R
Ruben Castello
It would be extremely valuable if ESPM could assess endpoint update health based on the operating system build/version.
For example, by analyzing the current OS build and comparing it against supported or expected patch levels, ESPM could provide a simple and actionable status such as:
  • Up to date
  • Outdated
  • Severely outdated / unsupported
For instance, ESPM could evaluate endpoints based on their OS build and patch level, such as:
  • Windows 10 22H2 (Build 19045.4529) → ✅ Up to date
  • Windows 10 22H2 (Build 19045.3803) → ⚠️ Outdated
  • Windows 10 21H2 (Build 19044.x) → ⚠️ Outdated
  • Windows 10 20H2 (Build 19042.x) → 🚨 Severely outdated / unsupported
  • Windows 11 23H2 (Build 22631.x) → ✅ Up to date
  • Windows 11 22H2 (Build 22621.x) → ⚠️ Outdated
  • Windows 11 older builds → 🚨 Severely outdated / unsupported
This would allow MSPs to quickly identify endpoints that are significantly behind on updates or running obsolete versions of Windows, without relying on external tools or additional licensing.
Even a lightweight implementation of this would deliver immediate value, helping to highlight basic security hygiene issues and drive remediation actions.