Microsoft has released X out-of-band, how do I install?
Occasionally Microsoft will release a fix or update out-of-band to get it out and available as soon as possible without pushing the update through the standard update release channel. Because of this, the agent won't show the update as available for a device that might need it as it won't be seen during a scan.
Symptoms
Updates will be announced as out-of-band (such as with https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-tls-handshake-failures-in-out-of-band-updates/). In the main documentation page for the update you'll see in the release channels only Microsoft Update Catalog with a Yes for available:
Steps to resolution
In order to be able to deploy these types of updates to the devices that need them, the best option from the dashboard is to use a worklet.
- Download the update(s) from the Update catalog link that Microsoft has provided. This is typically a file with an .msu extension.
- Create a worklet similar in nature to this one (https://community.automox.com/community-worklets-12/worklet-install-any-standalone-windows-10-kb-patch-e-g-intel-microcode-patch-759). Upload the file from step 1 and making sure your uploaded filename is referenced correctly in the code.
- Associate the worklet with devices that should have it installed.
- Run the worklet either on a schedule or just on demand. If you are running it on a schedule, be sure that the evaluation code is returning the value you want (a non-zero return when checked will show a pending update status icon next to the worklet name on the device details page). This value is checked whenever a device does a scan.