Creating a Software Deployment Policy

A Software Deployment Policy allows you to deploy software in bulk, silently, across your organization. This ensures that applications are installed or upgraded consistently on all targeted devices without user interruption.

• Go to Products → Patch Management → Policies → Create Policy.
• Select Software Deployment Policy.

• Policy Name: The identifier for this deployment (for example, Deploy Zoom App).
• Description (Optional): Add notes about what the policy does. For example: “Deploy Zoom Workplace Desktop App”
• Status: Can be set to Active (ready to run on schedule or on demand) or Inactive (saved but won’t execute until activated).

In the Device Targeting section, start by choosing the operating system, then define which devices the software will be deployed to.

• OS (Mandatory): You must select the operating system for the deployment.
  - If you select Windows, only Windows devices will be included in scope, and the installation script must be written in PowerShell.
  - If you select Linux, only Linux devices will be included in scope, and the installation script must be written in Bash.

• Asset Groups: Select one or more asset groups (for example, Pilot-Laptops or Finance-Dept).

• Servers: Target specific servers that require the software.

• Endpoints: Target endpoint devices such as desktops or laptops.

• ASR Score: Optionally filter devices based on their Asset Security Rating to prioritize systems with higher risk.

• Exclude Assets: Add individual devices that should not receive the deployment, even if they match the other targeting criteria.

You can review the final scope of the target devices by clicking Preview Impacted Assets before saving the policy.

• Package Name: Enter the exact name that will appear in system inventory after installation (case and punctuation must match).

• Package Version: Enter the exact version string expected after installation (for example, 5.8.0.112).

• Installation File: Upload the installer (MSI, EXE, PKG, DEB, or RPM). Filenames must not contain spaces (for example, ZoomInstallerFull.msi).

In the Scope section, provide a script that executes the installer silently. The script must:

• Install the required application.
• Reference the same filename as the installer you uploaded (the names must match).
• Use the correct silent installation switch for the file type (for example, /qn for MSI, /quiet or /silent for EXE).
• Return an exit code of 0 on success (non-zero exit codes indicate errors).

In the Schedule section, you define when and how often the policy will run:

• Select the Start Date and Time for the first run.

• Choose a Recurrence Pattern:

  • One-time (Does not repeat)

  • Daily

  • Weekly (on one or more days of the week)

  • Monthly (for example, first Friday of every month)
    

  • Annually (for example, run on 1st Aug every year)

  • Custom recurrence (for example, every 2 weeks on Wednesday)

• Set End Date and Time to stop the policy after a certain period.

You can use Preview Schedule to review the upcoming run times before creating the policy.

Step 7: Save and Run

• Click Create Policy to create and save the policy configuration

Deploying new software should follow a phased approach:

• Test Group: A small IT/QA set for initial validation.

• Pilot Group: A limited percentage of endpoints (for example, 10%) to confirm silent install behavior.

• Production: The remaining devices, once the pilot group is confirmed stable.
  

This staged rollout minimizes risk and disruption if issues arise.