Showing results for 
Search instead for 
Did you mean: 

SCCM - Automatic update & Remediation

Occasional Contributor

SCCM - Automatic update & Remediation


i've an 2x IC4500 & also SCCM agents installed into my corporate machines for patch management

i've heared that by version 4.1, we can integrate both for Patch Update & Remediation

my Q; is there any document describing the process & is there any licnese required to do that?


Super Contributor

Re: SCCM - Automatic update & Remediation

Hi ,

patch management and patch remediation is integrated by default in IC from 4.1, page mamangement is to update the list of updated patches available from juniper patch managment server :

When we enable a host checker policy in IC for a updated patch check for a specific product in the enpoints, this policy will check for the updated patch and if the endpoint doesnot have the patch remediation come in to picture where SMS/SCCM Patch Deployment or Shavlik Patch Deployment can be used. you can Select a patch deployment method for Junos Pulse. For other clients, only SMS/SCCM patch deployment is supported.

Patch management and patch remediation comes with IC hostchecker feature which is available with the simulatenous end points license. There is no specific license for patch managment and patch remediation.

Patch management and patch remediation configurations steps are documented and availble in IN 4.1 admin guide.

please refer page 412/413:

Please revert for ay clarifications

Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Occasional Contributor

Re: SCCM - Automatic update & Remediation


Occasional Contributor

Re: SCCM - Automatic update & Remediation

I'm currently trying to research Patch Remediation for our environment.

All the info here is old and goes back to the Juniper web site(s).

Are there any good current documents about setting up Patch Remediation and how to set up the VPN device as well as any network configurations?

I'm a little confused how the patch remediation happens if they're not connected to my enterprise environment.