Get Started: Windows KB Management Dashboard

JumpCloud's Windows Knowledge Base (KB) Management helps ensure your Windows devices stay compliant and secured with the latest patches. The Windows KB Management tab gives you an overview and granular control of Microsoft's crucial KB updates, which are codes assigned to software updates, patches, and articles, for example KB50344441. These are typically released on the second Tuesday of every month (known as Patch Tuesday), allowing administrators to target specific bundles of fixes for deployment.

Prerequisites

• The JumpCloud agent must be installed and running on Windows devices. See Install the Windows Agent

Considerations

• If you do not have any devices enrolled, you must enroll them first. See Add a Device.
• Initial Data Sync - Once a Windows device is successfully enrolled, patch data collection begins automatically as part of the initial backend processing. There may be a short synchronization window before specific KB details are populated and visible within the dashboard. During this period, the dashboard may temporarily show no patch records or indicate that no KB data is available, this is an expected behavior and not a system error.

Accessing Windows KB Management Dashboard

1. Log in to the JumpCloud Admin Portal.
2. Go to Device Management > Patch Management and select Windows Patch Compliance tab.
3. Click Expand. The Windows KB Management dashboard is displayed.

Dashboard Overview

The Windows KB Management dashboard has two primary sections:

• Compliance Summary
• KB List

Compliance Summary

In this section, the following information is displayed:

• Patch Coverage - This chart visualizes organizational patch compliance. Green indicates fully patched devices. Red indicates devices with missing or awaiting updates. The chart displays both patch deployment (total patches installed across all devices) and device compliance (percentage of fully patched devices).
  
• Missing Patches by Severity - Displays the distribution of missing patches, categorized by their severity levels such as Critical, Important, Moderate, Low, and Unrated. Each colored segment of the chart reflects the count of missing patches within that specific severity group. Hovering over any segment shows three key metrics: the Severity level, the total count of missing patches in that segment, and the percentage share that group contributes to the overall total. Additionally, the chart also shows the exact totals for each severity category.
  
• Devices Pending Reboot - Displays the number of devices requiring reboot. This value is calculated based on the device-level reboot flag.
  
• Devices with Update Failures - Displays the count of devices with at least one failed KB installation in the recent scan. This metric immediately highlights the number of endpoints requiring remediation.
  
• Age of Missing Patches - Displays pending patches grouped by release age buckets and severity such as Critical, Important, Moderate, Low, and Unrated.
  
• Devices with Pending Critical Patches - Displays devices grouped by the number of missing critical patches. 

KB List

This list displays a list of all KBs aggregated across enrolled Windows devices.

The KB list displays the following: 

• KB Number - The unique identifier of the KB. You can click this link to be redirected to the official Microsoft KB page.
• Title/Description - Short description of the KB.
• Classification - Category of the KB such as Security, Quality, Feature, Definition, or Optional.
• CVE Details - Displays the associated Common Vulnerabilities and Exposures (CVEs) identifiers, their severity, and direct links to official references.

• Severity - Impact of the KB on the device such as Critical, Important, or N/A.
• Release Date - Release date of the KB by Microsoft.
• Superseded - Indicates whether a specific KB is superseded or not.
• Hide Superseded KBs - This checkbox is unchecked by default thereby showing all KBs. If this is checked, all the superseded KB’s are not displayed on the list. 
• Available Devices - Number of devices where the KB is applicable. 
• Installed - Number of devices where the KB was successfully installed. 
• Awaiting Install - Number of devices where KB is applicable but not yet installed.
• In Progress - Number of devices where the KB installation is ongoing.
• Failed - Number of devices where install attempt failed. 

Searching KBs

The search feature supports KB titles and CVE numbers. To ensure you are viewing the most current information, use the Manual Refresh icon to update the list.

1. Go to the KB List section and search for a specific KB.
2. Alternatively, click the Filter icon to narrow down your results. This displays the Filters modal window.
3. In the Filters modal window, select your desired options and click Apply.

Exporting KB List

You can export the entire KB list in a CSV or JSON format. To do this:

1. Log in to the JumpCloud Admin Portal.
2. Go to Device Management > Patch Management.
3. Select the Windows Patch Compliance tab.
4. In the KB List section, click Export dropdown menu.
5. Select Export As CSV or Export As JSON to download the KB list.

