How can we integrate SCCM with Clearpass for Patch management and how does it work?
Navigate to Configuration->Posture->Posture Policies. Click on 'Add' at the top right corner. From the Posture Plugins tab, select Clearpass Windows Universal System Health Validator and click Configure
Depending on the client OS, select the appropriate tab and click on 'Patch Management'. Enable check for appropriate OS. From the drop down menu for "Select Patch Management product", select "System Center Configuration Manager" as shown in below screenshot.
OnGuard Agent does not communicate directly with SCCM Server. If a patch update is available, OnGuard Agent will send a command to SCCM Agent running on the client to install missing patch. SCCM Agent will go to local server for installing missing patch.
For detecting and missing patches, OnGuard Agent will trigger following actions of SCCM Agent:
Software Updates Scan Cycle - To detect missing patches during health collection phase
Software Update Deployment Evaluation Cycle - To download and install missing patches during auto-remediation phase.