Skip to Content
PlatformFAQ

Frequently Asked Questions

Setup & Access

What licenses do I need?

You need Microsoft 365 E5 or Microsoft Defender for Endpoint P2. These provide the vulnerability and device data that Patchly analyzes.

How long does setup take?

Initial setup takes about 30 minutes of your time (creating an app registration and granting permissions). Your Patchly contact handles the rest. You’ll typically have a working dashboard within one business day.

Who can access the Patchly dashboard?

Access is controlled through Microsoft Entra ID. Your Patchly contact will set up access for authorized users in your organization.

Do I need to install anything?

No. Patchly connects to your Microsoft environment via cloud APIs. There are no agents, plugins, or network changes required.

Data & Privacy

What data does Patchly access?

Patchly accesses vulnerability findings, device inventory, software inventory, security alerts, user directory information, and sign-in activity. All access is read-only. See Data Security for the full list.

Does Patchly read our emails or files?

No. Patchly does not access email content, file contents, chat messages, or personal documents.

Where is our data stored?

All data is stored in Azure Blob Storage in the East US 2 region, encrypted at rest with AES-256.

How long is our data retained?

Vulnerability, device, and user data is retained for 90 days and then automatically deleted. If you need data deleted sooner, contact your Patchly representative.

Can we get our data deleted?

Yes. Contact your Patchly representative and all data associated with your tenant will be permanently deleted.

Dashboard & Usage

How often is data updated?

Patchly syncs data nightly (02:00 UTC). Your dashboard typically reflects the previous day’s state. See Data Freshness for details.

What is an EPSS score?

The Exploit Prediction Scoring System (EPSS) estimates the probability that a vulnerability will be exploited in the wild in the next 30 days. A score of 0.5 means a 50% chance of exploitation. EPSS is published by the Forum of Incident Response and Security Teams (FIRST).

What is the KEV catalog?

CISA’s Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities that are confirmed to be actively exploited. If a finding is in the KEV catalog, it should be prioritized for remediation.

What is a criticality score?

Patchly assigns a 0-100 criticality score to each device and user based on business importance. Higher scores indicate assets that would have greater impact if compromised. Scores consider factors like admin roles, the number of users depending on a device, and software exposure.

Can I export data?

Yes. The dashboard supports CSV and Excel exports. You can apply filters first to export specific subsets of your data.

Troubleshooting

The dashboard shows no data

This usually means the initial sync hasn’t completed yet. If it’s been more than 24 hours since setup, contact your Patchly representative.

Data seems outdated

Check the freshness indicator in the dashboard header. If data is more than 48 hours old, the nightly sync may have encountered an issue. Contact support@patchly.ai.

I can’t sign in

Patchly uses Microsoft Entra ID for authentication. Verify that your account has been granted access by your Patchly administrator. If you’re still having issues, contact support@patchly.ai.

Last updated on
Data FreshnessInternal Docs