The following features and improvements were introduced in Ivanti Patch for Configuration Manager 2023.4.
Download Status shown in the Updates grid
You can now add a new column, Is Downloaded, to the Updates grid. This column identifies updates that have been downloaded to the file system, but not published to WSUS. This is particularly useful if you have set up your environment for offline downloads. For more information, see Understanding the Information in the Grid.
Product icons in title bars and the Ivanti Patch folder in Configuration Manager have been updated.
The following features and improvements were introduced in Ivanti Patch for Configuration Manager 2023.2.
Storage Folder Cleanup
In Microsoft Configuration Manager, the WSUS cleanup tasks on the Software Update Point Component properties window can remove updates from the WSUS database and the WSUSContent folder, but do not clean up the UpdateServicesPackages folder. You can now selectively remove orphaned folders in the UpdateServicesPackages folder from the General tab of the Settings dialog to clean up this area. For more information, see General Tab.
New custom roles
Previously, users needed to be assigned the Full Administrator built-in role in Configuration Manager before they could use Ivanti Patch for Configuration Manager. Running the Data Migration Tool as part of the upgrade to V2023.2 adds two new custom roles to Configuration Manager that you can now use in place of the Full Administrator role:
- 3rd Party Patch Administrator: provides all permissions required for patching
- 3rd Party Patch Read-Only User: provides read-only permissions for the 3rd party patch tool
After running the Data Migration Tool for V2023.2 we recommend you assign your users to the appropriate custom role in Configuration Manager.
The following features and improvements were introduced in Ivanti Patch for Configuration Manager 2023.1.
Ivanti Patch for MEM has been renamed to Ivanti Patch for Configuration Manager. This is being done to reflect the shift in Microsoft's marketing that uses the Configuration Manager brand for on-premise products and the Intune brand for cloud products.
Configuration Checker Enhancements
Further enhancements have been made to the Configuration Checker: checks for access to the Remote Server Administration Tools, for access to all users in Active Directory, and that the WSUS content is correctly configured.
Publish Updates by CVSS Score
A new column, CVSS, has been added to the grid on the Updates workspace that shows the highest CVSS score associated with the update. You can now create SmartFilters and Composite Filters based on CVSS scores, which you can then use in Automation Scheduler to automatically publish updates for CVEs. For more information, see Understanding the Information in the Grid, Using the Filters, and Automatically Publishing Updates for CVEs.
You can now filter by human readable download sizes (for example 40 MB, 1 GB)
The following features and improvements were introduced in Ivanti Patch for MEM 2022.4.
Check All Option
The Check All option was added to the Updates and Published Third-Party Updates workspaces. The option enables you to check all updates that are currently listed in the Patch for MEM grid. This option is also available by right-clicking an update in the workspace. For more details on the Patch for MEM toolbar, see Toolbar Buttons.
New Control over Alert Notifications
The Always send alerts, regardless of active status option was added to Ivanti Patch for MEM Settings > General tab. The option enables alerts to be sent whether or not they were previously manually dismissed. By default, when receiving alert notifications, users need to log into the system, dismiss the alert, and save the changes if they want to receive any future alerts. The new option overwrites the default behavior and enables users to receive alerts as they occur. For more details, see Configuring Your Patch for Configuration Manager Settings.
The following features and improvements were introduced in Ivanti Patch for MEM 2021.4.1.
Automated Compliance-Based Deployment Flow
You can create an automated task that will detect updates that were previously published as metadata-only and that Microsoft Endpoint Configuration Manager has reported as missing from your client machines. Updates that fit these two characteristics will be published as full content and optionally deployed to your endpoints. This feature uses compliance data that is garnered from Microsoft Endpoint Configuration Manager.
Configuration Checker Enhancement
The Configuration Checker can now detect issues where the account being used does not have the appropriate Active Directory permissions necessary to complete the checks. Prior to this enhancement, running the Configuration Checker would sometimes yield false failed checks. With this enhancement, the checks will provide a more accurate assessment of the system requirements.
Enhancement to the CVE Import Process
Additional data is now available that provides enhanced support for the management of Common Vulnerabilities and Exposures (CVEs). Specifically, two new columns named Product and Vendor columns are now available on the Import CVEs dialog and can be used prior to the creation of the smart filter during the CVE import process.
SMTP Server Credentials
You are now able to provide account credentials for the SMTP server configured in Microsoft Endpoint Configuration Manager. If necessary, the credentials you specify will be used to authenticate to the server when sending email notifications for alerts that have been triggered.
Calendar Context Menu Improvements
The context menus for both the Automation Scheduler and the Scheduled Deployments calendars have been improved. A number of menu options that were always disabled have been removed, resulting in a cleaner menu.
