I am trying to generate a compliance report per month against all the servers in the environment based on MS Security updates released as per MS Security bulletin.
So far the way I have been trying to do is manually create a baseline with all the patches released per month and then using the Fixlet Compliance by Computer Group (v1.7) generate the report.
I have noticed in this that many computers come as non-compliant even if windows update shows 0 eligible patches.
I am trying to figure out if there is a more efficient and robust way of generating a report for all the servers in the environment for the MS patches released every month by Microsoft.
I know that in SCCM, we can use the database to create a query to select a list of MS patches and run it against the servers to give out the percentage of Compliance for each server.
Is there a way in BigFix that we can do the same without using custom content ? I might be shooting in the dark but just wondering if there is a more efficient way to find out compliance per month for reporting other than the Windows Patch Management dashboard.