported Linux OS.

Ivanti Neurons for Patch Management now supports Red Hat Enterprise Linux (RHEL) 10. Added contentless support for scanning and deploying patches to RHEL 10. See Supported Linux OS.

Enhanced support for sideloading patches larger than 650 MB, allowing them to be uploaded and deployed without error.

All search bars now support partial string matching, making it easier to find results with incomplete or partial search terms.

Ivanti is announcing the End of Life (EoL) of the social engagement features in Ivanti Neurons for Patch Management. These features will be removed from the product as part of ongoing efforts to streamline functionality and focus on capabilities that provide the most value to customers. For more information, see EOL of social engagement features.

Directly from the Patches tab in the Deployment History and Ring Deployment pages, administrators may now select one or more advisories and add them to a patch group without needing to navigate to the Patch Intelligence page.

Microsoft’s Malicious Software Removal Tool (MSRT) is a commonly used security utility that helps detect and remove prevalent malware from Windows endpoints. Ivanti Neurons for Patch Management enables administrators to deploy MSRT directly from the console, enabling the delivery of the Security Tool as part of regular patch cycles.

To assist administrators with tracking and achieving patch compliance objectives, Ivanti Neurons for Patch Management will dynamically curate a Compliance Baseline patch group that includes all patches that have been scheduled for deployment. A new option has been added to Compliance Reporting enabling reports to be generated against this Compliance Baseline. Organizations may use this report as a key metric for gauging the overall success of their patch deployment performance.

Learn more about Continuous Compliance Reporting at Compliance Baseline Patch Groups

The initial release of Ring Deployments supported a phased rollout of patches over a period of 30 days. To support organizations with rollout requirements greater than a month, Ring Scheduling now extends to a maximum of 90 days and supports individual soak time of up to 28 days for each Ring.

Multiple Ring rollouts now operates consecutively, allowing a Ring that has successfully completed a deployment to initiate a new rollout while the previous rollout still deploys on later rings.

Learn more about Multiple Concurrent Ring Rollouts in Configuration Behavior.

Previously, devices needed to be individually added to specific Rings when employing a Ring Deployment. With this release, administrators can optionally assign whole device groups to Rings. Devices that are later added to a device group automatically populate the associated Ring.

Learn more about Dynamic Ring Assignment in Ring Deployments.

Administrators now have the option to simultaneously rollback to a previous version of a patch that was successfully installed on multiple devices. This eliminates the need to individually rollback a bad patch on each affected device independently.

Learn more about Multi-Device Patch Rollback in Device details.

A new icon is added next to device names in console pages to indicate if that device is a member of a device group. A numerical value is also provided next to the icon to identify the number of device groups to which the device is a member. When the icon or number is selected, a searchable overlay is presented displaying the associated device groups.

Learn more about Device Groups in Deployment History.

In the console Device page > Patches tab, administrators can now select one or more advisories and add them to a patch group without needing to navigate to the Patch Intelligence page.

Learn more about Patch Groups

Reports generated for Patch Management now respect device scopes assigned to users. When a user creates a report, it is automatically scoped based on their assigned device access.

Learn more about Device Scopes in Patch Management Reports.

Reporting Access Controls have been updated for Patch Management, External Attack Surface Management (EASM), and Audit Trails. Users with View permission can only access reports they have generated or reports that have been explicitly shared with them. To share reports with other users, new Share permission is required.

Learn more about Permissions and Roles in Reports.

Two OOTB Patch Management report templates, Deployment History (Summary) and Deployment History (Detailed) now include new columns and sections detailing successful patch rollbacks.

Learn more about Deployment Status in Patch Management Reports.

Ivanti Neurons now supports Patch management for Windows ARM64 devices and ARM64 products. Ivanti Neurons for Patch Management runs natively on ARM64 devices. Patch Settings must be updated and made active to enable ARM targeting. Navigate to Patch Management > Patch Settings.

Learn more about ARM64 support in Operating System Compatibility Matrix.

The latest enhancement to Preferred Server adds a synchronization service to ensure that the necessary patches are copied to designated shares within your environment to stage patches in predictable locations and reduce network traffic in bandwidth constrained environments.

