Securely Scan and Update Device Software

Securely Scan and Update Device Software

Lenovo Device Manager (LDM) allows Organization Admins and IT Admins to automatically scan Windows devices for available Microsoft and 3rd party software updates. 

This feature allows IT Admins to securely scan the Windows devices for available software only updates, view updates by Patch, Device and Device Groups and deploy updates to the device(s). Patches can be applied silently, or in the case where a reboot is required, the deployment is placed in a pending state and waits for the end user to restart the device. Patch update checks will happen every day at 6 PM (specific to the device’s time zone).

Viewing the available patch updates

  1. Navigate to App Management > Patch page. All available patches will be filtered based on Patch or Devices. To see the list of patches available for Windows devices, select the Patch tab. To view the patches specific to a device, select the Devices tab.
  2. Updates under the Patch tab are categorized based on Security, Non-Security and Security Tools.
  3. Expand the accordion to view the list of devices that require the patch to be deployed. The table will display the device details (Device Name, Serial Number, Product Family, Network Status, Group Name, status of the security update). Users can also search for a specific update using the Search box.


  4. Click the Eye icon to view the Patch info. The patch info screen contains the patch download URL, Product Name, Product SP, Reason, Patch Name, Bulletin Id, Status. 


  5. You can click the URL to download the README file.
  6. Click Close to close the patch info pop-up screen.


Deploying patch updates 

Some patches may be unsigned. Please deploy these patches at your own risk.
To deploy a Patch:
  1. Navigate to App Management > Patch page. Choose the Patch type (Security, Non-Security, or Security Tools). Select the patch to be installed to the Windows device. Expand the accordion and select the checkbox next to the device name.
  2. The Deploy Now button will become active. Click the Deploy Now button.


  3. In the confirmation pop-up screen, click Confirm Deploy Patch(es). Click Cancel to cancel the deployment process.
    Once deployed, the patch Available status will change from Available to Installing. If the device is offline during the deployment process, the status will remain as Installing until it is successful (device comes online). Alternatively, if the process does not complete successfully within 1 hour, the status will change to Failed and can be retried later.

If you want to install multiple patches, repeat the same process for each update (by expanding the accordion). Once a patch is successfully installed on a device, the device will be removed from the patch list and moved to the Patch Deployment Report

Available patches will be replaced with an updated list every day at 6 PM (specific to the device’s time zone). Any previously failed deployments will be reset at that time and will need to be redeployed.

Notes: 
  1. The device should have a valid license before patches can be installed successfully.
  2. Some patches may require a reboot, in which case a pop-up notification will appear on the device  providing the end user with the option to reboot right away or later.
  3. If the Patch is not installed successfully within 12 hours (whether the device is online or offline), the status on the LDM Patch list will be "Failed" and the installation process will be cancelled.
  4. If the device goes offline before the update is installed successfully, when it comes back online the status on the Patch list will be "Successful", and the Patch will be added to the Patch Deployment report.

Viewing and deploying patches for a single device 

To view the patches specific to a device –  
  1. Navigate to Apps > Patch page. To view the patches specific to a device, select the Device tab.
  2. Expand the accordion to view the list of patches that are available to be deployed to the device. The table will display the patch details (Patch Name, Product Sp, Reason, status of the security update and type of security update (Security, Non-Security, Security Tools). Users can also search for a specific device using the Search box.
  3. Expand the accordion and select the checkbox next to the device name. 
  4. The Deploy Now button will become active. Click the Deploy Now button.


  5. In the confirmation pop-up screen, click Confirm Deploy Patch(es). Click Cancel to cancel the deployment process.
  6. Once deployed, the patch Available status will change to Installing. The process is the same as explained in previous steps.

    • Related Articles

    • Using System Update

      This feature allows Org Admins, IT Admins and MSP Admins to centrally manage Windows BIOS, drivers and firmware updates on any Lenovo Windows device. Updates are checked when new devices are claimed and licensed, and on-demand from the System Update ...
    • Viewing Device Information – Android Operating System

      Once an Android device is added to LDM, admins can view the device information and perform basic actions through the Device Tray. You can navigate to the Device Tray by following this path: Device Management > Device List > (Select the device) > ...
    • Viewing Patch Deployment Status Report

      Creating Patch Deployment Status Report When a patch is successfully installed to a Windows device, it is removed from the Patches section and added to Patch Deployment. This report provides details about the patches deployed. To generate a report, ...
    • Viewing Device Information – Windows Operating System

      Once a Windows device is added to LDM, admins can view the device information and perform basic actions through the Device Tray. You can navigate to the Device Tray by following this path: Device Management > Device List > (Select the device) > ...
    • Grouping Devices

      Grouping devices is helpful for managing many devices - typically by geography or department. Device groups in your organization's portal can be accessed from the Device Management > Device Groups page from the left navigation menu. Create Device ...