Windows patch management
Patch management helps organizations to ensure the performance and security of the managed Windows devices. In addition to Windows operating systems, GoTo Resolve MDM currently supports automated patching for 300 different software products, such as Adobe, Dropbox, Safari, and Zoom.
Learn more about supported vendors and products.
Technical details of Windows patch management
Patch management is run with the Miradore client application (a process named 'MiradoreClient'), a light background service on the managed Windows devices. The Miradore client supports the following 64-bit operating systems:
- Windows 7 SP1 or newer
- Windows 8.1 or newer
- Windows 10
- Windows 11
The Miradore client is installed on the enrolled Windows devices. For devices that run the 'Full' management type, the Miradore client is automatically installed by the MDM. For devices that run the 'Light' management type, the Miradore client is the only management method.
You can centrally manage patches for Windows devices in the following stages:
- Detect
- Report
- Pilot
- Deploy
Windows patch deployment
GoTo Resolve MDM users can automate the patch installation for their Windows devices and create custom installation rules by including some vendors and their products and excluding others. GoTo Resolve MDM administrators can define the settings for automated patch installation at .
Read the article about Automating patch deployment to learn more about the installation settings.
If you are a GoTo Resolve MDM administrator, you can define a pilot group for testing released patches with specific devices. You can define the pilot group using tags. Learn more about patch deployment in GoTo Resolve MDM.
The patched device displays a notification if a restart is needed to finish the patch installation.
Configuring Windows Update for the managed computers
To ensure the proper functionality of GoTo Resolve MDM's patch management feature in your managed computers, we recommend configuring Windows Update on the managed computers as follows:
- Make sure the Windows Update Service is not disabled. Patch deployments won't succeed if the service is disabled.
- Set Windows Automatic Updates to Never check for updates (Windows 7 & 8). This will speed up the patch deployments. If Windows Automatic Updates is configured to check for updates, it may slow down patch deployments with GoTo Resolve MDM. It also makes patching more manageable when there is only one system patching device.
- On Windows 10 computers you cannot modify the automatic updates setting from the Control panel, but you can edit the settings through the Group Policy Editor or use GoTo Resolve MDM's Windows Update configuration profile to disable the automatic updates. On domain-joined computers, this setting is most likely managed through group policies by your administrator.
Related articles: