Published On: 19. December 2025Categories: Ivanti, Knowledge

3rd party patch management in Intune with Ivanti Neurons

For many administrators, “third-party patch management” primarily means distributing updates for applications to the managed end devices. Often, they lose sight of what is essential: the security relevance of missing updates and whether known vulnerabilities are already being actively exploited. Unfortunately, this critical information rarely plays a role in the decision-making process for prioritizing updates. But this is precisely where the greatest potential for defending against cyber threats lies.

The Ivanti Neurons platform helps companies successfully transition from reactive to proactive patch management. Based on software inventory data, Ivanti Neurons provides comprehensive details on identified vulnerabilities and their actual exploitation in the field.

Ivanti’s proprietary “Vulnerability Risk Rating (VRR)” goes far beyond the well-known Common Vulnerability Scoring System (CVSS) score. It expands the assessment to include crucial information such as:

  • Active exploitation: Are vulnerabilities already being actively exploited by attackers?
  • Manual pen tests: Insights from real penetration tests.
  • Additional online security databases: Inclusion of additional global threat data.

This provides a more realistic picture of the current threat situation, going far beyond a purely technical assessment. Based on this in-depth knowledge, security teams and administrators can make data-driven decisions and prioritize patches according to their urgency. This not only protects the company more effectively, but also optimizes the use of scarce resources.

 

Two ways to deploy patches with Ivanti Neurons

Ivanti Neurons offers two powerful approaches for the actual installation of updates:

  1. Neurons Patch for Intune: Updates are installed directly via Microsoft Intune. Ivanti Neurons automatically provides the updates and publishes them as preconfigured apps in Intune. This enables seamless integration into your existing Intune workflows and makes optimal use of your existing MDM infrastructure.
  2. Neurons for Patch Management: With this approach, updates are installed on end devices via a dedicated Neurons agent, regardless of the MDM solution used. This method not only enables the patching of third-party applications, but also the distribution of operating system updates via the same tool and process.

 

In-depth look: Neurons Patch for Intune

Neurons Patch for Intune first analyzes the software inventory provided by Intune. It automatically identifies which third-party applications can be updated with the solution. These applications can then be centrally managed and configured, with flexible options for each piece of software:

  • Automation vs. approval: Should new versions be published automatically or approved manually?
  • Version management: Should old versions be automatically cleaned up or archived?
  • Gradual distribution: Should new versions be assigned to all clients immediately or distributed in several stages, e.g., for test groups?

Once an application has been added to the management system, Patch for Intune regularly checks for new versions. Depending on the configuration, these are then either released automatically in Intune or await manual release by an administrator.

 

Konfigurationsmöglichkeiten beim Onboarding neuer Applikationen

Configuration options when onboarding new applications

A particular advantage is: Patch for Intune is able to recognize applications that have been installed “manually” and provide them with updates. It also enables the automatic provision of the “initial installation” of software, eliminating the often time-consuming manual packaging of installation files. This saves valuable time and significantly reduces sources of error.

 

In-depth look: Neurons for Patch Management

Neurons for Patch Management offers an alternative, agent-based patching solution that operates independently of your MDM solution and is particularly powerful:

  • Autonomous clients: End devices independently scan for security vulnerabilities and apply patches, reducing the load on the network.
  • Consolidated patching: Operating system updates and third-party updates can be distributed using a single tool and a single process.
  • Expanded product catalog: Compared to Patch for Intune, this solution offers an even more comprehensive catalog of supported applications.
  • On-demand features: Administrators can trigger immediate patch installations or security scans on individual devices as needed.
  • No overload of the Intune app overview: The list of apps in Intune is not flooded with numerous update packages, which keeps things clear and concise.
  • Cross-platform: macOS apps and certain Linux distributions can also be patched, supporting a heterogeneous device environment.

The approval process for updates in Neurons for Patch Management is highly configurable based on rules. For example, critical patches or updates above a certain VRR score can go through an accelerated process that controls distribution across multiple “rings” (test, pilot, production environment) to ensure compatibility with business-critical applications.

For non-business-critical and frequently released applications (such as Google Chrome or Mozilla Firefox), a separate, fully automated distribution process can be set up that immediately releases new updates. This significantly minimizes the administrative effort required for routine updates.

Einstellungsmöglichkeiten für die Freigabeprozesse basierend auf Produkt und Kritikalität

Settings for approval processes based on product and criticality


Conclusion: Invest in intelligent security

Managing third-party patches is much more than just distributing updates. It is a critical pillar of your cybersecurity strategy. Manual processes and focusing solely on the CVSS score are no longer sufficient in today’s threat landscape.

The Ivanti Neurons platform offers two flexible and powerful options to take your patch management to the next level: Neurons Patch for Intune and Neurons for Patch Management. Not only do they enable automated deployment of updates, but more importantly, they provide the critical information needed for risk-based prioritization of vulnerabilities.

By closing the gap in third-party patch management and intelligently extending Intune, you can protect your business more effectively against cyberattacks, optimize your IT processes, and ensure compliance. Invest in proactive security and turn reactive patch processing into a strategic strength.

 

We’ll show you how to efficiently implement third-party patching with Intune. Take advantage of our free consultation service and let us analyze your IT environment together.

 

 

 

Never miss news again?

SUBSCRIBE TO OUR NEWSLETTER