Query to find devices missing specific patches

sover steve 105 Reputation points
2024-11-25T12:04:24.7733333+00:00

What is the best way to construct a query that identifies devices missing specific patches? The intention is to use the results to create a device collection and then deploy updates to the collection.

Any suggestions or examples would be appreciated.

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,072 questions
{count} votes

Accepted answer
  1. AllenLiu-MSFT 46,531 Reputation points Microsoft Vendor
    2024-11-26T02:18:01.2166667+00:00

    Hi, @sover steve

    Thank you for posting in Microsoft Q&A forum.

    We can use CMPivot to query missing patches like below:

    SoftwareUpdate | where (Categories == 'Security Updates,Windows 10, version 1903 and later') | where (KBArticleIDs == 'KB4565627' ) | order by Device asc

    After running the query, we get the details of the Windows 10 devices that are missing security updates, and we can create device collection directly with the result.

    For your reference:

    https://www.anoopcnair.com/find-devices-missing-patches-using-configmgr-cmpivot-query/

    (Please Note: Since the website is not hosted by Microsoft, just for your reference.)


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.