GoTo Resolve MDM's Patch management supports Windows devices that meet the following requirements:

Does your device have a 64-bit version of Windows?

Patch management features are not available for devices with the 32-bit version of Windows, because Miradore client only supports 64-bit Windows devices.

Is Miradore client installed on the device?

GoTo Resolve MDM utilizes an MDM work account and/or a Miradore client for managing Windows computers. In order to work properly, patch management requires that the devices have the Miradore client installed. Read Windows device management methods for more information about this topic.

Patch management features are not available for devices that don't have a Miradore client installed. You can check the device management method from the Management table which is located on the Device page.

Note: GoTo Resolve MDM's automatic client deployment doesn't work on Windows 10 Home devices. For those devices, you need to download and install Miradore client manually.

Is the software running in the System context?

As stated in the Patch management - supported vendors and products article, GoTo Resolve MDM's patching solution supports software that is installed in a per-machine context (machine-wide). If the software runs in the user's context (per-user installation), GoTo Resolve MDM patch management cannot detect or patch the software. Some of the most common software that has a per-user installer are:

• Zoom Client for Meetings
• Microsoft Teams
• Google Chrome
• Slack
• RingCentral
• Fiddler
• Opera
• Remote Desktop
• Webex
• WinSCP

Windows Update may interfere with GoTo Resolve MDM when it tries to install Windows patches. If the installation of Windows patches is failing on your managed Windows computers, we recommend checking the configuration of Windows Update on the managed Windows computers.

• Make sure that the Windows Update Service is enabled.
• Set Windows Automatic Updates to Never check for updates (Windows 7 & 8).
  • On Windows 10 computers you cannot modify this setting from the Control panel, but you can edit the settings through the Group Policy Editor or use GoTo Resolve MDM's Windows Update configuration profile to disable the automatic updates. On domain-joined computers, this setting is most likely managed through group policies by your administrator.

The Windows Update settings don't affect the installation of software patches from other vendors.

Sometimes the problem might be that the patch scan fails on a device. There have been some issues at least with the devices having the Windows LTSC version installed. The reason for this failure might be an issue regarding some trusted certificates on the device.

If you find out an issue with the patch scan, check that the required certificates exist on the device.

• Trusted CA: DigiCert Assured ID Root CA with serial number 0C:E7:E0:E5:17:D8:46:FE:8F:E5:60:FC:1B:F0:30:39
• Intermediate CA: DigiCert SHA2 Assured ID Code Signing CA with serial number 04:09:18:1B:5F:D5:BB:66:75:53:43:B5:6F:95:50:08

If these trusted certificates are missing, download them from the links above and install certificates manually to the machine certificate store.