Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs

RMM Patching Improvements & Manual Controls

Connectwise
04/02/2026
0
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


TL;DR

  • Approval groups enable scoped patch approvals tied to device groups, allowing MSPs to override partner-level policies for specific endpoints — critical for managing problematic patches like KB 5074109 that only affected physical devices.
  • On-demand application installation lets partners push any supported third-party app to Windows endpoints immediately, without requiring Winget support, eliminating the need for custom scripts.
  • Manual update functionality (late March) will allow targeted deployment to only outdated devices, while custom application support and file hosting are planned for later in 2025.
  • Improved third-party patching is now the recommended approach for Windows 10/11 desktops, offering more titles, flexibility, and all new features compared to legacy patching.
  • Partners can achieve pilot group testing today by combining approval groups with custom fields and device groups, creating ring-based deployment workflows.

Approval Groups for Scoped Patch Management

ConnectWise introduces approval groups, a feature that combines patch approvals with device groups to create scoped patch policies that override partner-level settings. This capability addresses real-world scenarios like the January 2026 KB 5074109 issue, which caused unmountable boot volume errors on physical Windows devices but not virtual machines. Partners can now create multiple approval groups with hierarchical priority ordering, allowing granular control over which devices receive specific patches. The feature is available for both OS and third-party patching and enables MSPs to manage exceptions without disrupting their broader patch management strategy.

On-Demand Application Installation

The new on-demand application installation feature allows partners to deploy any supported third-party application to Windows endpoints without requiring Winget support on the target device. This addresses a long-standing partner request and eliminates the need for custom scripts or ASIO portal tasks. Partners can push applications immediately or schedule deployments, targeting individual devices or entire sites. The feature works across Windows 10, Windows 11, and even older operating systems or server installations, provided the application supports that OS. Deployment tracking is available through the Schedule tab with full history visibility.

Third-Party Patching Roadmap and Enhancements

ConnectWise outlined upcoming improvements to third-party patching, including device details visibility in early March and a manual update option in late March. The manual update feature will allow partners to target only devices where an application is outdated, rather than deploying to all endpoints. Additional roadmap items include catch-up functionality for devices that missed scheduled patches (expected Q2), custom application support with file hosting capabilities, and ring-based deployment options for pilot testing. The improved third-party patching platform is positioned as the go-to solution for Windows desktops, with legacy third-party patching remaining available for Mac devices.

Chapters

0:00 - Introduction and Office Hours Overview
1:45 - Approval Groups Feature Introduction
2:44 - Creating Approval Groups Demo
6:54 - Managing Approval Group Hierarchy
8:10 - On-Demand Application Installation
9:50 - Installing Applications Demo
12:25 - Third-Party Patching Roadmap
13:22 - Q&A Session
25:24 - Upcoming Events and Closing

Key Quotes

2:00 "The approval group is nothing but patch approvals and device group joined together. So as you can understand, it is essentially creation of scoped patch approvals or patch blocks that would override any partner-level approvals."
4:29 "This issue is only occurring for physical devices. So what about my virtual devices? I have Windows 11 virtual devices that I would want these updates on. That's where approval groups comes in, where you can create a scoped approval for just your virtual device."
7:05 "Whenever it's time for deployment of this update, we start calculating it from bottom to up. Because in my use case, I first want it to exclude any devices, I will move my critical device blocked below, so that takes the highest priority."
8:39 "Any supported application that you see under third-party patching, you can pick any of those applications and basically push that on any Windows endpoint. The best part about this is it doesn't need to be a Winget-supported device."
17:27 "Anything manual always overrides your policy that is set up. Just like we have with OS patching, third party patching is exactly the same. Manual actions, on-demand actions will always override."
21:10 "That is within our roadmap for this year to be able to give you an option to select or set up your own application. You give us the parameters. We will also be giving you some stories so you can host this application as necessary."

Categories:
  • » Cybersecurity » Endpoint Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Endpoint Management
  • Technical Deep Dive
  • Demo
  • Best Practices
  • How-To
  • Patch Management
  • RMM Automation
  • Third-Party Patching
  • Application Deployment
  • Device Grouping
  • Patch Approval Workflows
  • Windows Endpoint Management
  • MSP Operations
  • Vulnerability Management
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: RMM Patching Improvements & Manual Controls

              Upcoming Webinar Calendar

              • 04/08/2026
                11:00 AM
                04/08/2026
                Managing Configuration at Scale Across Group Policy and Intune
                https://www.truthinit.com/index.php/channel/1865/managing-configuration-at-scale-across-group-policy-and-intune/
              • 04/15/2026
                01:00 PM
                04/15/2026
                Service Account Security in the Age of AI: From Legacy Accounts to Agentic Identities
                https://www.truthinit.com/index.php/channel/1866/service-account-security-in-the-age-of-ai-from-legacy-accounts-to-agentic-identities/
              • 04/30/2026
                10:00 AM
                04/30/2026
                Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection
                https://www.truthinit.com/index.php/channel/1868/insights-from-the-2026-keepit-annual-data-report-on-saas-data-protection/

              Upcoming Events

              • Apr
                08

                Managing Configuration at Scale Across Group Policy and Intune

                04/08/202611:00 AM ET
                • Apr
                  15

                  Service Account Security in the Age of AI: From Legacy Accounts to Agentic Identities

                  04/15/202601:00 PM ET
                  • Apr
                    30

                    Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection

                    04/30/202610:00 AM ET
                    More events
                    Truth in IT
                    • Sponsor
                    • About Us
                    • Terms of Service
                    • Privacy Policy
                    • Contact Us
                    • Preference Management
                    Desktop version
                    Standard version