Patch Policy Overview

To open the Patch Policy application, from the WebUI Apps menu, select Patch Policy.

Creating a patch policy is straight forward.
  1. Enter a name for the policy and select the types of patches it should include. For example, create a policy that includes important service packs for operating system updates.
  2. Create a roll out schedule for the policy, including deployment timing, frequency, and behavior.
  3. Select policy targets: the devices to be patched.
  4. Activate the policy.

    The process is described in detail in Create a Patch Policy.

Keeping Policies Current

The Patch Policy app notifies you when new patches that meet policy criteria become available. The delta icon next to a policy name on the Policy List tells you patch content has been added or changed. Refresh a policy to include the new material. Refresh policies manually or use the Auto-refresh option to keep policies up-to-date.


You can exclude patches from a policy that otherwise meet its inclusion criteria. For example, manually exclude a patch you know causes problems in a custom application. Or set a dynamic exclusion to automatically exclude Microsoft Office updates from a policy that updates Windows. Once set exclusions remain in effect until you remove them. Patch policies never include patches used for auditing, corrupt patches, or patches without a default action.

Use the WebUI Deployment views to monitor policy-based patching results. See [link]: Get Started with Deployments, for more information.

Permissions and Patch Policy

BigFix Master Operators (MOs) have full access to all Patch Policy functions. MOs can create, edit, delete, activate, and suspend polices, manage patch rollouts and schedules, and refresh policies when new patches are released. Non-Master Operators (NMOs) can add, edit or delete a policy and they can add targets to an existing schedule, and remove targets from a schedule if they have relevant permissions.