Automatic Download Retries
Ivanti Patch for MEM will now automatically retry downloads of updates when there is an error during the download. This can help to prevent publication failures when a connection isn’t perfect.
Certain dialogs require a UNC path to a file or directory in order to function correctly. This requirement is clarified in the user interface in a number of places.
Improved Endpoint Count
When an endpoint has been inactive for 90 days or more, or when the endpoint is reported as decommissioned, the endpoint will not be counted as managed by Ivanti Patch for MEM.
The following features and improvements were introduced in Ivanti Patch for MEM 2021.1.
History View for Scheduled Tasks
Within Automation Scheduler, you can view the history of any of your automated tasks. You can access the history from the Automation Scheduler calendar or while editing a scheduled task.
Microsoft Intune Integration Enhancements
The synchronizing third-party applications functionality has moved from the Application Management workspace to the Automation Scheduler. The ability to specify which applications to import and the cadence at which the applications are checked for updates is now all contained within the same scheduled task. This enhancement will greatly streamline and automate your workflow. In addition, the ability to sideload applications is also new.
Streamlined Deployment Enhancements
The ability to specify deployment information has been added to all publication locations in the Automated Scheduler, effectively building on the streamlined deployment capability that was introduced in version 2020.2, This further automates your key work flows, enabling you to define both your publication and deployment options all in one scheduled task. Any deployments that you automate can be tracked using the Scheduled Deployments calendar.
Automated scheduled task delay
You are now able to delay a scheduled task by a specified number of days. This enables you to schedule a task to run a few days after a regular monthly event, such as Microsoft's Patch Tuesday.
Support for Additional Third-Party Applications
The Application catalog now contains additional third-party applications that are available for import to Microsoft Endpoint Configuration Manager and/or Microsoft Intune.
Support for v3 Catalogs (available in Patch for MEM 2021.1 Update 2)
If you are using a v3 catalog, Microsoft Endpoint Configuration Manager enables you to choose which categories within a third-party catalog to synchronize into Configuration Manager, rather than always synchronizing all of the content in the catalog. Patch for MEM provides support for v3 catalogs by adding the following:
- A new Category column in the Updates grid.
- A new Category data point that can be configured when creating a custom Smart Filter. This provides additional flexibility when using the Smart Filter within an automated task.
User Experience Improvements
- The Application Management functionality has moved to the Synchronize Applications button in the Automation Scheduler workspace.
- The Settings dialog has been simplified:
- Proxy information is now configured on the new General tab.
- The Configuration Checker has been relocated to the new General tab.
- Metadata options are now configured on the new General tab.
- Information about the number of endpoints that Patch for MEM has published updates to in the last three months is displayed on the About tab.
- The ability to choose which catalogs to use has moved to the Catalogs button, consolidating all catalog-related information in one area.
- You can now import multiple catalogs at the same time.
- Three new columns have been added to the Alert History grid: Related CVEs, Task ID and Task Type. In addition, it is now possible to change the number of days that alerts are stored in the database.
- The ability to individually select CVEs during the import process.
- The option to automatically subscribe to WSUS categories during the publication process.
- The maximum length of the custom command-line length has increased from 200 characters to 32,768.
The following features and improvements were introduced in Ivanti Patch for Microsoft Endpoint Manager 2020.2.
Ivanti Patch for SCCM has been renamed to Ivanti Patch for Microsoft Endpoint Manager (MEM). This is being done to match Microsoft's recent actions to combine Configuration Manager and Intune into a newly branded product named Microsoft Endpoint Manager.
Import Applications to Intune
You can now import third-party applications to Microsoft Intune. This builds on the capabilities introduced in v2020.1, which enabled third-party applications to be imported to Configuration Manager. After the import is complete, the applications can be deployed to your endpoints using your existing Intune infrastructure. An automated task can be created to ensure that the applications are kept up to date.
This feature enables you to perform immediate deployments of third-party updates to your endpoints. The process for performing the deployments is quicker and easier than performing the same actions within Configuration Manager. This is particularly important when you need to quickly distribute time sensitive updates such as zero-day vulnerability updates and critical business-related updates.
Automation Scheduler Workspace
The new Automation Scheduler workspace provides extended automation capabilities, enabling you to create a number of true "set it and forget it" workflows. You can schedule recurring tasks such as:
- Publishing updates and metadata
- Publishing updates for CVEs
- Publishing Recommended Updates
- Deploying and Updating Third-Party Applications
The Automation Scheduler workspace also provides a convenient calendar view of all your recurring tasks, giving you greater visibility into your critical tasks.
A number of small but important improvements have been made to the user interface.
- The introduction of a new Ivanti Patch folder in the Software Library > Software Updates workspace.
- The ability to get the latest version of any catalog.