Viewing CVE Details

Common Vulnerabilities and Exposures (CVEs) are tied to specific patches and not to individual devices. Patches with available CVE will have the CVE number displayed under the CVE Details column. To view the CVE details, do the following:

1. Log in to the JumpCloud Admin Portal.
2. Go to Device Management > Patch Management.
3. Select the Windows Patch Compliance tab.
4. In the KB List section, search for specific CVE number and click on it. The CVE details is displayed.
5. If a KB includes additional CVEs, the icon is displayed. Hover over this icon to view the additional CVEs.
6. Click View More to view the entire list of CVEs included in the KB.

Approving KBs for Installation

You can select and approve a single or multiple KBs for installation on a single or multiple devices. Approval actions are only available for devices where the KB status is Awaiting Install.

Approving Single KB

You can use the following method to approve a single KB for multiple devices:

1. Log in to the JumpCloud Admin Portal.
2. Go to Device Management > Patch Management.
3. Select the Windows Patch Compliance tab.
4. In the KB List, select the specific KB you want to approve.
5. Click the count in the Awaiting Install column for a specific KB. The Awaiting Installation modal window is displayed.
6. On the Awaiting Install modal window, select the target devices or click Select All to select of the available devices.
7. Click Install Immediately or Install with Policy Schedule.
8. When Install with Policy Schedule is selected, the system initiates updates for devices with an associated policy and displays a success message.
9. On selecting Install Immediately, the Install Immediately window is displayed. On this window, select one of the following options:
   • All selected devices
   • Only devices with no policy associated
   • Only devices with policy associated
10. Click Install. A success message is displayed indicating the beginning of KB installation.

Approving Multiple KBs

To select multiple KBs form the KB List, do the following:

1. Log in to the JumpCloud Admin Portal.
2. Go to Device Management > Patch Management.
3. Select the Windows Patch Compliance tab.
4. In the KB List, select the KBs you want to approve.
5. From the Actions dropdown menu, select Install Awaiting Updates. The Install Awaiting Updates modal window is displayed.
6. Select the target devices or click Select All to select of the available devices.
7. Click Install Immediately or Install with Policy Schedule.
8. When Install with Policy Schedule is selected, the system initiates updates for devices with an associated policy and displays a success message.
9. If the selected devices are not associated with a policy schedule, click Install Immediately. This displays the Install Immediately window.
10. On this window, select one of the following options:
    • All selected devices
    • Only devices with no policy associated
    • Only devices with policy associated
11. Click Install. A success message is displayed indicating the beginning of KB installation.

Retrying Installation of Failed KBs

To install failed KBs, do the following:

1. Log in to the JumpCloud Admin Portal.
2. Go to Device Management > Patch Management.
3. Select the Windows Patch Compliance tab.
4. In the KB List, click the count in the Failed column for the KBs you want to re-approve. The Failed Installation modal window is displayed.
5. On this modal window, select the target devices or click Select All to select of the available devices.
6. Click Retry Immediately or Retry with Policy Schedule.
7. When Retry with Policy Schedule is selected, the system initiates updates for devices with an associated policy and displays a success message.
8. If the selected devices are not associated with a policy schedule, click Retry Immediately. This displays the Retry Immediately window.
9. On this window, select one of the following options:
   • All selected devices
   • Only devices with no policy associated
   • Only devices with policy associated
10. Click Install. A success message is displayed indicating the beginning of KB installation.

Installing Missed Critical Patches

1. Log in to the JumpCloud Admin Portal.
2. Go to Device Management > Patch Management.
3. Select the Windows Patch Compliance tab and go to Compliance Summary section.
4. In the Compliance Summary section, go to the Devices with Pending Critical Patches tile.
5. From this tile, you can select a timeline from the dropdown menu and click on the Devices Count. This displays the missing critical patch modal window.
6. In this modal window, you can search by device name or use the Filter option to narrow down your search.
7. Select one or more devices and click Install Immediately. This displays the Install Immediately modal window.
8. From this modal window, select the desired option and click Install to initiate the installation of the missing patches.