Windows Patching Compliance Report

Hi Guys,

I am trying to generate a compliance report per month against all the servers in the environment based on MS Security updates released as per MS Security bulletin.

So far the way I have been trying to do is manually create a baseline with all the patches released per month and then using the Fixlet Compliance by Computer Group (v1.7) generate the report.

I have noticed in this that many computers come as non-compliant even if windows update shows 0 eligible patches.

I am trying to figure out if there is a more efficient and robust way of generating a report for all the servers in the environment for the MS patches released every month by Microsoft.

I know that in SCCM, we can use the database to create a query to select a list of MS patches and run it against the servers to give out the percentage of Compliance for each server.

Is there a way in BigFix that we can do the same without using custom content ? I might be shooting in the dark but just wondering if there is a more efficient way to find out compliance per month for reporting other than the Windows Patch Management dashboard.


One way you might approach this using the native Web Reports functions is with the following steps:

  1. Browse to Explore Data → Computers
  2. Add some filters, such as the following (naturally these should match your desired conditions):

Then click ‘Edit Columns’ under Computers and in the ‘Expand’ section, ensure that ‘Relevant Fixlets’ is checked

This should return the raw data associated with such a compliance report showing any applicable Fixlet released in a given month for any Server.