Miradore can be configured to patch all software installed on a Windows device during the initial installation of the device.
The benefit of this is that the device will then be as thoroughly patched after the initial installation as possible in an automated way.
Notice, however, that there might still be some patches that don't support automatic downloading and must be applied manually after the initial installation.
Patch approvals and patch approval rules do not have any affect on patching during the initial installation. Miradore attempts to patch all discovered software up to their latest version.
1. Device needs to be inside the profile scope of the "Patch scan and install" scheduled job if you wish the device to get patched during initial installation. Check this from System settings > Clients > General > Built-in scheduled tasks > Windows > Patch scan and install.
2. Patching can be enabled by attaching the "Miradore Install Latest Patches" package to the initial installation profile(s) in the "Administration > Feature settings > Installation settings > Start & End packages view".
Do not check the reboot option, because if any of the patch installations requires a restart, the device will be rebooted automatically during the initial installation without asking. Enabling the reboot can cause the package distribution to fail.
Miradore tries to patch all installed software installed on the device that are supported by Miradore Patch Management. All software will be patched to their latest version. Patch approvals in your environment do not affect the patching during the initial installation.
In Miradore System settings > Main > Patch management > Patch installation settings there is this field Allow downloading patches from internet during initial installation which determines if the devices are allowed to download patch installation packages during the initial installation directly from the patch vendors through the internet if the patch media is not available on the installation points.
Patch installation media often becomes available to the installation points soon after the patch has been approved for some device in your environment.
If you set the "Allow downloading patches from internet during initial installation = No", Miradore only installs the applicable patches from the installation point to the device, but it doesn't attempt to download the other missing patches from the software vendors. In this case it is possible that part of the device's software will remain unpatched after the initial installation.
If you set the "Allow downloading patches from internet during initial installation = Yes", Miradore first installs the applicable patches from the installation point to the device, and then it downloads the rest of the missing patches from the software vendors over the internet, and installs them to the device. As a result, the device gets patched as thoroughly as possible during the initial installation. However, there can still be patches that don't support automatic downloading and must be installed manually.