Vulnerability assessment and patch management at partner level

At the partner level (All customers), you can define, edit, and enforce vulnerability assessment and patch management settings centrally, by applying protection plans to devices across all customer tenants simultaneously. You can also configure and propagate to your customers settings for automatic acceptance of license agreements and automatic patch approval. For more information, see Configuring patch settings at partner level.

The system introduces intelligent rules to manage conflicts that arise if a protection plan at the partner level has settings that contradict a protection plan at the customer level. While you create a new plan at partner level, and try to apply it to a device that already has vulnerability assessment and patch management policies applied at the customer level, you will see the conflict indication, and will not be allowed to save the plan until you resolve the conflict. There are four options to do that: disable the conflicting modules in the plan that is applied at the customer level, disable the plan that is applied at the customer level, remove workloads from the plan that you are creating, or cancel the plan creation. For more information about resolving compatibility issues, see Resolving compatibility issues.

These capabilities enable you to:

• Apply one schedule and approval policy across all customers, to keep environments uniformly protected.
• Immediately deploy critical patches on customers' devices.
• Allow customer-level exceptions for specific devices or compliance needs.