Customized deployment 


Customized deployment of third-party patches

When it comes to cyberattacks, no single deployment policy will ever suit the needs of two different organizations. The trick is finding the right cybersecurity solution for your business—one that offers custom policies to keep your endpoints secure.

With the customizable patch deployment template, you can tailor the deployment process to your business's specific needs. For instance, you can configure the deployment of third party patches before deploying them. Deployment Templates available under Deployment Settings include:


Skip deployment - By clicking on Skip deployment, the deployment will automatically be skipped if the application is already in use, without notifying the user.


Force quit - By opting force quit, all the critical updates will be deployed immediately by force closing and updating the application. Click on Yes, if you want the users to postpone the deployment. Click on No, if you don't want the users to postpone the deployment. So, that the application will be force closed and updated if the notification times out.

Deployment Notifications

Customize Notification Message, lets you tailor the deployment notifications to inform users about impending updates. From there, the users can decide whether to initiate or postpone the deployment. Thus allowing users to have more control over deployment.


Case 1 - By enabling the checkbox, the application will be force closed and auto-updated if the user doesn't respond to the notification within the given Notification timeout.

Case 2 - By disabling it, the update will automatically postpone for a given Number of attempts, if the user doesn't respond to the notification within the specified Notification timeout.


Case 3 - Once the user exhausts the specified number of attempts, the application will automatically be force closed to deploy the latest available updates after the notification times out.

Additional settings include,

  • Providing an option to uninstall older patches.
  • Restricting applications from having a start menu icon.
  • Restricting the application from having a taskbar icon.
  • Restricting applications from having a desktop shortcut.
  • Disabling automatic updates.

These options facilitate the deployment of third-party patches in Microsoft System Center Configuration Manager (SCCM) and Intune, help with adhering to your organization's policies.


However, the good things about Customized Deployment don't end there. You can also execute your own pre/post-deployment scripts to personalize your deployment template. This will provide complete control over the third-party patch deployment in Microsoft SCCM and Intune.

Custom pre/post scripts

With Customized Deployment,you can:

  • Execute custom pre/post deployment scripts
  • Avoid interfering with users during patch deployment.
  • Adhere to company policies while patching endpoints.
  • Save your disk space by uninstalling old updates.
  • Get rid of unnecessary application icons.


1) I don't want patch management to disrupt users while they're working. What can I do?

Solution: You can choose to skip the deployment process for particular business-critical applications if they're currently in use. Just select the Skip the deployment process if the application is running template.

2) I feel like the Deployment Templates doesn't list the action I want to perform before the deployment. What can I do?

Solution: You can create a custom script and upload it in the Customized Deployment tab to execute it before or after the deployment using pre/post scripts respectively.

3) When I update applications like Java and Skype, earlier versions are left behind, consuming a lot of my disk space. What can I do?

Solution: You can uninstall the older patches by selecting Uninstall recent old updates before deploying the new ones in the Customized Deployment window before deployment.