Pushing out specific Windows KB's

  • 16 February 2023
  • 1 reply



I am working on a set of policies when zero day patches happen. Something I could not figure out is how to target multiple specific patches in one policy. I did create multiple advanced polices targeting the patches and ran those. Is there something that I missing or is there a better way to do this. 


Best answer by JohnG-Automox 16 February 2023, 14:12

View original

1 reply

Hi Walker,


The Patch Only policy will allow you to target multiple KBs using the Package Targeting filter.  

You can add as many packages as you’d like to this list:

Please note that the KBs or packages must first be available for the devices in Windows Update before they will appear in the Package Targeting list.


This is a great way to separate out a Policy that only patches specific packages. The Windows Security Definitions, Servicing Stack, or Feature Updates are a great example of this!


You can learn more about the Patch Only policy here:


For out of band packages that are not available via Windows Update natively, you can use a custom worklet for enforcing deployment.

Here are some examples of that,


I hope this helps. Have a great day!