- The ability to include blank values in SmartFilters.
- The ability to see the aggregate size of selected updates.
- All toolbar icons are new, providing an updated look and feel to the product.
All Patch for Microsoft Endpoint Manager capabilities in this area are now contained in this new folder. This includes a new Automation Scheduler workspace, a renamed workspace (the workspace that contains all available third-party updates is now called Updates), and the Published Third-Party Updates workspace.
On the Settings > Catalogs tab, the Import / Update Data button has been renamed to Get latest. This button now enables you to request the latest version of any selected catalog, not just custom catalogs. In addition, information is provided about when the last update check was performed.
You can now define a blank in a SmartFilter rule value to return items without a value. For example, you might use this to search for updates whose supported languages value is blank.
When you select multiple updates in either the Updates grid or the Published Third-Party Updates grid, the aggregate size of all the selected updates is displayed near the top of the grid. This enables you to know the combined file size of the updates before performing an action. The aggregate size of the updates is also displayed on the Publish selected updates dialog.
The following features and improvements were introduced in Patch for SCCM 2020.1.
Deployment of Third-Party Applications
You can deploy a number of free third-party applications to your endpoints. This is accomplished by selecting an application from the Application catalog and importing it into Microsoft's SCCM. Once there, the installer for the third-party application will be downloaded to one or more distribution points and pushed out to your endpoints using your regular SCCM infrastructure.
The concept of opting in to shared settings has been eliminated. All settings are now saved to a SQL Server database and are shared by all users. Using the database allows you to perform backups and restores of all of your user settings. The Shared Settings tab that was used in previous versions has been removed.
Data Migration Tool
The Data Migration Tool is being introduced in conjunction with the Unified Settings feature. For new installations, the tool will create and configure the required SQL Server database. For upgrading users, if necessary, it will create a database and it will migrate the settings and user data that were used in your previous version of Patch for SCCM.
Alert History View
Provides a way to view all of the alerts that have been issued by Patch for SCCM. All alerts are included, regardless of whether an email notification is configured to be sent when an alert type is triggered.
Hide Updates with Inactive Download Links
Updates that are no longer available for download will be hidden within the main grid whenever the Latest not-published filter is applied.
Adding Administrator Information in Edited Updates is Now Optional
It is now your choice whether to include user name and date information with edited updates that are published.
Improved Product Licensing Process
A new credentials-based activation method is now available. This enables you to specify exactly how many of your available license seats you want to consume on a specific entitlement. The legacy key-based activation method is still supported for upgrading customers who prefer that method.
New graphics and icons give the product a more current look and feel.
The following features were introduced in Patch for SCCM 2019.2.
When reviewing this list, remember that the concept of opting in to shared settings has been eliminated in v2020.1.
With this feature you can:
- View a list of all your managed client machines
- View a list of all the software products installed on your client machines
- View a list of the most current updates that are available for all of the software contained on your client machines
- Use the list of updates to create a custom composite Smart Filter that contains those updates
- Use the Smart Filter in your publication processes
For more information, see Recommended Updates.
A calendar is provided that shows the names, dates and times of all scheduled deployments and auto-deployments.
For more information, see Viewing Scheduled Deployments.
Sideloading refers to the process of publishing updates that cannot be automatically downloaded. This feature provides information on how to locate each update, verifies its contents once it has been manually downloaded and saves each update to the local source folder using the proper directory structure.
For more information, see Sideloading Updates.
This feature provides a means of applying customization to updates in a supersedence chain by using a template. You create templates that provide a pre-installation script and/or a post-installation script. You can also provide a set of custom files that can be referenced in these scripts.
For more information, see What is an Update Template.
The multiple tabs have been removed and everything is now contained in one unified grid.
Enabling the Shared Settings feature now requires access to a SQL Server database. The database is used to store the shared setting data that is used by Patch for SCCM. Using a SQL Server database means that Patch for SCCM no longer requires Windows Management Instrumentation (WMI).
The following features were introduced in Patch for SCCM 2019.1.
When reviewing this list, remember that the concept of opting in to shared settings has been eliminated in v2020.1.
Support for Multiple Scheduled Tasks
You are now able to create multiple recurring scheduled tasks for each console. Previous versions limited the number of scheduled tasks to one per user on each console. Beginning with 2019.1, each user can now create multiple scheduled tasks on each console. In addition, scheduled tasks will be shared by all users who have selected to share settings.
High DPI Support
The dialogs within the product have been updated to support dynamic display scale factor (a.k.a. DPI). This allows the plug-in to automatically and properly scale for each display it is viewed on.
Windows Server 2019 Support
Windows Server 2019 (excluding Server Core and Nano Server) is now a supported operating system for the console machine.