Configure the Vulnerability Response Patch Orchestration with Microsoft SCCM integration

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 8분

    • After you have installed the application, configure it with your account information and validate your credentials.

    시작하기 전에

    Roles required: sn_vul.vulnerability_admin and sn_vul_sccm.configure_integration

    프로시저

    1. Navigate to All > Microsoft SCCM Patch Orchestration Integration > Configuration.
    2. Fill in the fields with your Microsoft SCCM information and credentials.
      Field Description
      Integration instance The name of the Microsoft SCCM instance account you want to use, for example, Microsoft SCCM Patch management integration.
      Host name Enter the URL for the Microsoft SCCM host.
      Username Enter your Microsoft SCCM account username.
      Password Enter your Microsoft SCCM account password.
      MID Server Enter the name of the standalone MID Server from the list that you want to use. See Prepare for the Vulnerability Response patch orchestration integration with Microsoft SCCM for more information about MID Servers and set up tasks in your ServiceNow AI Platform®.
    3. Click Save and Test Credentials.
      The status of your connection between Microsoft SCCM and your ServiceNow AI Platform® instance  is displayed in the Validation Status Field. If you do not see a successful test, follow the prompts.
    4. 옵션: Domain separation is supported for this integration.
      You can add multiple configurations of to your instance. To add additional configurations:
      1. Navigate to All > Microsoft SCCM Patch Orchestration Integration Integration Instances.
      2. Verify the application scope, Vulnerability Response Patch Orchestration with Microsoft SCCM, is displayed in the Application scope field.
      3. Click New.
      4. Fill in the form.
        Field Description
        Name Name for the integration instance.
        Application Vulnerability Response Patch Orchestration with Microsoft SCCM
        Integration [Read only] Microsoft SCCM Patch management is the default.
        Active Default is activated. If cleared, the instance is not active.
      5. Click Submit.
        Your new integration instance is displayed on the Integration Instances list.
      6. Repeat steps 1-3 to configure your integration instance and test your credentials.
    5. Set up approvals for patch requests.
      By default, a system property [sn_vul_patch_orch.patch_approval_required] is activated so that when patch deployments are scheduled, they are submitted for review and approval to users assigned to the Level 1 - Patch update approval group.

      If you want users with the sn_vul_patch_orch.configure_patch role to schedule patches without approval, you can deactivate the [sn_vul_patch_orch.patch_approval_required] property. You might prefer to leave approvals activated so that scheduled patches do not conflict with normal working hours.

      주:
      If you deactivate the approval system property, any user with the sn_vul_patch_orch.configure_patch role can schedule and deploy patches without review and approval.

      As a user with the sn_vul.vulnerability_admin role, to deactivate the system property:

      1. Navigate to All > sys.properties.list.
      2. Locate sn_vul_patch_orch.patch_approval_required and click it to open the record.
      3. In the Value field, type false.
      4. Click Update.
    6. If you do not deactivate this property, you need to assign approvers for patch requests.
      As a user with the sn_vul.vulnerability_admin role, follow these steps.
      1. Navigate to All > Vulnerability Response > Administration > Approval Rules.
      2. If the Deploy patch update approval Approval Rule is not displayed in the list, click All to the right of the green filter icon in the upper left of the screen to display the entire list.
      3. From the list, click Deploy patch update approval.
      4. On the record, with the Approval Configuration tab selected, click Default Configuration Patch Update approval.
      5. On the record, click Level 1 - Patch update approval.
      6. Add users in this group.

        The users assigned to this group approve patch requests submitted by users with the sn_vul_patch_orch.configure_patch role. Navigate to My Approvals to view and process the requests.

    7. ClickUpdate to save your changes.
    8. 옵션: You can set up multi-level approvals so that more than one approval is required prior to the deployment of scheduled patch requests.
      1. With the Default Configuration Patch Update approval record displayed, click New.
      2. Fill in the fields.
        Field Description
        Name Approval level name, for example, Level 2 - Patch update approval.
        Active Activated by default, signifying that the approval level is in use.
        Required approval Select how many approvals are required for the selected level:
        • One approver required
        • All users must approve
        Order Execution order of various configurations within a rule. For example, a configuration with an order entry of 100 runs before a configuration with an order entry of 200.
        Role Select a role for the group from the list.
        Approval rule Contains the table and type details for the approval rule.
        Approval configuration Contains the approval configurations.
        Assign using Select an option:
        • User and user group
        • Approval table field
        • Script
        Groups Approver level group consisting of multiple users. The user must have one of the following roles that you specify.
        Users Edit the users listed in the groups.
      3. Click Submit to save your edits.