Learn more about Patch Settings.

The integration of User Surveys into the Ring Deployment experience allows for quick user interaction directly in the patch experience to determine how the overall update worked and identify when those downstream issues are occurring.

Learn more about User Survey in Bots and Ring Deployments.

Device scopes support is now available for Neurons for Patch Management. You can perform various operations on Patch Management based on RBAC, against the set of devices limited by scopes.

Learn more about Access Control: Scopes.

This release introduces the ability to create custom report templates. You can define templates by selecting the dataset and choosing the fields to include. Once a template is saved, reports can be generated using the existing report generation flow. This feature provides more flexibility in tailoring reports to your specific needs. CSV and Excel output format are supported.

Learn more about Creating Custom Templates.

The integration of Maintenance Windows into the Patch Management experience allows administrators to define Maintenance Windows where changes are allowed and configure features like Ring Deployment to use the Maintenance Window instead of the current scheduling options.

Learn more about Maintenance Windows configuration in Configuration Behavior

The ability to uninstall a patch has been added to allow for select updates to be rolled back for troubleshooting and recovery purposes.

Learn more about Rollback.

This release expands the user actions that are visible in the Audit feature of the platform allowing for more visibility into the changes and updates made by administrators across the patch experience.

Learn more about Audit Trails.

Ivanti Neurons for Patch Management on Intune now supports ARM devices. Devices with ARM Processor need to be updated on a regular basis to reduce security risks and improve operational efficiencies.

Device scopes now applies to Neurons for Patch Management. Users can perform various operations on Patch Management based on RBAC, within the set of devices limited by scopes.

Learn more about Access Control: Scopes.

Patches can now be deployed and tested in a small set of devices within a ring before being rolled out (promoted) to a larger set of devices in production. Patch configuration under routine maintenance can be enabled for ring deployment, with the options for manual and automated promotion, along with the ability to continuously track a rollout. This phased approach helps identify potential issues early and ensures smoother and predictable patch management across the organization.

Learn more about Ring Deployments.

Neurons for Patch Management now supports Amazon Linux. Contentless patching for both security and non-security related patches can be applied in Amazon Linux 2023 and Amazon Linux 2.

Learn more about Operating System Compatibility Matrix.

In addition to on-demand reports, you can now schedule recurring reports with flexible daily, weekly, and monthly options. Start and end dates can be specified for each schedule. The Reports list is updated with new columns to display the schedule, last run, and next run.

Now, you can also view the run history of each report instance under Report Details.

Learn more about Reports

When generating a report, you can now specify Neurons Platform members to receive it by email. If the file size is within the limit, the report is sent as an attachment; otherwise, recipients are directed to the Reports page to download.

Distribution details are available under Report Details.

Learn more about Reports

This release includes several enhancements to existing report templates:

• New filter options to display only failed deployments in Deployment > Summary and Deployment > Detailed reports.

• Deep linking to device, patch, advisory, and CVE details.

• New icon to indicate superseded patches in selected templates.

• Unique device count added to the report overview in selected templates.

Learn more about Reports

A new out-of-the-box Patch Management Dashboard is now available. This dashboard includes curated charts covering endpoint vulnerability, patch intelligence, and deployment history, providing a consolidated view of your patching posture in a single dashboard.

We are releasing six new OOTB Report Templates:

• Devices by Patch Detailed
• Patches by Device Detailed
• Devices by CVE Summary
• Devices by CVE Detailed
• Deployment Detailed
• Monthly Maintenance

The Devices by CVE Summary report offers a vulnerability-centric view of your environment, highlighting affected devices for better risk assessment and level of exploit impact. The Monthly Maintenance report tracks Regular Maintenance, Priority Updates, and Zero-day Response activities over different time periods. Our four new detailed reports provide a deeper, more granular analysis compared to summary-level reports, giving you comprehensive insights into your patching and vulnerability landscape.

Learn more about Reports.

Filtering capabilities are now enhanced allowing you to easily filter reports to display only missing patches. This improvement streamlines report generation, helping you quickly identify and address gaps in your patching process.