Schedule patches with the Microsoft SCCM integration with Vulnerability Response

릴리스 버전: Australia

업데이트 날짜 2026년 03월 12일

소요 시간: 10분

Schedule patches from Patch Update and Remediation task records in the Vulnerability Response application in your ServiceNow AI Platform instance.

시작하기 전에

Starting with version 16.1, you can schedule patches from the Vulnerability Response Workspaces or from the classic environment.

Roles required:

sn_vul_patch_orch.configure_patch role to configure and schedule patches
sn_vul_patch_orch.read_patch to view (read only) patch information on records. This role is inherited with the sn_vul.remediation_owner and sn_vuln.vulnerability_analyst roles that are required for the IT Remediation and Vulnerability Manager Workspaces

In the Vulnerability Vulnerability Response Workspaces, as a user with the sn_vul.remediation_owner role, navigate to All > Vulnerability Response > IT Remediation Workspace.
On the Home page, click Preferred patch on VIs.
The list of Patch Update records for the VIs with preferred patches that are assigned to you are is displayed.
Locate a record that you want to open and click to open it.
Alternatively, from the List view in the workspace, click Patches > All and locate a Patch Update record.
The Patch Update record is displayed. You might prefer to review the data before you schedule a patch, because there might be other patches already scheduled.

Refer to the following table about the data displayed in the IT Remediation Workspace and what you can do.

Task	Description
Click a Related items link	Overview - View details such as the patch update record number, the article and bulletin IDs, the release date and category of the update, the site name for the patch, Risk rating, Risk score, description, solution (if provided), and remediation status. Associated Devices - The list of impacted configuration items affected by the patch and status. Vulnerable items - The list of vulnerable items associated with the vulnerability and patch. Patch Deployments - The names and information related to deployments of this patch on assets or asset groups for this patch. Patch requests - A list of patch requests already submitted for this patch.
Click a link to open a record	From lists displayed on opened records from the related items links, view more details, including messages about missed targets. Once opened, records remain open as tabs until you close them.
Schedule Patch	When you are ready to schedule a patch or submit a request, click Schedule Patch. In the dialog that is displayed, fill in the fields. See the steps below for more details.
Add a work note or attach a file	In the far right of the screen, click the Activity icon (lightening icon) and enter a work note. Click the icon to toggle the panel. You can also upload a file.

In the dialog, fill in the fields.

Field	Description
Step 1 Select Target
Collection	Choose a collection (group of assets) from the list to continue. These are the collections imported from SCCM.
Step 2 Schedule
Deployment Name	Enter a name for this patch deployment. This name helps you track your updates.
Deployment type	Choose one option from the list. Required - this patch is a required update. Available - this patch is not required, but available for deployment.
Deadline time	Set the deadline. This value indicates last day the patch can be installed.
Available time	Set the value for the time the patch first becomes available for deployment.
Deployment time based on	Select a time zone from the list to base your deployment time window on.
Allow restart	Default is deactivated. Activate (select) this option to instruct the machines in the group to restart automatically after the patch is successfully completed.
Description	Add more text for about the patch. This information is displayed on the Description field of the Patch Update record.

Click Deploy.
The patch request is sent to for review. You can view the status of all your submitted requests from Exception requests > My requests from the List view.
Alternatively, you can schedule patches from remediation tasks (RT)s that are assigned to you or your group.

주:
The option to schedule a patch from a remediation task record is available only if there are patches mapped to (associated with) the VIs in the task. These patches are displayed in the Preferred patch column if you scroll to the right of a remediation task records with the Overview tab selected.

그림 1. Remediation task with Preferred patches
Click Schedule Patch from the RT record and follow the steps listed above to schedule it in the dialog.

옵션: You can schedule patches for the steps previously in the classic environment.

To locate these records, follow these steps.

In the classic environment, navigate to All > Vulnerability Response > Patches > All.
From the list that is displayed, locate a Patch Update record.
For remediation tasks, navigate to Vulnerability Response > Remediation Tasks and locate a record.
The track the remediation status on the Remediation Status tab. On the bottom of the record, patch data is displayed on the Related Links.

Click Schedule Patch and fill in the fields.


Field	Description
Deployment Name	Enter a name for this patch deployment. This name helps you track your updates.
Description	Add more text for about the patch. This information is displayed on the Description field of the Patch Update record.
Deployment type	Choose one option from the list. Required - this patch is a required update. Available - this patch is not required, but available for deployment.
Collection	Choose a collection (group of assets) from the list to continue. These groups are the assets collections imported from SCCM.
Deployment time based on	Select a time zone from the list to base your deployment time window on.
Available Time	Set the value for the time the patch first becomes available for deployment.
Deadline	Set the deadline. This value indicates last day the patch can be installed.