This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 71%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
I have a requirement to check which devices are not patched since last 90 days. Is there any way I can get that. idea is to find the devices which are not getting patched month by month.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 82%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
I use a collection query that gathers all the computers that don't show the Windows Build I want (query below uses February updates for Windows 21H2):
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.BuildExt < "10.0.19044.2604"
Hi @Devraj Mukherjee ,
Either you can check under Monitoring > Deployments node for which devices are not patched in the latest Tuesday patches or try with CMPivot following the below article:
See also:
Regards,
Youssef Saad | Blog: https://youssef-saad.blogspot.com
Please remember to ** “Accept answer” ** or upvote for useful answers, thank you!
Hi @Devraj Mukherjee ,
Agree with YoussefSaad, Configuration Manager CMPivot tool allows us to quickly assess the state of devices. When we run a query against a device collection, the CMPivot shall run a query in real-time on all currently connected (online) devices in the selected collection.
Besides, we could use SQL script to query that the date the patch was last installed on the device, and then check again for devices that have not had patches installed in the last 90 days. Here is the article we could refer to:
https://www.attosol.com/sccm-custom-sql-query-for-patch-compliance/
Note: This is non-official Microsoft article just for your reference.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi,
May we know the current status of the question? If there is any other assistance we can provide, please feel free to let us know, we will do our best to help you.
Best regards,
Amanda You
You can try this free report. https://w3.enhansoft.com/giveaway it is only available this month.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 38%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
$Days = 90
$Result = Get-WmiObject -Class win32_quickfixengineering | Where-Object { $_.InstalledOn -gt (Get-Date).AddDays(-$Days) }
If ($Result -ne $null) {
Write-Output "Compliant"
}
else {
Write-Output "Non-Compliant"
}
All the Non-compliant devices should be devices that have not patched in the last 90 days ;)