IBM Security MaaS360

Announcing the Return of Granular Patch and Update Management for Windows in MaaS360!

By Himanshu Mittal posted Sun December 22, 2019 02:48 PM


Fixing security vulnerabilities with device patching helps organizations proactively prevent security breaches, so that they can store customer and other sensitive data securely on up-to-date devices. Additionally, and just as important, patching is essential to guarantee the performance and stability of operating systems and applications. These software updates address performance issues and remove outdated features. With patch management programs, enterprises can guarantee that endpoints are safeguarded and running efficiently without the need for manual intervention.  

Dozens of patches are being released regularly for different applications and operating systems. As the process of handling these updates can be quite complex, an automated process will ensure the patches are applied properly, and endpoints remain secure. 

Traditionally, IBM Security MaaS360's patch management capabilities were supported via integration with HCL BigFix. After IBM divested BigFix in early 2019, granular patching became more limited within MaaS360. 

However, we are happy to announce that MaaS360 now provides automated and simplified patching capabilities for all Windows endpoints. 

How does it work? 

The MaaS360 agent collects patch information and validates whether a device is up-to-date with recent patches. This information is uploaded to the MaaS360 portal where admins can access a consolidated view of all missing updates across their organization’s various endpoints. Administrators can then review this information and take appropriate action. This view not only provides more details about the patches and the associated devices but also provides action to distribute these updates to a specific device or all devices. 

While distributing a patch an admin can decide how long to keep the distribution active, meaning any device enrolled into MaaS360 at a later point of time can also automatically receive the same patch should that device be missing it. 


To check the affected endpoints list, administrators can navigate to device count and access this information. If required, distribution can be triggered from this page as well. 

We are also happy to announce that this new capability is being made available by default to every customer managing or considering managing Windows devices in their organization.  

To enable this capability in your own portal, follow the below steps:  

1: Login as admin to the MaaS360 portal.  

2: Navigate to SETUP -> Services & Settings-> Services 

3: Expand the Laptop and Desktop Management section and enable it 

Verify this has been enabled by navigating to the Security drop-down in your menu ribbon then accessing 'Patch Management' -> 'OS Patches (Windows).’ 

If you have more questions regarding this specific functionality or Patch Management in general, please do not hesitate to reach out to myself or your IBM account representative.