Get Started with Patch Policy

A patch policy is a set of criteria that defines a patch list; that is, a collection of Fixlets that meet the patching criteria of a specific set of endpoints.

Use the Patch Policy application to establish continuous patching across your enterprise. Create patching schedules for different groups of machines and assign different deployment behaviors to each. Set patch timing, frequency and duration, pre-caching and retry behavior. Stagger start times, bypass errors, and notify device owners when a restart is pending.

Implement a patching strategy that meets your organization’s patching cycles and security guidelines. Use patch policies to establish and maintain a process of continuous security and compliance for your organization. Patch Policies currently supports the sites listed under Supported Patch Sites.


  • BigFix Platform version 9.5.5 or above.
  • BigFix WebUI installed and running.
  • Subscriptions to all applicable BigFix Patch sites.

From the BigFix console, enable any patch sites that are relevant to your deployment and subscribe all computers to those sites.