Effectively, yes. Please note that your initial round of patching may be a little rougher vs. following months. This is typically due to unknown patch states across a given environment in conjunction with endpoints being in a pending restart state. I would recommend utilizing some content to understand what endpoints you have in pending restart state.
Please note that additional steps are required if patching Linux distributions. In some cases it’s necessary to setup the distribution specific Download Plugin and/or Download Whitelist. If you’re just patching Windows endpoints, then you should be good to go.
One last consideration, you may wish to have an external policy action from the Patch Policy that raises the CPU Utilization of the BESClient before the maintenance window. This will allow the BESClient to consume more CPU during the patch cycle. You’ll have to turn this back down at the end of the maintenance window, but it definitely helps with older hardware or slower VMs.