Patch management reporting
MSP N-central reports provide summary and overview information on the status of patching with your customers. With the information from the reports, you can get a complete picture of the patching status for a customer, and identify where deficiencies are occurring. You can also use these reports to demonstrate to an auditor that you are meeting your patch management SLAs.
Reports are available by clicking Reports > Status at either the Customer or Service Organization level. Creating reports at the customer level enables you to include a patch details section on some reports.
You can use these reports even if you did not enable Patch Management. To to this you need to add the Patch Status service to the device.
MSP N-central reports
MSP N-central reports are included by default. They provide high-level analysis commonly used for internal review,
|Missing Patches (Summary)||Provides a graphical cross-customer summary of how many devices are monitored for patches per customer, and how many devices are missing Security, Critical and Definition patches.|
|Patch Approvals and Installations||Shows the number of patches by installation status for each approval status. You can also generate a detailed list of patches associated with these counts.|
|Patch Installation Status||Shows which devices are missing a specific patch or which devices are missing patches belonging to a specific patch category.|
|Missing Patches (Detailed)||Provides a breakdown of missing patches on one or more devices. It also indicates missing patches by workstation/server and patch classification.|
Report Manager Reports
Report Manager provides advanced reporting, enabling to create customized customer-facing reports to provide details on patching status and the work you have done for them. For more information on Report Manager, see the Report Manager help topics.
To launch Report Manager, at the System or SO level, click Reports > Report Manager.
The Executive Summary report is located under the Managed IT Services category. The Executive Summary report is your primary report for displaying the value your organization provides to your customer. Include the Windows Patching score as part of your Executive Summary Report by choosing the Include Windows Patching section.
The Patch Scoring Method has two configurations:
- Updated devices
- Installed Patches
The score result is the percentage of all devices that are 100% compliant. A single missing patch on a device means this device is not compliant in an audit, which gives a 0% score for that device. The final result is the percentage score of all devices averaged by the number of devices. If your customer must undergo frequent security audits, you should select this reporting method.
This report is best used with a fixed patching and reporting schedule. Patches should be approved at the beginning of the patch cycle, and allowed enough time to complete installation. Generate this report before new patches are approved. Patches approved that are not installed count as missing patches and generate a low score. Also review the Advanced Settings > Patch Grace Period below for details on improving your patch score.
This score is calculated as the percentage of patches successfully installed across the organization. You can use this report to show value in your patch management without each device needing to be fully up to date. Also review the Advanced Settings > Patch Grace Period below for details on improving your patch score.
The Patch Grace Period excludes patches that were approved within the specified time period from your Executive Summary report score. For example, if your Patch Maintenance Windows are scheduled on a weekly basis, you can configure a seven day grace period. Your patch score will only decrease if a patch was unable to install successfully during at least one maintenance window.
During the configuration of your Patch Status service in MSP N-central, you can select to not monitor some patch categories, and still include these in your patch score by clicking Include Unmonitored Categories.
You can include devices that are not using MSP N-central Patch Management in your score. Creating a low score here creates an opportunity with your customers to up-sell your patch management services.
Include the Summary and Details to provide counts of missing and failed patches per classification for each device.
Provides a summary of patching status for one or more customers as of a period end date. Use this report to determine if customer environments are up-to-date and see patch counts for each device. Your customers will be able to see that patches are actively being approved or declined, and that their devices are actively being patched. The report is located in the Managed IT Services category.
- Use this report to show the value that you provide as part of your patch cycle. You can customize the Patch Status report by choosing a specific Patch Installation Status, Patch Category and/or Patch Approval Status.
- You can filter for specific devices or groups of devices by choosing device classes, specific rules or specific devices.
- You can select specific Patch Statuses and Approval Statuses to report on. For example, you may choose to only report on patches that were approved and installed to represent how you are keeping end devices up to date over a specified period.
- You may choose to include devices not under Patch Management. This could be a viable tool to help increase business. For example, you would include failed or Not Installed patches in this scenario to demonstrate how unmanaged devices are insecure.
- The output will be a high level graphical representation of the Patch Install Status, Percentage of devices that are up to date and a count of your Patch Approvals. Included will be a detailed breakdown of the patches grouped by installation status displaying each device and patch counts by category.
This report provides detailed patch information for one or more customers within a specified time period. This report is best used as an internal auditing and troubleshooting tool to identify devices that require attention and gain insight on which patches are missing from these devices.
The Patch Details report is located under the Managed Assets category.
- You can customize the Patch Status report by choosing a specific Patch Installation Status, Patch Category and/or Patch Approval Status.
- Filter for specific devices, or groups of devices by choosing device classes, specific rules or specific devices.
- Select specific Patch Statuses and Approval Statuses to include in the report. For example, you may choose to report on Approved, Critical and Security patches where the status is Failed or Not Installed. This would display patches that require immediate attention.
- Group results by Patch or by Device to help with your workflow. For example, if you’re verifying if some specific devices are missing patches, sort the results by Device.
- The report generates a detailed list of every patch for every device meeting the selected criteria. The Patch Name, affected Products and Classification are displayed to assist in deciding what action needs to be taken on this patch. The Publish Date, Approval Status and date an approval was set, as well as the day action was taken on the patch (when applicable) provide the details required to investigate unexpected results.
- The Patch Details report provides the information you need to track updates and identify issues in your customer environments within your patch life cycle.
Patch Approval and Installation
Provides a summary of patch counts, by approval and installation status for one or more customers. Run this report to show how patch installation statuses compares to what has been approved.
The Patch Approval and Installation report is located under the Managed Assets category.