Configure a patch policy

Patch policies give you advanced control about how you apply patches in your environment. You can control when to apply patches, what kind of patches to apply and configure notifications that alert you when systems need to be patched. Patch policies can be attached to individual systems, groups or a combination thereof.

To create a new patch policy follow these steps:

Step 1: Open the patch policy page

Head over to Here you can see all your patch policies. To edit or delete a patch policy use the buttons beside the patch policy:

Step 2: Create a new policy

  1. Click on "Create new policy" to start the wizard for creating a patch policy: 

  2. Enter a name for the policy

  3. Select all systems and groups the policy should be attached to

  4. Decide wether the policy should auto-update attached systems as soon as new updates become available. If you select "No" here the policy will only check if the attached systems have updates outstanding and notify you.

  5. If you enabled auto-updates: Choose whether you want to automatically apply all updates that become available or only security-relevant updates. If you choose to apply all updates you can also choose to include or exclude Windows Feature Updates.

  6. Select keywords to match against updates. This step is optional and can be left blank. You can use this function to create a policy that only applies specific updates.

  7. Decide wether you want to configure notifications. When you activate notifications you can attach one of your notification methods (email address or third-party integration) to this policy and configure a notification interval. You will then receive summaries of all currently unpatched systems to your notification method. Please note that you can only attach one notification method to a patch policy but you can change the notification at any time by editing the policy.

  8. If you configured notifications: Set a notification interval in minutes to configure how often you will receive a status update for the systems attached to the policy.

  9. Decide wether the policy should be always active. A policy that is always active runs continually and checks for unpatched systems. If you want to configure a specific time window (e.g. a maintenance window) for your patch policy select "No" here and configure the start and end time for the time window in the next two steps. Please note that the time values are always in the timezone you configured in your profile.

That's it! Your patch policy is now configured and you can see all the details by clicking on the name of the patch policy at You can also always edit your patch policies and the changes will take effect immediately. 

Optional: Pause a patch policy

If you want to temporally pause a patch policy use the "Edit" button for the patch policy at and then toggle the setting for "Policy is paused" to "Yes". As long is the status of the policy is set to paused, it will not run.

Still need help? Contact Us Contact Us